MG NotifyWebhook → WhatsApp
Back to home

Privacy

Privacy Policy

Last updated: April 24, 2026

This Privacy Policy describes how MG Notify (“we”, “our”, or the “Service”) collects, uses, and safeguards information when you use our webhook-to-WhatsApp automation platform. By using the Service you agree to the practices described here.

1. Information we collect

We collect only the information required to operate the Service:

  • Account information: name and email address, provided through Clerk authentication.
  • WhatsApp credentials: Meta Phone Number ID, Business Account ID, and access token. Access tokens are encrypted with AES-256-GCM before being written to storage.
  • Webhook payloads: the JSON bodies you send to your unique webhook URL. These are retained only as long as needed to deliver and debug messages (7 days on Free, 30 days on Growth).
  • Delivery metadata: timestamps, template IDs, recipient phone numbers, provider message IDs, and delivery status events returned by Meta.
  • Operational telemetry: anonymized performance metrics (Vercel Analytics / Speed Insights) and application error logs.

2. How we use information

We use the information we collect to:

  • Authenticate you and protect your account.
  • Deliver WhatsApp messages via your own Meta Cloud API account.
  • Provide delivery logs, retries, analytics, and customer support.
  • Detect and prevent abuse, fraud, and security incidents.
  • Comply with legal obligations.

We never sell your personal information, and we do not share your data with third parties for their own marketing.

3. Data security

WhatsApp access tokens are encrypted at rest using authenticated AES-256-GCM with a key stored as an environment secret and rotated as needed. All traffic is served over TLS. Production infrastructure is provided by Vercel and Neon, both of which maintain SOC 2 controls. Access to production data is limited to the minimum set of engineers required to operate the Service.

4. Data retention

  • Raw webhook payloads and delivery logs: 7 days (Free) or 30 days (Growth).
  • Aggregate delivery metrics: retained for as long as your account is active.
  • Account records: retained until you delete your account. You may request deletion at any time by contacting us.

5. Subprocessors

We rely on the following subprocessors to operate the Service:

  • Meta Platforms (WhatsApp Cloud API) — message delivery.
  • Clerk — authentication and session management.
  • Vercel — application hosting, analytics, and edge infrastructure.
  • Neon — managed Postgres database.
  • Inngest — background job and retry orchestration.
  • Dodo Payments — subscription billing.

6. Your rights

Subject to applicable law (including the GDPR and India's DPDP Act), you have the right to access, correct, export, or delete your personal information. You may also withdraw consent or object to certain processing. To exercise any of these rights, email support@mgnotify.app.

7. Children

The Service is not directed to individuals under the age of 18, and we do not knowingly collect personal information from children.

8. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced on the Service or by email. The “Last updated” date above reflects the most recent revision.

9. Contact

Questions about this policy? Email support@mgnotify.app.