Privacy Policy.

This Privacy Policy explains how Wevlix("we", "us", "our") collects, uses, retains, and protects information when you use our WhatsApp OTP and verification services (the "Service"). It applies to wevlix.com, our dashboard, our API, and any related products operated by Wevlix.

By using the Service, you agree to the practices described here. If you do not agree, please do not use the Service.

We may update this policy from time to time; the "Last updated" date at the top of this page reflects the most recent revision.

We collect three categories of information:

Account information

When you create an account, we collect:

• Your name
• Your email address
• Your company name (optional)
• Your phone number
• Your password (stored as a one-way hash, never in plain text)

Usage information

As you use the Service, we automatically generate:

• API request logs (endpoint, timestamp, status code, response time)
• OTP delivery records (recipient phone number, delivery status, destination country)
• Dashboard activity (logins, settings changes, project events)
• Technical data (IP address, browser type, device type)

Payment information

When you top up your wallet, we collect:

• Your billing address
• The last four digits and brand of your payment method

We do not store full payment card numbers. Card data is processed and stored by our PCI-compliant payment processor (Stripe).

What we do NOT store

• Plain-text OTP codes: codes are hashed before storage and deleted after verification
• Full payment card numbers, CVVs, or PINs
• WhatsApp message content beyond what is necessary for delivery and audit

We use the information we collect to:

• Provide the Service: deliver OTPs, manage your account, process payments, and surface dashboard analytics
• Maintain security: detect fraud, prevent OTP-pumping abuse, enforce rate limits, and protect against unauthorized access
• Communicate with you: send account notifications, security alerts, billing receipts, and important service updates
• Improve the Service: analyze aggregate usage patterns to fix bugs and ship better features
• Comply with legal obligations: respond to lawful requests and maintain records for tax and audit requirements

We do not sell your personal information. We do not use your information for advertising or share it with advertisers.

To operate Wevlix, we share necessary information with the following sub-processors, each bound by a data processing agreement:

• Meta WhatsApp Business Cloud API: to deliver OTP messages to your recipients
• Stripe: to process payments and manage wallet top-ups
• Cloudflare: CDN, DDoS protection, and edge security
• Hosting providers: to run our servers in US and EU regions

Each sub-processor may only use your information for the purposes we specify in our agreement with them.

We retain different categories of data for different periods:

• Account data: retained while your account is active, plus 30 days after deletion
• OTP delivery logs: retained for 90 days, then anonymized for aggregate reporting
• OTP codes: hashed before storage and deleted immediately after verification or expiration (typically 5–10 minutes)
• Billing records: retained for 7 years to meet tax and audit requirements
• Server access logs: retained for 30 days

You may request earlier deletion subject to legal and contractual obligations; see Your rights below.

We take security seriously and implement industry-standard measures:

• Encryption in transit: TLS 1.3 for all API calls and dashboard access
• Encryption at rest: AES-256 for all stored data
• Hashed OTP codes: codes are hashed before storage, so even we cannot read the original
• Access controls: role-based access to internal systems with audit logs
• Vulnerability monitoring: regular security reviews and dependency scanning
• Incident response: documented breach notification process

No system is perfectly secure. If we discover a breach affecting your data, we will notify you within 72 hours of discovery.

Depending on your jurisdiction, you may have the right to:

• Access: request a copy of the information we hold about you
• Rectification: correct inaccurate information
• Deletion: request that we delete your data, subject to legal retention requirements
• Portability: receive your data in a machine-readable format
• Objection: object to certain processing activities
• Restriction: request that we limit how we process your data
• Withdraw consent: where processing is based on your consent

To exercise any of these rights, email [email protected] or message us on WhatsApp. We respond within 30 days.

Wevlix operates globally. Your data may be transferred to and processed in countries outside your country of residence, including the United States and European Union.

When data is transferred outside the European Economic Area (EEA), we use Standard Contractual Clauses or other lawful transfer mechanisms to ensure equivalent protection.

We may update this Privacy Policy from time to time. When we do:

• We will update the "Last updated" date at the top of this page
• We will notify account holders by email of material changes
• For significant changes, we will provide a 30-day notice period before they take effect

Continued use of the Service after changes take effect means you accept the updated policy.

For privacy questions, requests, or concerns, reach us at:

• Email: [email protected]
• WhatsApp: Message us

We aim to respond within 5 business days.