Home · Legal documents · Im.Age Djigbachats privacy policy
Privacy policy — Im.Age Djigbachats
The essentials. Im.Age Djigbachats is a WhatsApp campaign and customer-messaging extension for Im.Age Commerce. It allows verified businesses to connect their own Meta WhatsApp Business number, create approved message templates, and send transactional or loyalty messages to their own clients from Im.Age tools. Businesses remain responsible for the client data they choose to upload or message. Perspective GAIA SARL is the controller for app-account, security, and service-operation data, and acts as the tool provider for message-processing data handled on behalf of the business.
1. Who we are
Perspective GAIA SARL — Ouagadougou, Sector 44, Zone 1, Burkina Faso — RCCM BF OUA 01-2022-B12-14160. For any privacy question, write to [email protected].
2. Scope of this policy
This policy applies to the Im.Age Djigbachats application, its integration with Im.Age Commerce / Studio, and the server components used to:
- connect a business-owned WhatsApp Business API number;
- create, store, and sync approved WhatsApp templates;
- send customer messages such as loyalty codes, sales tickets, payment confirmations, reminders, and support follow-ups;
- receive webhook events, delivery statuses, and customer replies.
3. Data we process
3.1 Business user and admin data
- Business contact details, account identifiers, install identifiers, and support contact information.
- WhatsApp Business integration data such as business account ID, phone number ID, encrypted access tokens, template names, and template content approved for use.
- Operational logs related to onboarding, template publishing, sends, failures, and security checks.
3.2 Recipient and customer data processed on behalf of the business
- Recipient phone numbers and, when provided by the business, recipient names or identifiers.
- Message variables and content chosen by the business, including loyalty codes, ticket numbers, sales summaries, payment references, and reminder text.
- Delivery, read, failure, and reply metadata returned by Meta WhatsApp Business webhook events.
- Opt-out or support keywords sent by recipients in response to business messages.
3.3 Technical and security data
- Timestamps, IP addresses, API error traces, webhook payload metadata, and anti-abuse signals.
- App version, operating system, and machine or install identifiers when needed for security or support.
4. Purposes and legal bases
- Business onboarding and account linking — performance of contract.
- Template creation, storage, and publishing — performance of contract.
- Transactional customer messaging — performance of contract between Perspective GAIA SARL and the business user; the business user remains responsible for its own lawful basis toward its recipients.
- Delivery tracking, audit logs, and webhook processing — legitimate interest in operating and securing the service.
- Fraud, abuse, and unauthorized-access prevention — legitimate interest.
- Support and diagnostics — legitimate interest and, where relevant, performance of contract.
5. Roles and responsibilities
Businesses using Im.Age Djigbachats are responsible for the customer contact data they upload, the message content they send, and compliance with any notice, consent, or opt-out rules that apply to their recipients. Perspective GAIA SARL does not buy or sell recipient lists and does not reuse business customer data for advertising.
If you receive a message from a business through Im.Age Djigbachats and want to exercise a right related to that message, please contact the business that contacted you first. If your request concerns our own service logs or security records, you may also write to [email protected].
6. Processors and recipients
- Meta Platforms Ireland — WhatsApp Business onboarding, template publication, message transport, webhook delivery, and related infrastructure.
- Contabo GmbH (Germany) — hosting of the license, integration, and webhook-processing servers.
- Perspective GAIA SARL staff and contractors — limited access for support, security, and maintenance on a need-to-know basis.
No personal data is sold or shared with advertising brokers.
7. International transfers
Our primary servers are hosted in Germany. Meta WhatsApp Business may process data across multiple jurisdictions according to its own contractual and compliance framework. Where international transfers occur, we rely on the contractual safeguards and security commitments offered by the relevant provider.
8. Retention
- Business account and integration metadata: while the account remains active, then up to 12 months for security and audit purposes.
- Encrypted access tokens: until the business disconnects the integration or rotates the token, plus limited retention in audit logs where strictly necessary.
- Template definitions and publication logs: while active, then up to 12 months for dispute resolution and security.
- Message and webhook logs: up to 12 months by default unless a shorter operational retention is configured later.
- OTP and verification codes: a maximum of 5 minutes server-side, then deleted or rendered unusable.
- Security and audit logs: up to 12 months.
9. Your rights
Business users may request access, correction, deletion, restriction, or objection by writing to [email protected]. End recipients may contact the sending business first, and may also use the dedicated Djigbachats data deletion request page where applicable.
10. Security
Network communications use TLS. Access tokens are stored encrypted at rest. Admin routes are protected by server-side secrets. Webhook verification uses Meta verification tokens and signature checks where configured. Access to support and operational logs is restricted to authorized personnel.
11. Changes
Any material change to this policy will be announced inside the relevant application surfaces and published on this page with a new version date. The current English version is always available at imagecommerce.net/en/legal/privacy-djigbachats.html.
12. Contact
[email protected]. Related documents: terms of service and data deletion request.