1. Who We Are
Zapelite is a B2B communication and workflow automation platform for WhatsApp Business API, developed and operated by Elitestack Technologies LLC, a company registered in the United Arab Emirates. Zapelite connects WhatsApp Business API, CRM systems, and internal business tools to help businesses manage customer interactions across industries including logistics, real estate, travel & hospitality, retail, automotive, food & beverage, healthcare, and education.
For the purposes of applicable data protection laws, Elitestack Technologies LLC acts as:
| Role | Context |
|---|---|
| Data Controller | For data we collect directly from you when you visit our website, create an account, or contact us for support. |
| Data Processor | For data processed on behalf of our business clients (merchants) when they use Zapelite to communicate with their customers via WhatsApp. |
Elitestack Technologies LLC, represented by Binshad (CEO). United Arab Emirates. Contact: privacy@zapelite.com
2. Scope of This Policy
This Privacy Policy applies to all personal data collected through:
The Zapelite website (zapelite.com), the Zapelite platform and dashboard, WhatsApp Business API integrations operated through our platform, our customer support channels, and any related services we provide.
This policy does not cover third-party websites or services linked from our platform. We recommend reviewing the privacy policies of any third-party services before providing them with personal data.
3. Personal Data We Collect
3.1 Data You Provide Directly
| Category | Data | Purpose |
|---|---|---|
| Account Registration | Name, email, phone number, company name | Account creation and management |
| Billing Information | Company name, billing address, tax ID | Subscription management and invoicing |
| Support Requests | Name, email, description of issue | Responding to inquiries and technical support |
| WhatsApp Config | Business phone, WABA ID, Meta ID | Connecting your account to our platform |
3.2 Data Collected Automatically
| Category | Data | Purpose |
|---|---|---|
| Usage Data | Pages visited, features used, actions | Service improvement and analytics |
| Device & Browser | IP address, browser type, OS, device | Security and platform optimization |
| Cookies | Session cookies, preference cookies | Maintaining session and preferences |
3.3 Data Processed on Behalf of Our Clients (Service Data)
When businesses use Zapelite to communicate with their customers via WhatsApp, we process the following data on their behalf as a Data Processor:
| Category | Data Included |
|---|---|
| Contact Information | End-user phone numbers and WhatsApp display names |
| Message Content | Text messages, media files (images, documents, audio, video) |
| Interaction Metadata | Message timestamps, delivery status, read receipts |
| Consent Records | Opt-in and opt-out logs maintained on behalf of the business |
4. How We Use Your Data
We process personal data only when we have a valid legal basis to do so.
| Purpose | Legal Basis |
|---|---|
| Platform Maintenance | Performance of contract |
| Subscription Payments | Performance of contract |
| Service Communications | Performance of contract |
| Platform Improvement | Legitimate interest |
| Security & Anti-Fraud | Legitimate interest |
| Legal Compliance | Legal obligation |
We do not use your personal data for automated decision-making or profiling that produces legal effects concerning you.
5. Payment Information
All credit and debit card details are processed directly by our third-party payment processor. Zapelite does not store, access, or retain full payment card numbers, CVV codes, or other sensitive cardholder data on our servers. We only receive transaction confirmation details necessary for billing and accounting purposes.
6. Data Sharing and Third Parties
We do not sell, rent, or trade your personal data. We may share your data only in limited circumstances:
| Recipient | Purpose |
|---|---|
| Meta / WhatsApp | Message delivery via Business Cloud API. Messages are purged per Meta policy. |
| Cloud Infrastructure | Secure hosting and storage on industry-leading cloud servers. |
| Payment Processor | Secure subscription billing. No card numbers shared with us. |
| Authorities | Only as required by law or court order. |
7. Google OAuth & API Integration
Where Zapelite integrates with Google services (such as Google Sheets), we request only the minimum permissions necessary. We adhere strictly to the Google API Services User Data Policy.
Specifically, we do not use Google API data for advertising, transfer it to third parties (unless for app functionality), train AI models with it, or allow human review without explicit consent.
8. AI Features and Data Processing
Zapelite may offer optional AI-powered features. If enabled, your data is processed only after explicit opt-in. We do not use your message content to train external AI models.
9. Data Retention
| Category | Retention Period |
|---|---|
| Account Data | Duration of account + 90 days |
| Message Content | Deleted upon account closure or request |
| Billing Records | Up to 5 years (UAE Law) |
| Server Logs | Up to 12 months |
10. Data Security
We implement industry-standard encryption (TLS/SSL), role-based access controls, and regular security assessments. While we take every precaution, no method of electronic storage is 100% secure.
11. International Data Transfers
Zapelite operates from the UAE. Your data may be processed in jurisdictions where our partners operate. We ensure appropriate safeguards, such as Standard Contractual Clauses, are in place.
12. Your Rights
Depending on your location (GDPR, CCPA, UAE PDPL), you have rights to access, rectification, erasure, and more.
Detailed Data Deletion
You can request full data removal via our dedicated portal.
Data Deletion Instructions14. Children's Privacy
Zapelite is a B2B platform not directed at individuals under 18. We do not knowingly collect data from children.
15. Do Not Track Signals
Our platform does not respond to "Do Not Track" browser signals at this time, as no universal standard currently exists.
16. Changes to This Policy
We may update this policy periodically. Significant changes will be notified via email or dashboard alert 30 days prior to taking effect.