Wontonee Logo ← Back

Privacy Policy

WhatsApp Communication Product & Social Media Automation Product

Effective Date: 31 March 2026  ·  Last Updated: 15 April 2026

Published by: Wontonee DigitalCraft LLP

This Privacy Policy describes how Wontonee DigitalCraft LLP (“Wontonee”, “we”, “us”, “our”) collects, uses, stores, and shares information when you use our WhatsApp Communication Product and Social Media Automation Product (“Services”).

This policy is publicly accessible and is submitted to Meta Platforms, Inc., Google LLC, YouTube LLC, Pinterest, Inc., and LinkedIn Corporation as part of platform API and OAuth application review. It is not restricted behind any login wall.

Pinterest Disclaimer: Wontonee is an independent service and is not endorsed by, affiliated with, or sponsored by Pinterest, Inc. The Pinterest name, logo, and related marks are trademarks of Pinterest, Inc. Our use of the Pinterest API is governed by the Pinterest API Terms of Service.

LinkedIn Disclaimer: Wontonee is an independent service and is not endorsed by, affiliated with, or sponsored by LinkedIn Corporation or LinkedIn Ireland Unlimited Company. The LinkedIn name, logo, and related marks are trademarks of LinkedIn Corporation. Our use of the LinkedIn API is governed by the LinkedIn API Terms of Use.

By registering for or using the Services, you acknowledge that you have read and understood this Privacy Policy.

1. Who We Are

Wontonee DigitalCraft LLP

410 C, Jaina Tower, District Centre, Janak Puri, New Delhi – 110058, India

Email: saju@wontonee.com

Website: https://myapps.wontonee.com

Wontonee DigitalCraft LLP is the data controller responsible for your personal information processed through the Services.

2. Information We Collect

2.1 Account Registration Data

When you register for an account, we collect:

  • Full name
  • Email address
  • Phone number
  • Country, state, and city
  • Password (stored as a one-way cryptographic hash — never in plain text)

2.2 WhatsApp Communication Product Data

When you use the WhatsApp product, we collect and process:

  • Your WhatsApp Business Account (WABA) number and associated business name
  • Recipient phone numbers in your contact lists and campaigns
  • Message templates you create (text content, template names, variables)
  • Campaign content — message text and media files you upload for distribution
  • Credit balance and transaction records — how many credits you hold and how they are consumed
  • Delivery status and analytics — sent, delivered, read, and failed message counts

2.3 Social Media Automation Product Data

When you use the Social Media product, we collect and process:

  • OAuth access tokens obtained from Meta (Facebook, Instagram), Google (YouTube, Google Business Profile), and Pinterest on your behalf — stored encrypted in our database
  • Facebook Page IDs, names, and profile pictures of Pages you connect
  • Instagram Business Account IDs and profile information of accounts linked to your Facebook Pages
  • YouTube Channel ID and channel name of channels you connect
  • Google Business Profile account name and verified location names of business locations you connect
  • Pinterest OAuth access token — the access credential obtained when you connect your Pinterest account, stored encrypted to enable on-demand and scheduled Pin publishing on your behalf. Board names and profile information are retrieved live from the Pinterest API when needed and are not stored persistently in our database
  • LinkedIn OAuth access token and Member Token — obtained when you connect your LinkedIn account via OAuth 2.0 (3-legged OAuth), stored encrypted in our database to enable posting to LinkedIn on your behalf. Basic profile data (name, profile picture) is accessed with your consent and may be stored to display your connected account within the dashboard. LinkedIn member-sourced data (posts, feeds, member network data) is not stored.
  • Post content — captions, text, hashtags, and images or videos you upload for publishing
  • Scheduled post data — the platforms selected, scheduled date/time, and publish status
  • Post performance data — basic engagement data retrieved from platform APIs (likes, views, reach where available)

2.4 Usage and Log Data

  • IP address at login and registration
  • Browser user agent and device type
  • Activity logs (login events, actions taken within the platform)
  • Error and diagnostic logs

2.5 Payment Data

Payments are processed by third-party payment gateways (Razorpay, Stripe, PhonePe). We do not store full card numbers, UPI credentials, or banking details. We retain only transaction reference IDs, amounts, and payment status for billing records.

3. How We Use Your Information

We use the information we collect to:

  • Deliver the Services — authenticate your account, enable API connections, dispatch WhatsApp campaigns, publish and schedule social media posts
  • Process WhatsApp messages — transmit your templates and campaign messages to recipients via the Meta WhatsApp Cloud API on your behalf
  • Publish social media content — post content to your connected Facebook, Instagram, YouTube, Google Business Profile, Pinterest, and LinkedIn accounts via their respective APIs. LinkedIn posts are only published upon your explicit, individual instruction — we do not automate posting to LinkedIn without your direct per-post approval.
  • Manage your account — billing, license management, credit balance tracking, support
  • Send service communications — account verification, billing receipts, system alerts, and policy change notices
  • Improve the platform — analyze usage patterns to fix bugs and improve features (using aggregated, non-identifiable data)
  • Comply with legal obligations — respond to lawful requests from government authorities or courts

We do not use your data for advertising. We do not sell your personal data or data obtained from third-party platform APIs to any third party.

4. Third-Party Platforms We Work With

4.1 Meta Platforms (WhatsApp, Facebook, Instagram)

To deliver the WhatsApp and Social Media products, we interact with Meta's APIs. Specifically:

  • WhatsApp Cloud API — your message templates and campaign content are transmitted to Meta's infrastructure for delivery to recipients
  • Meta Graph API — we use the following permissions (OAuth scopes) when you connect your Facebook and Instagram accounts:
    • pages_manage_posts — to create and publish posts on your behalf to your Facebook Pages
    • pages_read_engagement — to read engagement data on your Pages
    • pages_show_list — to list the Facebook Pages you manage
    • instagram_basic — to read basic information about your connected Instagram Business Account
    • instagram_content_publish — to publish posts to your Instagram Business Account

Data transmitted to Meta is subject to Meta's Privacy Policy and Data Processing Terms. We only send data you have explicitly provided for the stated purpose.

4.2 Google LLC (YouTube & Google Business Profile)

When you connect your YouTube channel or Google Business Profile to Wontonee's Social Media Automation service, we access the following data via Google APIs:

Service Data Accessed API Scope
YouTube Channel identity, channel name, and the ability to upload and manage video content on your behalf youtube.upload youtube
Google Business Profile Your business account name, verified location names, and the ability to create local posts on your behalf business.manage

Data Usage

We use this data solely to:

  • Display your connected YouTube channel and Google Business Profile locations within your Wontonee dashboard
  • Publish content (videos, posts, updates) to your YouTube channel or Google Business locations at your explicit instruction

We do not use your Google data for advertising, AI/ML model training, or any purpose unrelated to fulfilling your publishing requests.

Data Sharing

We do not sell, rent, or share your Google user data with third parties. Your data is not used for advertising targeting. It is shared only with our hosting infrastructure (AWS, India) for the sole purpose of operating the service.

Data Storage & Protection

  • OAuth access tokens and refresh tokens obtained from Google are encrypted at rest using AES-256 encryption
  • All data is transmitted over HTTPS/TLS
  • Tokens are stored only in our secured database and are never logged or exposed in API responses

Data Retention & Deletion (Google Data)

  • Your Google OAuth tokens and connected account data are retained for as long as your account is active or until you disconnect the integration
  • You can disconnect and delete your Google data at any time by going to Social Media Automation → Connect Accounts and clicking the disconnect (unlink) icon next to your connected account
  • Upon disconnection, your OAuth tokens are immediately deleted from our database
  • To request full deletion of all your data, email dev@wontonee.com — we will process the request within 7 business days

Your use of YouTube and Google Business Profile features within this platform is also subject to Google's Privacy Policy and YouTube's Terms of Service.

Google API Services — Limited Use Disclosure

Wontonee's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. In particular:

  • We only request Google user data that is necessary for the features described in this policy
  • We do not use Google user data for serving advertisements
  • We do not use Google user data for AI/ML model training
  • We do not allow humans to read your Google user data unless you have given us specific permission, it is necessary for security purposes, or we are required to do so by law
  • We do not sell Google user data or use it for purposes unrelated to the product features listed here
  • We do not transfer Google user data to third parties except as necessary to provide the service (AWS infrastructure) or as required by law

4.3 Pinterest, Inc.

Wontonee integrates with the Pinterest API to allow you to create and publish Pins to your Pinterest boards directly from the Social Media Automation product. Wontonee is an independent service and is not endorsed by, affiliated with, or in any way officially connected with Pinterest, Inc.

Data Accessed via the Pinterest API

When you connect your Pinterest account, we interact with the Pinterest API as follows:

Data How It Is Handled
Pinterest OAuth access token Stored encrypted in our database. This is the only Pinterest-related data we store persistently. It is required to make API calls on your behalf for scheduled and on-demand publishing.
Account username & profile info Retrieved live from the Pinterest API when you view your dashboard. Not stored in our database between sessions.
Board names & IDs Retrieved live from the Pinterest API when you create or schedule a Pin. Not stored persistently in our database — fetched fresh each time per Pinterest's data usage requirements.
Pin creation Your content (image, video, description, link) is submitted to Pinterest via the API at your explicit direction. Each Pin must be individually authorised by you.

Pinterest API Data Storage Policy: Per the Pinterest Developer Terms of Service, we do not permanently store any information accessed through the Pinterest API except the OAuth access token necessary to provide the service. All other Pinterest data is retrieved fresh from the API each time it is needed.

Data Usage

Pinterest-derived data is used solely to:

  • Display your connected Pinterest account within your Wontonee dashboard
  • Publish Pins to your Pinterest boards at your explicit instruction

We do not use Pinterest-derived data for advertising, analytics sold to third parties, AI/ML model training, or any purpose beyond fulfilling your publishing requests within this product.

Data Sharing & Redistribution

We do not sell, rent, redistribute, or share your Pinterest account data or any Pinterest-derived data with third parties. Pinterest content and metadata obtained via the Pinterest API is used only within Wontonee's platform to serve your account. It is not transferred to any data broker, advertiser, or third-party analytics provider.

No Data Combining

We do not combine data obtained from your Pinterest account with data from other users' Pinterest accounts, or with data from other platforms (Meta, Google, etc.). Pinterest data is used exclusively to provide the Pinterest publishing feature to you as the account holder.

Data Retention & Deletion (Pinterest Data)

  • Your Pinterest OAuth access token is retained only for as long as your account is active or until you disconnect the integration
  • To disconnect your Pinterest account, go to Social Media Automation → Connect Accounts and click the disconnect icon next to your Pinterest account
  • Upon disconnection, your Pinterest OAuth token and all Pinterest-derived data are immediately and permanently deleted from our database — no copies are retained
  • Deleting your Wontonee account also immediately deletes all Pinterest data
  • To request deletion by email, contact saju@wontonee.com with the subject line “Pinterest Data Deletion Request” and we will process it within 72 hours

Data Breach Notification

In the event of a confirmed data breach affecting Pinterest data, we will notify Pinterest directly within 2 business days of becoming aware of the breach, as required by the Pinterest Developer Terms of Service. We will simultaneously take steps to remedy the breach, investigate, and mitigate harm.

Pinterest — CCPA Obligations

With respect to any Pinterest data constituting “personal information” as defined by the California Consumer Privacy Act (CCPA):

  • We do not sell Pinterest personal information, as “sell” is defined under CCPA
  • We do not retain, use, or disclose Pinterest personal information for any purpose other than the specific purposes described in this Privacy Policy
  • We do not retain, use, or disclose Pinterest personal information outside the direct business relationship between you, Wontonee, and Pinterest
  • We certify that we understand and comply with these CCPA obligations as required by the Pinterest Developer Terms of Service §4.3(e)

Pinterest API — Compliance Notice

  • Wontonee's use of the Pinterest API complies with the Pinterest API Terms of Service, Pinterest Developer Guidelines, and Pinterest's Privacy Policy
  • Wontonee is not affiliated with, endorsed by, or sponsored by Pinterest, Inc. Pinterest and the Pinterest logo are registered trademarks of Pinterest, Inc.
  • We do not persistently store Pinterest API data other than the OAuth access token required to operate the service
  • We do not resell, redistribute, or share Pinterest content or Pinterest-derived data with any third party, including advertising services or data brokers
  • Pinterest data is not used for advertising targeting, AI/ML model training, or any purpose beyond providing the publishing features described in this policy
  • Pinterest data from your account is not combined with data from other users' accounts or other platforms

4.4 LinkedIn Corporation — Share on LinkedIn (UGC Posts API)

Wontonee integrates with the LinkedIn Share on LinkedIn product (also referred to as the Community Management / UGC Posts API) to allow you to publish posts to your LinkedIn profile directly from the Social Media Automation product. Specifically, we use LinkedIn's User Generated Content Posts API (POST https://api.linkedin.com/v2/ugcPosts) to create text, article, image, and video shares on your behalf. Wontonee is an independent service and is not endorsed by, affiliated with, or officially connected with LinkedIn Corporation or LinkedIn Ireland Unlimited Company. The LinkedIn name and logo are trademarks of LinkedIn Corporation.

Data Accessed via the LinkedIn API

Data OAuth Scope How It Is Handled
OAuth access token & Member Token openid Stored encrypted in our database. Required to authenticate and make API calls on your behalf. Expressly permitted for storage under LinkedIn API Terms §4.2.
Basic member profile (name, profile picture) profile Accessed with your consent (per LinkedIn API Terms §4.3). Stored only to display your connected account within your Wontonee dashboard. Refreshed only when you are actively using the application.
Primary email address email Accessed for account identification. Not stored separately from your Wontonee account data.
Ability to publish posts on your behalf w_member_social Used to submit posts (text, articles, images, videos) you create within Wontonee to LinkedIn via the UGC Posts API (Share on LinkedIn product). Each post requires your explicit, individual approval — no automated or bulk posting occurs without your per-post action.

LinkedIn Content Storage Policy: Per the LinkedIn API Terms of Use §4.1, we do not store any LinkedIn-sourced content (member posts, feeds, network data, or any LinkedIn Content) obtained through the API. Only OAuth tokens and Member Tokens (§4.2) and basic Profile Data obtained with your consent (§4.3) are retained.

Data Usage

LinkedIn-sourced data is used solely to:

  • Display your connected LinkedIn account within your Wontonee dashboard
  • Submit posts you create and individually approve to your LinkedIn profile via the LinkedIn API

We do not use LinkedIn data for advertising, AI/ML model training, employment eligibility assessments, credit scoring, surveillance, or any purpose unrelated to delivering the publishing feature to you.

No Automated Posting

The LinkedIn API Terms of Use prohibit using the LinkedIn API or LinkedIn Content to automate posting on LinkedIn (§3.1.26). Accordingly, every post published to LinkedIn via Wontonee requires your direct, individual action at the time of submission. Bulk scheduling that publishes without per-post confirmation is not supported for LinkedIn.

Minimum Necessary Data & No Data Combining

We request only the LinkedIn API permissions necessary to identify your account and publish on your behalf. We do not combine LinkedIn member data with data from other LinkedIn members, with non-official LinkedIn content, or with data from other platforms (Meta, Google, Pinterest, etc.), as required by LinkedIn API Terms §3.1.25.

Data Sharing & Redistribution

We do not sell, rent, distribute, sublicense, or share LinkedIn-sourced data or Content with any third party. LinkedIn data is not used for advertising targeting, aggregated member profiling, or resale, in compliance with LinkedIn API Terms §3.1.8 and §3.1.10.

Data Storage & Security

  • OAuth access tokens and Member Tokens are stored encrypted at rest using AES-256 encryption
  • All API communication is over HTTPS/TLS
  • Access to stored tokens is restricted to authorised personnel and the application runtime only
  • In the event of a security incident affecting LinkedIn data, we will report it to LinkedIn at security@linkedin.com within 24 hours of discovery, as required by LinkedIn API Terms §7.1(d)

Member Consent (LinkedIn Requirement)

Before connecting your LinkedIn account via OAuth, you will be shown a clear disclosure confirming: (a) what data will be accessed, (b) how that data will be used, (c) how to withdraw consent, and (d) how to request deletion. This satisfies LinkedIn API Terms §5.2 member consent requirements.

Data Retention & Deletion (LinkedIn Data)

  • Your LinkedIn OAuth token, Member Token, and any stored Profile Data are retained only while your account is active or until you disconnect the integration
  • To disconnect, go to Social Media Automation → Connect Accounts and click the disconnect icon next to your LinkedIn account
  • Upon disconnection, all LinkedIn tokens and stored Profile Data are immediately deleted from our database, per LinkedIn API Terms §4.4
  • Deleting your Wontonee account also immediately deletes all LinkedIn data
  • To request deletion by email, contact saju@wontonee.com with the subject “LinkedIn Data Deletion Request” — we will process within 72 hours
  • You may also independently revoke Wontonee's access from your LinkedIn Permitted Services page

Your use of LinkedIn features within this platform is also subject to the LinkedIn User Agreement and LinkedIn's Privacy Policy.

LinkedIn API — Compliance Notice

  • Wontonee's use of the LinkedIn API complies with the LinkedIn API Terms of Use (last revised December 13, 2022) and the LinkedIn Data Processing Agreement for Business Development
  • Wontonee is not affiliated with, endorsed by, or sponsored by LinkedIn Corporation. LinkedIn is a registered trademark of LinkedIn Corporation.
  • Only the OAuth Access Token and Member Token are stored persistently; all other LinkedIn Content is not stored per LinkedIn API Terms §4.1
  • We do not use LinkedIn data for advertising, AI/ML model training, employment decisions, credit scoring, or any discriminatory purpose
  • We do not automate posting to LinkedIn — each post requires explicit per-post user action
  • LinkedIn data is not combined with other users' LinkedIn data or with data from other platforms
  • Security incidents involving LinkedIn data are reported to LinkedIn (security@linkedin.com) within 24 hours

4.5 Payment Gateways

Payments are processed by Razorpay, Stripe, or PhonePe depending on your region. These services process your payment information under their own privacy policies. We do not receive or store full card or banking credentials.

5. Data Retention & Deletion

5.1 Active Accounts

We retain your account data and service data for as long as your account is active and you continue to use the Services.

5.2 Account Deletion — Immediate Erasure

When you delete your account, all of your personal data is permanently and immediately deleted from our systems. This includes:

  • Account profile data (name, email, phone, location)
  • All WhatsApp contacts, templates, campaigns, and message history
  • All social media connections, OAuth tokens, post content, and scheduled posts
  • Activity logs associated with your account
  • Credit balance records

We do not retain any personal data after account deletion. Payment transaction records may be retained only to the extent required by applicable financial or tax law, stripped of personal identifiers where possible.

6. How to Request Data Deletion

You may request deletion of your personal data at any time by either:

  1. Deleting your account directly from your account settings — this triggers immediate deletion of all data
  2. Disconnecting a specific integration — go to Social Media Automation → Connect Accounts and click the disconnect icon next to the relevant account. This immediately deletes all OAuth tokens and connected account data for that platform
  3. Emailing us at saju@wontonee.com with the subject line "Data Deletion Request" — we will process your request within 72 hours and confirm by reply
  4. For Google data specifically — email dev@wontonee.com with the subject line "Google Data Deletion Request" — we will process within 7 business days

For data processed via Meta's platforms (WhatsApp, Facebook, Instagram), you may also use Meta's own data deletion tools available in your Facebook and Instagram account settings.

For Google data, you may also independently revoke Wontonee's access from your Google Account Permissions page.

7. Your Rights

Depending on your location, you may have the following rights over your personal data:

7.1 Rights Under GDPR (EU / EEA Users)

  • Right of Access — request a copy of the personal data we hold about you
  • Right to Rectification — request correction of inaccurate or incomplete data
  • Right to Erasure — request deletion of your personal data (see Section 6)
  • Right to Restriction — request that we limit processing of your data in certain circumstances
  • Right to Data Portability — request your data in a structured, commonly used, machine-readable format
  • Right to Object — object to processing based on legitimate interests
  • Right to Withdraw Consent — withdraw consent at any time where processing is based on consent

7.2 Rights Under CCPA (California Users)

  • The right to know what personal information is collected, used, shared, or sold
  • The right to delete personal information
  • The right to opt out of the sale of personal information — we do not sell personal information
  • The right to non-discrimination for exercising your CCPA rights

To exercise any of these rights, contact us at saju@wontonee.com. We will respond within 30 days.

8. Security

We implement industry-standard security measures to protect your data, including:

  • Encryption in transit — all data transmitted between your browser and our servers is encrypted using HTTPS/TLS
  • Encrypted storage of OAuth tokens — access tokens from Meta and Google are encrypted before being stored in our database
  • Password hashing — passwords are hashed using bcrypt and never stored in plain text
  • Access controls — access to production systems is restricted to authorised personnel only
  • Activity logging — security-relevant events (logins, account changes) are logged for monitoring purposes

No system is completely secure. In the event of a data breach that affects your rights, we will notify you and the relevant authorities as required by applicable law.

9. OAuth Token Storage & Revocation

When you connect a social media account:

  • OAuth access tokens are stored encrypted in our database
  • Tokens are used exclusively to publish and schedule content on your behalf
  • You can disconnect any account at any time from your dashboard, which deletes the stored token immediately
  • You may also independently revoke our access from within Facebook, Instagram, or Google account settings — this will invalidate the token on the platform side

We do not retain OAuth tokens after disconnection or account deletion.

10. Cookies & Local Storage

We use session cookies and local storage for:

  • Maintaining your login session
  • CSRF protection (security tokens)
  • Storing your UI preferences (e.g., dark mode)

We do not use third-party advertising cookies or tracking pixels.

11. Children's Privacy

The Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us at saju@wontonee.com and we will delete it immediately.

12. International Data Transfers

Our servers are hosted on AWS (Amazon Web Services) in India. When you connect Meta or Google services, data may be transmitted to Meta's or Google's servers located outside India. Such transfers are governed by the privacy policies of those platforms and applicable data protection laws. By using the Services and connecting third-party accounts, you consent to this transfer.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the “Last Updated” date at the top of this document
  • Notify you by email or via in-app notification at least 7 days before changes take effect
  • Post the updated policy at: https://myapps.wontonee.com/privacy-policy

Your continued use of the Services after the effective date constitutes acceptance of the updated policy.

14. Contact Us

For any questions, concerns, or requests relating to this Privacy Policy or your personal data, contact our privacy team:

Wontonee DigitalCraft LLP

410 C, Jaina Tower, District Centre, Janak Puri, New Delhi – 110058, India

Email: saju@wontonee.com

Website: https://myapps.wontonee.com

We will respond to all privacy-related enquiries within 30 days. For data deletion requests, we respond within 72 hours.

© 2026 Wontonee DigitalCraft LLP. All rights reserved.