Ink and Impact Company (“Ink and Impact”, “we”, “us”, or “our”) operates the website https://whatimpact.com.sa and provides a multi‑tenant WhatsApp Business API platform and related services (the “Service”). We are committed to protecting the privacy and security of personal data we process in connection with providing the Service.
This Privacy Policy explains how we collect, use, disclose, transfer and store personal data, the legal bases for processing, your rights, and how to contact us. By using our website or Service you acknowledge this Privacy Policy and consent to the processing described herein, subject to applicable law.
This Privacy Policy applies to personal data collected through our website, the Service, customer and tenant accounts, and communications with us.
For personal data you provide about your customers or end users via our Service, we typically act as a data processor on behalf of the customer (the “Customer”) who is the data controller. For personal data related to your account and communications with us, Ink and Impact is typically the controller. Specific roles and responsibilities are governed by the contract and any Data Processing Agreement (DPA) between Ink and Impact and the Customer.
Controller: Ink and Impact Company (registered in Saudi Arabia)
Address: Ahmad Ibn Mayser , Building No. 7818, District Qurtubah Dist, 13245 , Riyadh.
Commercial Registration No. 7051623812
Email : privacy@whatimpact.com.sa or contact@whatimpact.com.sa
Data Protection Officer : N/A
We collect personal data that is necessary to provide and improve our Service. Categories include:
a. Account and identity information: contact name, business name, email address, phone number, job title, username, password, company details, billing contact.
b. Authentication and KYC information: company registration documents, identity information (if required for onboarding or compliance), and other verification data.
c. Communication content and metadata: messages and message content, message templates, attachments, phone numbers, timestamps, message delivery status, and other meta information transmitted through the WhatsApp integration (these may include personal data of a Customer’s end users).
d. Billing and payment: payment method details (via third‑party payment providers), billing address, invoicing records.
e. Usage, technical and device data: IP addresses, browser and device characteristics, Internet service provider, pages visited, features used, logs, cookies and similar technologies, API call logs, performance metrics.
f. Support and correspondence: records of correspondence with our support team, recordings or transcripts of support calls (if any), feedback, and complaint information.
g. Sensitive personal data: We do not intentionally collect sensitive personal data (e.g., health, religious beliefs, political opinions, biometric data) unless expressly provided and with explicit consent or where required by law.
We collect personal data:
Directly from you when you create an account, contact us, or use the Service.
From Customers (when you are a tenant) and from end users via messaging interactions.
From third parties and service providers such as payment processors, analytics providers, cloud hosting providers, WhatsApp/Meta, and public sources.
We process personal data for the following purposes:
a. To provide and operate the Service (performance of contract).
b. To manage accounts, billing, and payments (performance of contract and legal obligations).
c. To communicate with you about your account, updates, security alerts and support (legitimate interest; contract performance).
d. To process messages and deliver content through WhatsApp and other integrations (on behalf of Customers acting as controllers).
e. To detect, prevent and investigate security incidents, fraud, abuse and violations of our terms (legitimate interest; legal obligations).
f. To comply with legal and regulatory obligations (legal obligation).
g. To improve, monitor and analyze Service usage and performance, and for product development (legitimate interest).
h. For marketing communications where permitted and with consent where required (consent or legitimate interest depending on jurisdiction).
i. To fulfil any other purposes disclosed at the point of collection or with your consent.
We may share personal data in the following circumstances:
With service providers and subprocessors who perform services on our behalf (cloud hosting, email, analytics, payment processing, customer support). All subprocessors are bound by contract to implement appropriate safeguards.
With WhatsApp/Meta and other platform providers as required to connect and operate the WhatsApp Business API.
With Customers: Message content and metadata are accessible to the Customer that controls the relevant tenant account.
With affiliates and business partners where necessary to deliver services.
In connection with a corporate transaction (merger, acquisition, sale), subject to confidentiality and data transfer safeguards.
To comply with legal obligations, court orders, or governmental requests; to protect rights, property or safety; or to detect and prevent fraud and abuse.
Personal data may be transferred to, and processed in, countries other than the country in which it was collected (including servers and subprocessors outside Saudi Arabia). When we transfer personal data internationally, we implement appropriate safeguards required under applicable law (e.g., contractual safeguards, standard contractual clauses, or other measures). If you require details on specific transfer mechanisms, contact us at privacy@whatimpact.com.sa.
We retain personal data only for as long as necessary for the purposes described, including to:
Provide the Service and maintain accounts (duration of the account and any applicable retention period thereafter),
Comply with legal and regulatory obligations,
Resolve disputes, enforce agreements, and prevent fraud.
Typical retention examples (subject to change and specific contracts):
Account and billing records: retained for the duration of the contract and thereafter for up to 5 years as required by applicable law.
Message content: retained according to Customer settings and contractual agreements. Customers control message retention settings for their tenant; if not specified, we may retain message content for up to 12 months for operational and backup purposes.
Logs and analytics: retained for operational and security purposes for up to 12 months unless otherwise required.
Upon account termination, we will delete or anonymize personal data within 60 days except where retention is necessary to comply with legal obligations, resolve disputes, or as otherwise permitted by law or contract.
Subject to verification and applicable law, you may have the right to:
Access personal data we hold about you.
Request correction or update of inaccurate personal data.
Request deletion or restriction of processing.
Object to processing based on legitimate interests.
Withdraw consent where processing is based on consent.
Request data portability to the extent technically feasible.
To exercise rights, contact us at privacy@whatimpact.com.sa. We will respond in accordance with applicable law. We may ask for identity verification before processing requests.
We use cookies and similar technologies to operate the website and Service, provide features, analyze usage and deliver relevant content. Categories include:
Strictly necessary cookies;
Performance and analytics cookies;
Functional cookies;
Targeting/advertising cookies (third parties).
You can manage cookie preferences through your browser settings and opt‑out tools for third‑party analytics and advertising.
We implement technical and organizational measures to protect personal data, including access controls, encryption in transit and at rest, monitoring, and security policies. However, no online transmission or storage is completely secure. If we become aware of a data breach that materially affects your rights, we will notify affected individuals and authorities as required by law.
Our Service is not directed to children under 18 and we do not knowingly collect personal data from minors. If we learn that we collected personal data from a child without parental consent, we will take steps to delete such data.
Our website and Service may contain links to third‑party websites, products or services. We are not responsible for the privacy practices of third parties. Review third‑party privacy policies before providing personal data.
We may update this Privacy Policy to reflect changes in practices or the law. Material changes will be posted with an updated “Effective Date” and, where appropriate, notice will be provided by email or on the website.
If you have a complaint about our processing of personal data, please contact us at privacy@whatimpact.com.sa and we will try to resolve it. You may also lodge a complaint with the competent data protection authority in Saudi Arabia or other relevant supervisory authority, subject to applicable law.
For questions, requests or to exercise your rights:
Email: privacy@whatimpact.com.sa
Address: Ahmad Ibn Mayser, Building No. 7818, District Qurtubah Dist,
13245 , Riyadh.
Phone : 00966505877644
If you are a Customer (tenant) using our platform to process personal data of your end users, Ink and Impact is generally the processor and you are the controller. We provide a DPA on request which sets out processing instructions, subprocessors, security measures, audit rights, international transfer mechanisms, and deletion/return procedures. Contact privacy@whatimpact.com.sa to request our DPA template.