This Privacy Policy describes how Manryo ("we", "us", "our") collects, uses, and discloses information when you use the Manryo WhatsApp Business Platform (the "Service"). By using the Service, you agree to the practices described in this policy.
1. Information we collect
a. Account information
When you register for Manryo, we collect:
Workspace name, slug, email, and password (bcrypt-hashed)
Billing information you provide (handled by our payment processor; we never see your card number)
Workspace usage and audit logs (timestamps, IP, user agent)
b. WhatsApp Business Account data
When you connect your WhatsApp Business Account (WABA) via Meta Embedded Signup, we store:
Your WABA ID, phone number IDs, and display numbers
Encrypted access tokens (AES-256-GCM at rest, key in environment)
Your business name, timezone, currency, quality rating
c. Message data
To deliver the Service, we process WhatsApp messages and store them encrypted in our database:
Message content (text, media URLs, templates) sent and received through your WABA
Webhook payloads from Meta (delivery status, opt-ins, quality scores)
Contact information (phone numbers, profile names) of people you message
Billing events (cost per delivered message, conversation categories)
d. Technical data
We automatically collect server logs, IP addresses, browser type, and request metadata for security and operations. We do not use third-party analytics, advertising trackers, or session replay tools.
2. How we use information
To operate the Service: route messages, deliver webhooks, bill per-message costs
To enforce quality: rate limiting, fraud detection, abuse prevention
To communicate: service announcements, security alerts, billing receipts (no marketing emails unless you opt in)
To improve: aggregate, de-identified analytics (we never sell or share your data)
To comply with law: respond to legal requests, enforce our Terms
3. Data sharing
We do not sell, rent, or trade your data. Limited sharing happens only with:
Meta Platforms, Inc. — we call the WhatsApp Cloud API on your behalf to send/receive messages and receive webhooks. Meta's own WhatsApp Business Policy applies to your WABA.
Infrastructure providers — our hosting (Hetzner / Coolify), database (PostgreSQL), and queue (Redis). These providers are bound by data processing agreements.
Payment processor — for billing. We do not see or store your card.
Law enforcement — only when compelled by a valid legal order.
4. Data retention
Message content: kept for 30 days by default, then deleted. You can request earlier deletion from your dashboard.
Webhook events: kept for 7 days for debugging, then deleted.
Billing events: kept for 7 years for tax/audit compliance.
Encrypted WABA tokens: kept as long as you have an active workspace; deleted within 30 days of account closure.
5. Your rights (GDPR / KVKK / CCPA)
You can at any time:
Access a copy of your data (GET /api/tenants/me + dashboard export)
Correct inaccurate data
Delete your data (write to privacy@manryo.com or use the in-product deauthorize flow)
Export your data (JSON download from dashboard)
Object to processing or withdraw consent
To exercise any right, email privacy@manryo.com from your workspace owner email. We respond within 30 days.
6. Data location and international transfers
Data is stored in our PostgreSQL database hosted in your selected region (default: EU). When you call Meta's WhatsApp API, Meta processes data in their own infrastructure under their Privacy Policy. We use Standard Contractual Clauses for any transfer outside the EEA.
Manryo is a B2B platform for adults. We do not knowingly collect data from anyone under 18. If you are a parent and believe your child has signed up, contact privacy@manryo.com.
9. Changes to this policy
We may update this Privacy Policy. We will notify active customers at least 30 days before changes take effect via email and in-product banner. The "Last updated" date at the top reflects the current version.