Data Deletion Instructions
How to request deletion of your personal data — GDPR Art. 17, KVKK Art. 7, CCPA §1798.105.
1. Your right to deletion
You have the right to request that Manryo (operated by alihandemirdas) deletes all personal data we hold about you. This right applies regardless of whether you are:
- A business user with a Manryo account, or
- An end user / contact whose data was processed on behalf of one of our business customers (a "merchant").
This page explains exactly how to exercise that right, what will be deleted, and what (if anything) we are required to keep.
2. What data we hold about you
Depending on how you interact with Manryo, we may hold:
If you have a Manryo account (business user)
| Category | Examples | Retention |
|---|---|---|
| Account | Name, email, password hash, role | Until deletion + 30 days |
| Billing | Subscription tier, invoice history, payment processor customer ID (no full card data) | 7 years (tax law) |
| Usage | Login IP, user agent, audit log of API actions | 90 days |
If you are an end-user contact of a merchant
| Category | Examples | Retention |
|---|---|---|
| Identity | Phone number (from from_wa_id) | 30 days after last message |
| Conversation | Message text, media URLs, timestamps, delivery status | 30 days |
| Opt-in state | Opt-in method, timestamp, source | Until opt-out + 30 days (proof of consent) |
Manryo is the data processor; the merchant you interacted with is the data controller. We delete on the merchant's instruction and on your direct request.
3. How to request deletion
Option A — Email (recommended, all users)
Send an email to privacy@manryo.com with:
- Subject line:
Data deletion request - Your full name
- The email address associated with your Manryo account or the phone number whose data you want deleted
- The merchant name (if you are an end-user contact)
- A clear statement: "I request deletion of all my personal data under GDPR Art. 17 / KVKK Art. 7 / CCPA."
We will reply within 5 business days to confirm receipt and verify your identity (one-factor verification — we will not contact you via any channel other than the email you wrote from).
Option B — Meta / Facebook flow (end-users only)
If you interacted with a Manryo-powered business on WhatsApp, you can also use Meta's "Download or delete your information" tool:
- Open facebook.com/help/250563511970747
- Select the business and the data scope (WhatsApp messages and metadata)
- Choose Delete
Meta will notify us via our data-deletion callback endpoint, and we will process the request within 30 days.
Option C — From inside the Manryo dashboard (business users only)
- Sign in at app.manryo.com
- Go to Settings → Account → Delete account
- Confirm via email link
4. What we will delete
Within 30 calendar days of verified request, we will permanently delete:
- Your account record, password hash, session tokens, and API keys
- All message content (text, media, captions) you sent or received
- All contact records (name, phone, opt-in state, custom fields)
- All conversation, tier, and billing events associated with your data
- All log entries, audit entries, and cached metadata
- Anonymous, aggregated counters (e.g., "tenant X sent 1234 messages in June 2026") — no personal data
- Tax / invoice records for the legally required period (typically 7 years in the EU, 5 years in Turkey, 7 years in the US) — these contain only the merchant's billing contact, not yours as an end-user
- Backups: encrypted daily snapshots retained for 30 days, then overwritten. We will skip your record in the next backup cycle.
5. What happens to merchant-side data
If you request deletion as an end-user (contact of a merchant), the merchant will be notified that you withdrew consent and that your data is being purged. The merchant cannot read messages you have already deleted.
Manryo does not sell, rent, or share end-user data with third parties for advertising or any purpose other than operating the WhatsApp integration on the merchant's behalf.
6. Identity verification
To prevent unauthorized deletion requests, we require one of:
- Email from the address on file (Option A)
- Signed request via Meta (Option B — signature is verified automatically)
- Active session in the dashboard (Option C)
We will never ask for your password, payment card, or government ID to process a deletion request.
7. What you get back
After processing, we email you a confirmation containing:
- A unique confirmation code (format:
waba-delete-YYYYMMDD-XXXX) - A status URL you can poll:
https://api.manryo.com/privacy/status?code=... - The exact time and the categories of data deleted
8. If your request is denied
We may decline or partially decline a request only if a law requires us to keep the data (e.g., active fraud investigation, ongoing legal hold, or tax retention). In that case we will:
- Explain in writing the specific legal basis for retention
- Limit retention to the minimum period required
- Delete everything else
You have the right to complain to your local data protection authority (e.g., KVKK in Turkey, a national DPA in the EU, or the California AG in the US).
9. Contact
For any question about this page, write to privacy@manryo.com. We respond within 5 business days.
Postal address (for formal GDPR/KVKK requests):
Manryo — Data Protection Officer
alihandemirdas
Istanbul, Türkiye
Related: Full Privacy Policy · Terms of Service · Home