1. General Information

Inside Software Solutions, S.A. (hereinafter “InSoft”), a Guatemalan software development company based in Guatemala City, operates a technology platform for integration with the WhatsApp Business API (WhatsApp Business Platform by Meta Platforms, Inc.).

This platform allows InSoft’s client organizations to connect their WhatsApp Business Accounts (WABAs) and manage automated communications, chatbots, and customer service through that channel.

This Privacy Policy describes how InSoft collects, uses, stores, shares, and protects the personal data and information of end users who interact with services deployed through our platform, as well as the data of our business clients.

By using any service developed or managed by InSoft that involves the WhatsApp Business API, you agree to the practices described in this policy.

2. Data We Collect

2.1 End User Data (Consumers)

When an end user interacts with a chatbot or messaging service operated by one of our clients through WhatsApp, InSoft may process the following data on behalf of that client:

  • The user’s WhatsApp phone number
  • Content of messages sent and received in the conversation (text, images, documents, audio, video)
  • Message metadata: timestamps, delivery and read statuses
  • The user’s WhatsApp display name, when available
  • Technical conversation identifiers assigned by Meta’s platform

2.2 Business Client Data

When an organization engages InSoft’s services as a technology provider, we collect the following client data:

  • Organization name and contact details of the technical or legal representative
  • Access tokens and credentials for the Meta Business Platform
  • WABA and business phone number identifiers
  • Technical configurations of the contracted service
  • Billing and contract information

3. How We Use Data

InSoft uses collected data exclusively for the following purposes:

  • Delivering and operating the messaging services contracted by the business client
  • Routing messages between end users and the client’s systems (chatbot, customer service platform, CRM, etc.)
  • Managing and maintaining the technical integration with Meta’s WhatsApp Business API
  • Diagnosing and resolving technical issues in service delivery
  • Ensuring the security and proper functioning of the platform
  • Complying with applicable legal and regulatory obligations

InSoft does not use end user data for its own marketing purposes, nor does it sell, transfer, or share it with third parties unrelated to the delivery of the contracted service.

 

4. Data Sharing

4.1 Meta Platforms, Inc.

Messages processed through the WhatsApp Business Platform are transmitted via Meta Platforms, Inc.’s infrastructure, in accordance with the WhatsApp Business Platform Terms of Service and Meta’s Privacy Policy (https://www.facebook.com/privacy/policy). InSoft does not control the data processing performed directly by Meta.

4.2 Business Clients

End user data is accessible to the business client that contracted InSoft’s services, as InSoft acts as a technical data processor on behalf of that client. The client is responsible for processing data in accordance with applicable law and for obtaining any necessary consents from their end users.

4.3 Infrastructure Providers

InSoft may use cloud infrastructure providers to host service components. These providers operate under confidentiality agreements and are not authorized to use the data for their own purposes.

4.4 Legal Requirements

InSoft may disclose personal information if required by the laws of the Republic of Guatemala or other applicable regulations, or in response to court orders or requests from competent authorities.

 

5. Data Retention

InSoft retains data only for as long as necessary to provide the contracted service:

  • Messages processed through Meta’s Cloud API are retained on Meta’s servers for a maximum of 30 days, in accordance with their own policies.
  • Conversation records stored on InSoft’s own infrastructure are retained as stipulated in the contract with each business client, and securely deleted upon termination of the contractual relationship.
  • Business client data is retained for the duration of the contract and for the additional period required by Guatemalan tax and commercial law.

 

6. Data Security

InSoft implements reasonable technical and organizational measures to protect data against unauthorized access, loss, alteration, or disclosure, including:

  • In-transit encryption via HTTPS/TLS for all communications with Meta’s API
  • Role-based access control for internal systems
  • Use of system user access tokens instead of personal credentials
  • Access monitoring and security incident management

However, no internet data transmission system can guarantee absolute security. InSoft cannot guarantee the security of information transmitted over networks outside its direct control.

7. User Rights

End users whose data is processed through our platform may exercise the following rights with the business client operating the service (who is the data controller):

  • Access: know what personal data of theirs is being processed
  • Rectification: correct inaccurate or incomplete data
  • Erasure: request deletion of their data when it is no longer necessary
  • Objection: object to the processing of their data under certain circumstances

To exercise these rights, users should contact directly the organization they communicated with via WhatsApp. InSoft will handle requests forwarded by the business client in its capacity as technical processor.

For direct inquiries to InSoft regarding data processing, please write to: info@insoft.com.gt

8. Use of the WhatsApp Business API

InSoft acts as a registered Tech Provider with Meta Platforms, Inc., enabling it to manage client WABAs and operate message sending and receiving through the WhatsApp Business Cloud API. In this role:

  • InSoft does not initiate conversations with end users on its own behalf, but only on behalf of business clients who have contracted this service.
  • All messages sent outside the 24-hour conversation window use message templates previously approved by Meta.
  • InSoft complies with the WhatsApp Business Platform Acceptable Use Policy, including restrictions on permitted content types and the end user opt-in requirement.

9. Cookies and Tracking Technologies

InSoft’s website (insoft.com.gt) may use technical cookies necessary for basic site functionality. We do not use third-party tracking or advertising cookies. Interaction with messaging services through WhatsApp does not involve the use of cookies by InSoft.

10. Changes to This Policy

InSoft reserves the right to update this Privacy Policy when necessary, for example due to changes in the services offered, applicable legislation, or Meta Platforms’ policies. Updated versions will be published at https://insoft.com.gt/privacy-policy with the date of last modification.

Continued use of InSoft’s services after changes to this policy are published constitutes acceptance of those changes.

11. Governing Law and Contact

This Privacy Policy is governed by the laws of the Republic of Guatemala. Any dispute related to the processing of personal data will be submitted to the jurisdiction of the competent courts of Guatemala.

For any inquiry, request, or complaint related to this policy or the processing of your personal data, you may contact us through the following channels:

  • Email: info@insoft.com.gt
  • Website: https://insoft.com.gt
  • Address: Guatemala City, Guatemala