Privacy Policy

1. Information We Collect

1.1 Account Information

When you register for Orange WS Platform, we collect:

• Name and surname
• Email address
• Phone number
• Company information (if applicable)
• Country and timezone

1.2 Usage Information

We collect information about how you use our services:

• Messages sent and received
• Delivery statistics
• API configurations
• System activity logs
• Billing and payment information

1.3 Technical Information

• IP addresses
• Browser and device information
• Cookies and similar technologies
• Performance and analytics data

2. How We Use Your Information

We use the collected information to:

• Provide our services: Process and deliver messages, manage your account
• Improve our services: Performance analysis, development of new features
• Communication: Service notifications, technical support, important updates
• Billing: Process payments, generate invoices, manage subscriptions
• Legal compliance: Meet legal and regulatory obligations
• Security: Detect and prevent fraud, abuse, and malicious activities

3. Information Sharing

We do not sell or rent your personal information. We may share information in the following circumstances:

3.1 Service Providers

We share information with third parties who help us operate our services:

• Meta/WhatsApp: For WhatsApp Business message delivery
• Orange: For verification and SMS services
• Infrastructure providers: Hosting, databases, analytics
• Payment processors: To process transactions

3.2 Legal Requirements

We may disclose information when required by law or to:

• Comply with subpoenas, court orders, or legal processes
• Protect our rights and property
• Prevent fraud or illegal activities
• Protect the safety of users and the public

4. Data Security

We implement appropriate technical and organizational security measures:

• Encryption in transit and at rest
• Strict access controls
• Continuous security monitoring
• Regular security audits
• Staff training on data protection

5. Data Retention

We retain your personal information for:

• Account information: While you maintain an active account
• Messaging data: Up to 2 years for analytics and support
• Financial information: 7 years for tax requirements
• System logs: 1 year for security analysis

6. Your Rights

Under applicable data protection laws, you have the right to:

• Access: Request copies of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data
• Portability: Receive your data in structured format
• Object: Object to processing in certain cases
• Restrict: Limit processing in certain circumstances

7. Cookies and Tracking Technologies

We use cookies and similar technologies for:

• Maintaining user sessions
• Remembering preferences
• Usage and performance analytics
• Security and fraud prevention

8. International Transfers

Your data may be processed in countries outside the European Economic Area. When this occurs, we implement appropriate safeguards such as standard contractual clauses approved by the European Commission.

9. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from minors.

10. Changes to This Policy

We may update this privacy policy occasionally. We will notify you of significant changes by email or through notice on our platform.

11. Contact

For questions about this privacy policy or to exercise your rights, contact:

12. Legal Basis for Processing

We process your personal data based on:

• Contract: To provide our services
• Legitimate interest: To improve services and security
• Consent: For marketing communications (when applicable)
• Legal obligation: To comply with legal requirements

13. Advertising through Meta Platforms (Radar Module)

The Radar module allows client businesses to create Click-to-WhatsApp advertising campaigns on Meta platforms (Facebook, Instagram) and to track their performance. This section describes data processing that is specific to this module.

13.1 Data Collected

When an end user interacts with a Radar-originated ad, we may collect:

• Ad click identifiers (fbclid, _fbp and _fbc cookies)
• Referral metadata attached to WhatsApp messages originated from ads (ad ID, headline, campaign ID)
• Hashed conversion data (SHA-256 of phone number and/or email in normalized form) sent to Meta's Conversions API
• Conversion events occurring inside the platform (e.g. booking confirmations) attributed to an ad click

13.2 Controller / Processor Roles

For advertising activity initiated through Radar:

• The client business using Radar acts as data controller of its own campaign data, audience definitions and leads
• MASBUSINESS INFRASTRUCTURES SL acts as data processor on behalf of that client, under a Data Processing Agreement (GDPR Art. 28) governing Radar usage
• Meta Platforms Ireland Limited acts as an independent or joint controller for advertising data processed on its platforms, subject to its own privacy policy

13.3 Transfers to Meta

Through Radar, we transmit hashed conversion events to Meta via the Conversions API and Meta may set advertising cookies on pages served by the client. Legal basis for this processing:

• Legitimate interest of the client business in measuring and improving the effectiveness of its advertising campaigns
• Consent of the end user for cookies and tracking technologies, obtained by the client under applicable e-privacy rules

International transfers to Meta rely on the EU-US Data Privacy Framework and standard contractual clauses where applicable.

13.4 End-User Rights

End users may request deletion of their advertising-related data through the process described in our Data Deletion page, or by contacting privacy@masorange.es. Deletion requests are propagated to Meta where technically feasible.