Privacy Policy for Client Compass

Last updated: December 13, 2025

This Privacy Policy describes how Client Compass Digital Solutions Pty (Ltd) collects, uses, and protects your information when you use our WhatsApp business platform. We are committed to protecting your privacy and complying with the Protection of Personal Information Act (POPIA). By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy.

Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

• Account means a unique account created for You to access our Service or parts of our Service.
• Affiliate means an entity that controls, is controlled by or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.
• Service refers to the Client Compass WhatsApp business platform, a web-based application that enables business communication, quote and invoice creation, and customer relationship management via WhatsApp Business API.
• Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to Client Compass Digital Solutions Pty (Ltd).
• Country refers to: South Africa.
• Device means any device that can access the Service such as a computer, a cellphone or a digital tablet.
• Personal Data is any information that relates to an identified or identifiable individual.
• Third-Party Services refers to services we use to operate our platform, including Twilio (WhatsApp Business API), database hosting providers, and email delivery services.
• Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used.
• Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
• You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

Business Identity and POPIA

For transparency and to support Meta review, the following business identity details apply:

• Registered name: Client Compass Digital Solutions Pty (Ltd)
• Business address: 11 Nepeta Street, East-Rural, Kraaifontein, 7570, South Africa
• Contact email: info@clientcompass.co.za
• Contact phone: +27 74 094 0550
• Information Officer (POPIA): info@clientcompass.co.za

Client Compass Digital Solutions Pty (Ltd) is the Responsible Party under the Protection of Personal Information Act, 2013 (POPIA) for Personal Information processed via this Service.

Collecting and Using Your Personal Data

Types of Data Collected

Personal Data

When you use our Service, we collect and process the following types of personal information:

• Contact Information: WhatsApp phone numbers, display names, email addresses
• Conversation Data: WhatsApp messages (text and media), message timestamps, conversation history
• Business Documents: Quotes and invoices containing customer names, addresses, project details, and financial information
• Authentication Data: Login credentials, session tokens stored in Redis
• Business Settings: Company information, banking details (for invoice payments), contact preferences
• Push Notification Data: Web push subscription endpoints, encryption keys, and device information (if you enable notifications)
• Usage Data: IP addresses, browser type, access times, pages visited

WhatsApp Integration Data

Our Service integrates with WhatsApp Business API via Twilio. When customers message your business via WhatsApp, we receive and process:

• Message content (text, images, documents, and other media)
• Sender's WhatsApp phone number and profile name
• Message delivery status and timestamps
• Media files temporarily stored for processing and delivery

We track the 24-hour messaging window required by WhatsApp's policies to ensure compliant communication.

Document and PDF Generation

When you create quotes or invoices, we generate PDF documents containing:

• Your business information (name, address, banking details)
• Customer information (name, contact details, service address)
• Financial details (items, quantities, prices, totals, VAT)
• Document metadata (numbers, dates, terms, and conditions)

These documents are stored in our database and may be transmitted via WhatsApp to your customers.

Use of Your Personal Data

We use your personal information for the following purposes:

• Service Delivery: To operate our WhatsApp business platform, manage conversations, and deliver messages between you and your customers
• Document Management: To create, store, and send quotes and invoices via WhatsApp
• Authentication: To manage your account access and maintain secure sessions
• WhatsApp Integration: To send and receive messages via Twilio's WhatsApp Business API on your behalf
• Template Management: To create and submit WhatsApp message templates for approval and use in automated messaging
• Automated Workflows: To provide automated conversation flows for lead capture and customer engagement
• Notifications: To send you web push notifications about new messages (if enabled)
• Service Improvement: To analyze usage patterns, fix bugs, and improve platform performance
• Legal Compliance: To comply with legal obligations, including POPIA, tax requirements, and WhatsApp Business policies
• Customer Support: To respond to your inquiries and provide technical assistance

Sharing Your Personal Data with Third Parties

We share your personal information with the following third-party service providers necessary to operate our platform:

• Twilio (WhatsApp Business API): We transmit your messages and customer data through Twilio's infrastructure to deliver WhatsApp messages. Twilio processes this data according to their privacy policy and WhatsApp's terms.
• Database Hosting Providers: Your data is stored in PostgreSQL databases hosted by our infrastructure provider with encryption at rest.
• Redis Session Storage: Authentication sessions are temporarily stored in Redis for secure access management.
• Email Delivery Services: When configured, we may use email service providers to send notifications about new leads or system updates.
• Cloudflare: For secure tunnel access and DDoS protection to our infrastructure.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

Your Customer's Data: Messages and information sent between you and your customers via WhatsApp are processed through our platform but belong to your business. You are responsible for obtaining appropriate consent from your customers for data processing under POPIA.

Retention of Your Personal Data

We retain different types of data for varying periods:

• Conversation Data: WhatsApp messages and conversation history are retained for as long as your account is active and for up to 7 years after account closure for tax and legal compliance purposes.
• Documents (Quotes & Invoices): Retained for a minimum of 5 years as required by South African tax law (Income Tax Act).
• Session Data: Temporary session tokens in Redis expire after 24 hours of inactivity.
• Usage Logs: System logs and metrics are retained for 90 days for troubleshooting and security purposes.
• Account Data: Retained until you request deletion or terminate your subscription, subject to legal retention requirements.

You may request earlier deletion of your data, subject to our legal obligations to retain certain records for tax, accounting, and legal purposes.

Transfer of Your Personal Data

Your information, including Personal Data, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction. Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer. The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.

Delete Your Personal Data

You have the right to delete or request that We assist in deleting the Personal Data that We have collected about You. Our Service may give You the ability to delete certain information about You from within the Service. You may update, amend, or delete Your information at any time by signing in to Your Account, if you have one, and visiting the account settings section that allows you to manage Your personal information. You may also contact Us to request access to, correct, or delete any personal information that You have provided to Us. Please note, however, that We may need to retain certain information when we have a legal obligation or lawful basis to do so.

For step-by-step instructions, see our Data Deletion Instructions page at /deletion.html

Disclosure of Your Personal Data

Business Transactions

If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law Enforcement

Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Other Legal Requirements

The Company may disclose Your Personal Data in the good faith belief that such action is necessary to: comply with a legal obligation; protect and defend the rights or property of the Company; prevent or investigate possible wrongdoing in connection with the Service; protect the personal safety of Users of the Service or the public; protect against legal liability.

Security of Your Personal Data

We implement industry-standard security measures to protect your data:

• Encryption: All data transmitted between your browser and our servers uses TLS/SSL encryption. Database data is encrypted at rest.
• Access Control: Multi-tenant architecture with Row-Level Security (RLS) in PostgreSQL ensures tenant data isolation.
• Authentication: JWT-based authentication with secure session management via Redis.
• Infrastructure: Docker containerization with isolated tenant environments, reverse proxy with Traefik, and Cloudflare Tunnel for secure access.
• WhatsApp Security: Messages are transmitted through Twilio's verified and secure WhatsApp Business API with signature verification.
• Monitoring: Prometheus metrics and Grafana dashboards for security monitoring and anomaly detection.

While we implement strong security measures, no method of transmission or storage is 100% secure. We continuously monitor and update our security practices.

Links to Other Websites

Our Service may contain links to other websites that are not operated by Us. If You click on a third party link, You will be directed to that third party's site. We strongly advise You to review the Privacy Policy of every site You visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Changes to this Privacy Policy

We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page. We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the "Last updated" date at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Policy, You can contact us:

• By email: info@clientcompass.co.za
• By phone number: +27 74 094 0550

← Back to Home