Privacy Policy
Last updated: 7/5/2026
ReachO ("we", "our", or "the Service") is a WhatsApp Business Platform operated by Wan Buffer Services, accessible at https://reacho.live. ReachO is built on the official WhatsApp Cloud API from Meta. This Privacy Policy describes the information we collect, how we use it, and the choices available to you.
1. Information we collect
- Account information: name, email, hashed password, workspace name.
- WhatsApp Business credentials: WhatsApp Business Account (WABA) ID, phone number ID, business ID, and the access token Meta returns through Embedded Signup, so we can send and receive messages on your behalf via Meta's WhatsApp Cloud API. ReachO operates as a Meta Tech Provider; we never see your Facebook login credentials.
- Customer contact data: phone numbers, names, emails, custom attributes, and tags that you upload or that arrive via inbound messages.
- Message content: messages you send and receive through your connected WhatsApp number, along with delivery and read receipts returned by Meta.
- Operational logs: request metadata, error logs, and webhook events retained for audit and debugging.
2. How we use information
- To deliver, secure, and improve the Service.
- To send WhatsApp messages, templates, and broadcasts on your behalf.
- To present analytics, message history, and conversation threads in your dashboard.
- To detect abuse, prevent fraud, and comply with WhatsApp Commerce and Business policies.
3. Sharing of information
We share message payloads with Meta Platforms, Inc. (WhatsApp) strictly to deliver the messages you initiate. We do not sell personal data. Sub-processors include our infrastructure provider (database and hosting), used solely to operate the Service.
4. Data retention
Message and contact data is retained for as long as your workspace is active. You can delete contacts, conversations, or your entire workspace at any time. Webhook event logs are retained for up to 90 days for debugging and audit.
5. Security
Passwords are hashed with bcrypt. WhatsApp access tokens are stored encrypted at rest in the database. The Service uses TLS in transit. Webhook deliveries from Meta are verified with the X-Hub-Signature-256 HMAC.
6. Your rights
Depending on your jurisdiction (including GDPR and CCPA) you may have rights to access, correct, export, or delete your personal data. Contact us at [email protected] and we will respond within 30 days.
7. Children
The Service is not intended for individuals under 16.
8. Changes
We will post any updates to this policy on this page and update the "Last updated" date.
9. Contact
Questions? Email us at [email protected].