Privacy Policy
Last updated: April 30, 2026 · Effective: April 30, 2026
⚠️ Unofficial Integration Disclosure: Sevenoways Relay is an unofficial third-party tool that interfaces with WhatsApp via the Baileys library. It is not affiliated with, endorsed by, or sponsored by WhatsApp Inc. or Meta Platforms, Inc.
1. Information We Collect
We collect and process the following information when you use Sevenoways Relay:
- Account data: Your name, email address, and hashed password
- Authentication data: TOTP secrets (for 2-factor authentication), session tokens
- WhatsApp session credentials: Encrypted authentication state for your linked WhatsApp numbers, stored with AES-256-GCM encryption
- Message logs: Metadata about messages sent (instance, recipient type, status, timestamp) — message content is stored as a short preview only
- Usage data: API request logs, login timestamps, IP addresses for security purposes
2. How We Use Your Information
- To provide and operate the Sevenoways Relay messaging service
- To authenticate you and protect your account from unauthorized access
- To send transactional email notifications (login alerts, security events)
- To enforce usage limits and prevent abuse
- To troubleshoot technical issues and improve the platform
3. Data Storage & Security
Your data is stored on a dedicated virtual private server. We implement the following security measures:
- WhatsApp session credentials encrypted at rest (AES-256-GCM)
- Passwords hashed with bcrypt (12 rounds)
- JWT tokens with short expiry windows (8–12 hours)
- HTTPS enforced on all connections via Cloudflare and Let's Encrypt
- HTTP security headers (HSTS, X-Frame-Options, X-Content-Type-Options) via Helmet.js
- Rate limiting on all API endpoints to prevent brute-force attacks
4. Data Retention
We retain your data for as long as your account is active. Message logs are retained for up to 90 days by default. Upon account deletion, all your data including session files and message logs is permanently removed from our systems.
5. Third-Party Services
- Cloudflare: We use Cloudflare as a CDN and DDoS protection layer. Cloudflare may process your IP address and request metadata. See Cloudflare Privacy Policy.
- Amazon SES: Transactional emails may be sent via Amazon Simple Email Service. See AWS Privacy Policy.
- WhatsApp / Meta: This service connects to WhatsApp servers on your behalf. Your use of WhatsApp is subject to WhatsApp's Privacy Policy.
6. Your Rights (GDPR)
If you are located in the European Economic Area, you have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data ("right to be forgotten")
- Object to or restrict certain processing activities
- Request a copy of your data in a portable format
To exercise any of these rights, contact your account administrator.
7. Cookies
We use strictly necessary HTTP-only session cookies for authentication. We do not use tracking cookies, analytics cookies, or advertising cookies. No third-party cookies are set by our platform.
8. Children's Privacy
This service is intended for business use only and is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors.
9. Changes to This Policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page will reflect any changes. Continued use of the service constitutes acceptance of the updated policy.
10. Contact
For privacy-related questions or requests, contact your account administrator or the platform operator via the email address provided during account setup.
This privacy policy applies to the Sevenoways Relay platform. It does not apply to third-party services linked herein, which have their own privacy policies.