Privacy Policy
⚠️ Placeholders to replace before launch: legal entity details and contact email (shown in [brackets]).
This Privacy Policy explains how WINS AI-Solution [registered business name / registration no. ____, Malaysia] ("WINS Leads", "we", "us") collects, uses, and protects personal data when you use the WINS Leads service. We comply with the Malaysian Personal Data Protection Act (PDPA), and with other data-protection laws (such as Singapore's PDPA and the EU/UK GDPR) where they apply to you.
Your two roles in this — important.
For your own account information (name, email, billing), we are the data controller.
For the contacts and conversations you bring into WINS Leads, you are the controller and we are your processor — we handle that data only to provide the service to you. You are responsible for having a lawful basis (such as consent) to collect and message those contacts.
1. What we collect
| Category | Examples |
|---|---|
| Account data | Your name, email, login credentials, language preference. |
| Billing data | Subscription status and payment records. Card/payment details are handled by our payment provider (Stripe) — we do not see or store your full card details. |
| WhatsApp connection | The session/authentication data needed to keep your WhatsApp connected, and your connected phone number(s). |
| Your contacts & messages | Contact names, phone numbers, message content and media you send/receive, tags, notes, deal/revenue records, follow-up reminders, and ad-referral metadata (e.g. which Click-to-WhatsApp ad a lead came from). |
| Usage & technical data | Log data, timestamps, and basic technical information needed to run and secure the service. |
2. How we use your data
- To provide, maintain, and improve the service (inbox, follow-ups, batch messaging, dashboard).
- To process your subscription and send service-related notices (e.g. receipts, renewal and expiry reminders, security alerts).
- To keep your WhatsApp connection alive and to deliver follow-up reminders to your own WhatsApp.
- To secure the service, prevent abuse, and comply with legal obligations.
We do not sell your data or your contacts' data, and we do not use your contacts' data for our own marketing.
3. How long we keep it
- Chat messages & media: retained for approximately 14 days, then automatically deleted from our systems. Older messages remain on your phone via WhatsApp.
- CRM data (contacts, tags, notes, deals, reports): kept for as long as your account is active, so your records and dashboard stay intact.
- Idle connections: if you do not log in for 14 days, your WhatsApp session is disconnected to save resources; your stored data is unaffected.
- After account closure: we keep your data for a short grace period (around 30 days) so you can reactivate, then delete it, except where we must retain limited records (e.g. billing) to meet legal obligations.
4. Who we share it with (sub-processors)
We share data only with service providers that help us run WINS Leads, under appropriate safeguards:
| Provider | Purpose |
|---|---|
| Stripe | Payment processing for subscriptions. We never receive your full card details. |
| Hosting provider (e.g. DigitalOcean) | Cloud servers that run the service and store your data. |
| WhatsApp / Meta | The messaging platform itself — messages travel through WhatsApp's infrastructure. |
| Google Sheets / Notion (optional) | Only if you choose to connect them, to back up your new leads to your own account. |
We may also disclose data if required by law, to protect our rights, or in connection with a business transfer.
5. Security
We use reasonable technical and organisational measures to protect your data, including access controls and account isolation between users. No system is perfectly secure, so we cannot guarantee absolute security; please use a strong password and keep it confidential.
6. International transfers
Our service and providers may process data in countries other than yours (for example, our servers may be located in Singapore). Where required, we rely on appropriate safeguards for such transfers.
7. Your rights
Depending on your location, you may have the right to access, correct, export, or delete your personal data, to object to or restrict certain processing, and to withdraw consent. You can manage much of your data directly in the app (including exporting and deleting contacts), or contact us to make a request. We will respond within the time required by applicable law.
8. Your contacts' data — your responsibility
WINS Leads helps you manage data about other people (your leads and customers). You are responsible for collecting and using that data lawfully — including having any consent required to message them and honouring their requests (such as opt-outs). If one of your contacts asks us to act on their data, we will generally direct them to you as the controller.
9. Children
WINS Leads is not intended for anyone under 18, and we do not knowingly collect data from children.
10. Cookies
We use only the minimal cookies/local storage needed to keep you logged in and remember your language preference. We do not use advertising or cross-site tracking cookies.
11. Changes to this policy
We may update this policy from time to time. If we make material changes, we will provide reasonable notice (for example, by email or in the app) and update the "Last updated" date above.
12. Contact us
For privacy questions or to exercise your rights, contact us at [privacy@winsleads.app].