CanaisFuncionalidadesPrecosFAQ
LoginTeste Gratis

Privacy Policy

Last updated: March 8, 2026

1. Introduction

OmniWhats is committed to protecting the privacy and personal data of its users, in compliance with the Brazilian General Data Protection Law (LGPD - Law No. 13.709/2018) and applicable international data protection regulations. This Policy describes how we collect, use, store, and protect your data.

2. Data Collected

We collect the following types of data:

  • Registration data: name, email, phone number, company name;
  • Usage data: access logs, platform actions, IP address;
  • Communication data: messages exchanged through integrated channels (WhatsApp, Instagram, Messenger);
  • Payment data: processed by third-party payment gateways (we do not store card data).

3. Legal Basis for Processing

Personal data processing is based on the following legal grounds:

  • Contract performance: to provide the contracted services;
  • Consent: for marketing communications;
  • Legitimate interest: for service improvement and platform security;
  • Legal obligation: for regulatory compliance.

4. Purpose of Processing

We use your data to:

  • Provide and maintain the Platform services;
  • Process payments and manage subscriptions;
  • Send service-related notifications;
  • Improve user experience and service quality;
  • Comply with legal and regulatory obligations;
  • Prevent fraud and ensure Platform security.

5. Data Sharing

Your personal data may be shared with:

  • Service providers: companies that assist in our operations (hosting, payment, email);
  • Integrated platforms: Meta (WhatsApp, Instagram, Messenger) as necessary for the integration;
  • Legal authorities: when required by law or court order.

We do not sell or share your personal data with third parties for marketing purposes.

6. Data Subject Rights

You have the following rights regarding your personal data:

  • Confirmation of data processing;
  • Access to your data;
  • Correction of incomplete, inaccurate, or outdated data;
  • Anonymization, blocking, or deletion of unnecessary data;
  • Data portability;
  • Deletion of data processed with consent;
  • Information about data sharing;
  • Withdrawal of consent.

To exercise your rights, contact us at privacidade@omniwhats.com.

7. Data Retention

Personal data is retained for as long as necessary to fulfill the purposes described in this Policy, or as required by law. After account termination, data may be retained for up to 5 years for legal compliance, and then securely deleted.

8. Cookies

We use essential cookies for Platform operation (authentication and session). We do not use third-party tracking cookies for advertising purposes.

9. International Transfer

Some data may be processed on servers located outside Brazil. In such cases, we ensure that transfers are carried out with an adequate level of protection, as required by the LGPD.

10. Google API Services Integration

OmniWhats offers optional integration with Google Calendar through the user's explicit consent via the OAuth 2.0 flow. When connecting a Google account, the following data is accessed:

  • Profile information: name, email, and profile picture (scopes userinfo.email and userinfo.profile);
  • Calendar data: reading calendars and events (scope calendar.readonly);
  • Event management: creating, editing, and deleting events on the user's selected calendar (scope calendar.events).

10.1. Google Data Protection

OmniWhats's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • Encryption at rest: Google access tokens are stored encrypted using AES-256-GCM on the server;
  • Encryption in transit: all communications with Google servers and with our users are conducted exclusively via HTTPS/TLS;
  • Minimal access: we request only the scopes strictly necessary for calendar functionality;
  • No sharing: data obtained from Google is not shared, sold, or transferred to third parties, except as necessary to provide the service to the user;
  • No AI/ML training: data obtained from Google is not used for training artificial intelligence or machine learning models;
  • Tenant isolation: data is isolated per organization (tenant), ensuring no company has access to another's data;
  • Immediate deletion: when disconnecting the Google account through the platform, all associated tokens and data are immediately removed from the server. The user can also revoke access directly at myaccount.google.com/permissions.

10.2. Purpose of Google Data Usage

Google Calendar data is used exclusively for:

  • Displaying and managing the user's calendar events within the platform;
  • Synchronizing CRM tasks with Google Calendar events;
  • Scheduling meetings with customers directly from support conversations.

11. Use of Artificial Intelligence

OmniWhats uses third-party artificial intelligence services (such as OpenAI, Groq, and OpenRouter) for agent assistance features, such as response suggestions and autocomplete. These AI features:

  • Do not receive Google data: the AI integration is completely independent from the Google Calendar integration. No data obtained from Google is sent to AI providers;
  • Process only support data: only the content of customer support conversations is sent to AI providers, as necessary to generate suggestions;
  • Do not train models: data sent to AI providers is not used for model training, in accordance with the respective providers' policies.

12. Data Security

We adopt technical and organizational measures to protect your personal data and sensitive data against unauthorized access, destruction, loss, alteration, or any form of improper processing. These measures include:

  • Encryption of sensitive data at rest (AES-256-GCM) and in transit (TLS 1.2+);
  • Secure authentication with JWT tokens and protected sessions;
  • Data isolation per organization (multi-tenant with Row-Level Security);
  • Role-based access control (RBAC);
  • Automated daily encrypted backups;
  • Continuous security monitoring and automatic updates;
  • Network firewall (UFW) with restricted ports;
  • SSL/TLS certificates automatically renewed (Let's Encrypt).

13. Changes to this Policy

This Policy may be updated periodically. We will notify you of relevant changes via email or through the Platform. Continued use after publication constitutes acceptance of the changes.

14. Data Protection Officer (DPO)

For questions about privacy and data protection, contact our Data Protection Officer: privacidade@omniwhats.com.

Privacy Policy - OmniWhats