Legal
Privacy Policy
Last updated: May 16, 2026 · Effective Date: May 16, 2026
InstantFlow is a WhatsApp Marketing SaaS platform built for businesses to manage customer conversations, run broadcast campaigns, and automate messaging at scale. This Privacy Policy explains how we handle data for both our platform users (businesses) and their end customers.
1. Who We Are
InstantFlow ("we", "us", "our") is a SaaS platform that enables businesses to leverage the WhatsApp Business API for customer communication, marketing campaigns, and support automation. Our platform is operated by FK Afridi and the InstantFlow team, contactable at adminsupport@instantflow.online.
We act as a data processor on behalf of our business customers (data controllers) who use our platform to communicate with their end users via WhatsApp.
2. Information We Collect
We collect information in the following categories:
- Account Information: Name, email address, company name, phone number, and password when you register for an InstantFlow account.
- Billing Information: Payment method details processed securely via our payment provider (we do not store raw card data).
- Platform Usage Data: Dashboard activity, feature usage, session logs, API call volumes, and performance metrics.
- Communication Data: Messages sent and received through our platform, including WhatsApp conversations, contact lists imported by your business, campaign content, and automation rules you configure.
- Technical Data: IP addresses, browser type, device information, and application logs for security and debugging purposes.
- Support Data: Information you provide when contacting our support team.
3. How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the InstantFlow platform and its features.
- Process transactions and send billing-related communications.
- Send important service notifications, security alerts, and account updates.
- Route and deliver WhatsApp messages on your behalf via Meta's Business API.
- Improve platform performance, fix bugs, and develop new features.
- Enforce our Terms of Service and prevent fraud or abuse.
- Respond to your support inquiries and customer service requests.
- Comply with applicable legal obligations.
We do not use your customers' WhatsApp message content for advertising, profiling, or selling to third parties.
4. WhatsApp & Meta Data
InstantFlow integrates with the WhatsApp Business API, which is governed by Meta Platforms, Inc. By using our platform to send WhatsApp messages, you acknowledge and agree to Meta's WhatsApp Business Policy and Meta Privacy Policy.
- Message content transmitted via WhatsApp is subject to WhatsApp's end-to-end encryption policies.
- Contact phone numbers and message templates you use are subject to Meta's data handling terms.
- You are responsible for obtaining proper consent from your end-users before sending them WhatsApp messages through our platform.
- InstantFlow stores message history in your account database for your operational use and support of your customers.
5. Data Sharing & Third Parties
We do not sell your personal data. We may share information only in the following circumstances:
- Meta / WhatsApp: To deliver messages through the WhatsApp Business API as instructed by you.
- Payment Processors: To securely handle billing and subscription payments.
- Infrastructure Providers: Cloud hosting, database, and CDN providers who process data on our behalf under strict data processing agreements.
- Legal Requirements: When required by law, court order, or governmental authority.
- Business Transfers: In connection with a merger, acquisition, or sale of our business assets, with notice provided to you.
6. Data Retention
We retain your account data for as long as your account is active or as needed to provide services. Specifically:
- Account information is retained until you request account deletion.
- Conversation and message data is retained for up to 12 months by default (configurable per plan).
- Billing records are retained for 7 years to comply with financial regulations.
- Upon account deletion, personal data is purged within 30 days, except where retention is required by law.
7. Security
We implement enterprise-grade security measures to protect your data:
- All data in transit is encrypted using TLS 1.2+ (HTTPS).
- Database access is restricted using role-based access control and VPC isolation.
- Multi-tenant data isolation ensures no cross-account data leakage.
- Multi-Factor Authentication (MFA) is available for all user accounts.
- Regular security audits and vulnerability assessments are performed.
Despite our best efforts, no method of transmission over the internet is 100% secure. You use the platform at your own risk and are responsible for maintaining secure account credentials.
8. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate or incomplete data.
- Erasure: Request deletion of your personal data ("right to be forgotten").
- Portability: Request your data in a structured, machine-readable format.
- Objection: Object to certain processing activities.
- Restriction: Request restriction of processing in certain circumstances.
To exercise any of these rights, contact us at adminsupport@instantflow.online. We will respond within 30 days.
9. Cookies & Tracking
Our website and platform use cookies and similar technologies to:
- Maintain your login session and preferences.
- Analyze platform usage via anonymized analytics.
- Protect against CSRF attacks and ensure security.
You can control cookie settings through your browser. Disabling certain cookies may affect platform functionality. We do not use third-party advertising cookies.
10. Children's Privacy
InstantFlow is a B2B platform intended exclusively for business use by individuals aged 18 and above. We do not knowingly collect personal data from children under 13. If we become aware of such data being collected, we will delete it immediately.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify registered users of material changes via email or a prominent in-app notice at least 14 days before the changes take effect. Continued use of the platform after the effective date constitutes your acceptance of the revised policy.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: