🔒 Privacy

Privacy Policy

Last updated: April 3, 2026 · Your privacy matters. Here's exactly what we collect and why.

Table of Contents

1 Who We Are 2 Data We Collect 3 Cookies 4 Push Notifications 5 How We Use Your Data 6 Third Parties 7 Data Retention 8 Your Rights 9 Security 10 Children 11 Changes 12 Contact Us
1

Who We Are

Wapas (Private) Limited ("Wapas", "we", "us") operates the digital loyalty platform at wapas.me. We are responsible for your personal data as described in this Privacy Policy.

Contact: hello@wapas.me

2

Data We Collect

For Restaurant Account holders

  • Name, email address, and password (hashed)
  • Business name, address, and contact details
  • Payment information (processed by our payment provider — we do not store raw card numbers)
  • Usage data: login times, features used, campaign performance metrics

For Customers (end-users of a restaurant's programme)

  • Phone number (used to identify the customer and send notifications)
  • Visit history and stamp counts
  • Rewards earned and redeemed
  • Push notification subscription tokens (if you opt in)
  • Approximate last-visit date (used for win-back timing)

Automatically collected data

  • IP address and browser/device type
  • Pages visited and time spent
  • Referrer URL
3

Cookies

We use session cookies to keep you logged in and to secure your session. We may use analytics cookies to understand how the platform is used. We do not use advertising tracking cookies.

You can control cookies through your browser settings. Disabling session cookies will prevent you from logging in.

4

Push Notifications

Customers may be asked to enable push notifications when joining a restaurant's loyalty programme. Push notifications are sent only for loyalty-related purposes: stamp confirmations, reward availability, and win-back offers from the specific restaurant they joined.

You can disable push notifications at any time through your browser or device settings. This does not affect your loyalty card balance.

5

How We Use Your Data

  • To provide the service: authenticating accounts, recording stamps, triggering notifications
  • To operate win-back campaigns: determining when a customer has lapsed and triggering WhatsApp or push messages on behalf of the restaurant
  • To improve the product: analysing aggregate usage patterns, debugging errors
  • To communicate with restaurant accounts: billing, product updates, support
  • To comply with legal obligations: fraud prevention, law enforcement requests

We do not sell personal data to third parties. We do not use customer data for advertising purposes outside the restaurant's own programme.

6

Third Parties

We share data with a limited number of trusted service providers:

  • Cloud hosting: our servers are hosted on AWS (Amazon Web Services) in the Asia Pacific region
  • WhatsApp messaging: win-back messages are sent via a WhatsApp Business API provider; your phone number is shared with them solely to deliver the message
  • Email delivery: transactional emails are sent via a third-party email service provider

All third-party providers are contractually bound to process data only as instructed and to maintain appropriate security standards.

7

Data Retention

  • Active restaurant account data is retained for the duration of the account plus 12 months
  • Customer loyalty data is retained for 24 months from the last visit, then deleted
  • Deleted accounts are purged from live systems within 30 days; backups are rotated within 90 days
8

Your Rights

Depending on your location, you may have rights including:

  • Access: request a copy of personal data we hold about you
  • Correction: request correction of inaccurate data
  • Deletion: request deletion of your data (subject to legal obligations)
  • Objection: object to processing for win-back campaigns
  • Portability: receive your data in a machine-readable format

To exercise any of these rights, email us at hello@wapas.me. We will respond within 30 days. For customers of a restaurant's programme, requests should be directed to that restaurant; we will assist as needed.

9

Security

We implement industry-standard security measures including encrypted data transmission (TLS), hashed passwords, access controls, and regular security reviews. No system is 100% secure. In the event of a data breach affecting your personal data, we will notify affected parties as required by law.

10

Children

The Wapas platform is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

11

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify restaurant account holders of material changes by email. Continued use of the service after a change constitutes acceptance of the updated policy.

12

Contact Us

For privacy-related queries, please contact our team at hello@wapas.me.

Get Started Free