Privacy Policy

HaloDesk Privacy Policy


1. Introduction

Welcome to HaloDesk (“we,” “us,” or “our”).

HaloDesk is a WhatsApp Marketing and Automation Platform that enables businesses to manage customer engagement, automate chat workflows, and run communication campaigns using WhatsApp.

We value your privacy and are committed to protecting your personal data in compliance with:

  1. The Protection of Personal Information Act (POPIA) of South Africa,
  2. The General Data Protection Regulation (GDPR) of the European Union, and
  3. Meta’s WhatsApp Business and Data Use Policies.


This Privacy Policy explains how we collect, use, share, and protect your information when you use the HaloDesk platform, website, and related services (“Service”).


2. Scope and Application

This Privacy Policy applies to:

  1. Visitors to our website (www.halodesk.net),
  2. Registered users of the HaloDesk SaaS platform,
  3. Businesses, agencies, and their clients who use the Service,
  4. End customers who interact with HaloDesk-powered WhatsApp messages and chatbots.


By using HaloDesk, you consent to the practices described in this Privacy Policy.


3. Information We Collect

We collect information to provide and improve our services. The data we collect falls into three categories:

3.1 Information You Provide

When registering or using our services, you may provide:

  1. Account information (name, email address, phone number, business name, password).
  2. Billing and payment information (credit/debit card, VAT/tax details, billing address).
  3. Support or contact data (messages, inquiries, feedback).
  4. Custom configurations (chatbot flows, campaign templates, message content).


3.2 Automatically Collected Information

When you use HaloDesk or interact with WhatsApp integrations, we automatically collect:

  1. Device and browser data (IP address, operating system, browser type, device identifiers).
  2. Usage and analytics data (log files, clickstream, access times, page views, API calls).
  3. Cookies and tracking data (to enhance session management and analytics).


3.3 Information from Third Parties

We may receive limited information from:

  1. Meta / WhatsApp Business API — message delivery data, webhook events, status updates.
  2. Payment processors — transaction confirmations, billing metadata.
  3. CRM or integration partners — if you link HaloDesk with external tools (e.g., HubSpot, Zapier).


4. How We Use Collected Information

We use personal and technical information for the following lawful purposes:

Purpose Legal Basis (GDPR)
To create and manage user accountsContractual necessity
To deliver and maintain our servicesContractual necessity
To send WhatsApp messages via APILegitimate interest / Consent
To process billing and paymentsContractual necessity
To provide customer support and updatesLegitimate interest
To improve platform functionalityLegitimate interest
To comply with legal obligations (POPIA/GDPR)Legal obligation
To detect and prevent fraud or abuseLegitimate interest


We do not sell, rent, or trade personal data to third parties for marketing purposes.


5. WhatsApp and Meta Compliance

HaloDesk integrates with the official WhatsApp Business API provided by Meta Platforms, Inc.

Accordingly:

  1. HaloDesk acts as a data processor, processing message and contact data solely on behalf of its customers.
  2. You, as a HaloDesk user, are considered the data controller, responsible for obtaining appropriate consent from your message recipients.
  3. Messages, media, and contact data are processed securely via Meta’s encrypted API endpoints.
  4. HaloDesk adheres to Meta’s WhatsApp Business Policy, Commerce Policy, and Data Processing Terms.


If Meta or WhatsApp suspends or restricts access to a number or account, HaloDesk is not liable for resulting disruptions.


6. Cookies and Tracking Technologies

HaloDesk uses cookies, local storage, and similar technologies to:

  1. Maintain session login states,
  2. Track usage analytics,
  3. Improve performance and personalization.


You can manage cookie preferences via your browser settings. Disabling cookies may limit certain functionality.


7. Data Retention

We retain personal data only for as long as necessary to:

  1. Fulfill the purposes outlined in this policy,
  2. Comply with applicable legal and accounting obligations, and
  3. Resolve disputes.


Retention periods vary by data type:

  1. Account data: retained while your account is active.
  2. Message logs: retained for up to 90 days for diagnostics, unless extended by the user.
  3. Billing records: retained for at least 5 years (POPIA and tax compliance).


You may request deletion of data at any time (see Section 11).


8. Data Sharing and Disclosure

We may share your information only with:

  1. Authorized employees and contractors who require access to perform their duties.
  2. Third-party processors providing hosting, payment, analytics, or customer support (all under confidentiality and data processing agreements).
  3. Meta / WhatsApp, for message delivery and API compliance.
  4. Regulatory authorities, if required by law or subpoena.


We do not share customer contact lists or message data with any advertisers or external parties for unrelated purposes.


9. Data Security

We employ industry-standard security measures, including:

  1. Encryption in transit (TLS 1.2+) and at rest (AES-256),
  2. Role-based access control,
  3. Firewall and intrusion detection systems,
  4. Regular penetration testing and data backups.


While we take all reasonable steps to protect your data, no system is 100% secure. You acknowledge this inherent risk when transmitting information online.


10. International Data Transfers

HaloDesk may process and store data on servers located in multiple regions (e.g., South Africa, EU, UK, or AWS data centers).

Where data is transferred across borders:

  1. We ensure equivalent protection levels under GDPR Article 46 and POPIA Chapter 9.
  2. Standard Contractual Clauses (SCCs) are applied where required.


11. Your Data Protection Rights

Depending on your jurisdiction, you have the following rights:

Right Description
AccessRequest a copy of your personal data we hold.
CorrectionRequest correction of inaccurate or incomplete information.
DeletionRequest deletion of your personal data (“right to be forgotten”).
RestrictionRequest limitation of processing under certain conditions.
PortabilityReceive data in a structured, machine-readable format.
ObjectionObject to certain processing (e.g., direct marketing).
Withdraw ConsentWithdraw previously given consent without affecting prior lawful processing.


To exercise these rights, contact us at privacy@halodesk.net.


We may verify your identity before fulfilling requests.


12. Children’s Privacy

HaloDesk does not target or knowingly collect data from individuals under 18 years of age. If we become aware of such data collection, it will be deleted promptly.


13. Data Processing Roles

  1. HaloDesk (Processor): Processes data on behalf of its users.
  2. HaloDesk Users (Controllers): Determine the purpose and means of processing their customers’ data.
  3. Meta / WhatsApp (Independent Controller): Processes messages for transmission through their platform.


All parties share responsibilities under respective data protection laws.


14. Third-Party Services

HaloDesk may include integrations or links to third-party applications or APIs (e.g., Meta, OpenAI, Stripe, Zapier).

Use of these services is subject to their own privacy policies.

We are not responsible for the content, practices, or security of third-party services.


15. Marketing and Communication

We may send administrative or service-related emails (e.g., account alerts, invoices).

Marketing emails are sent only with your consent, and you may unsubscribe at any time.

HaloDesk does not send marketing messages to your WhatsApp contacts unless initiated by you as a user.


16. Changes to This Policy

HaloDesk reserves the right to update or modify this Privacy Policy at any time.

Material updates will be announced via:

  1. Email notification, or
  2. Platform dashboard notice.


The “Last Updated” date will reflect the most recent revision. Continued use of the Service after updates constitutes acceptance.


17. Contact Information

For questions, concerns, or data requests, please contact:

HaloDesk Privacy Office

📧 Email: privacy@halodesk.net | 🌐 Website: https://www.halodesk.net

📍 Address: Unit 1 Monaco Square, 14 Church Street, Durbanville, Cape Town, South Africa


18. POPIA and GDPR Representative

  1. South Africa (POPIA): HaloDesk (PTY) LTD, Information Officer – Gary Irwin
  2. EU/UK (GDPR): HaloDesk EU Representative – Gary Irwin


19. Acceptance

By creating an account, using our platform, or engaging with HaloDesk-powered communication tools, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.