Privacy Policy

Privacy Policy

Effective Date: 2025-01-01

Last Updated: 2025-01-01

ShinHQ (“we,” “our,” “us”) provides software and services that enable businesses (“Clients”) to integrate with WhatsApp, SMS, email, and other digital messaging platforms to communicate with their customers. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use our services, websites, and related tools (collectively, the “Services”).

1. Scope

This Privacy Policy applies to:

  • Client Data: Information we process on behalf of our Clients when they use our integrations.
  • End-User Data: Information belonging to the customers, leads, or contacts of our Clients, transmitted through messaging platforms.
  • Visitor Data: Information from individuals who visit our websites or interact with us directly.

2. Information We Collect

We may collect the following categories of information:

a. Information from Clients

  • Business contact details (name, email, phone number, billing details).
  • Account credentials and configuration settings for integrations.

b. Information from End-Users (on behalf of Clients)

When End-Users interact with a Client via WhatsApp, SMS, or another platform integrated with our Services, we may process:

  • Message content (text, images, audio, video, documents).
  • Identifiers such as phone numbers, usernames, or profile names.
  • Metadata such as timestamps, delivery receipts, read receipts, and device information (as provided by the platform).

c. Information from Visitors

  • IP address, browser type, operating system, and device identifiers.
  • Website usage information (cookies, analytics, session data).
  • Contact details when submitting forms, signing up for newsletters, or requesting demos.

3. How We Use Information

We use the information collected to:

  • Provide, operate, and improve our Services.
  • Authenticate and authorize Client access.
  • Deliver and route messages between Clients and their End-Users.
  • Monitor system performance, security, and fraud prevention.
  • Provide customer support and technical assistance.
  • Send service-related communications and updates.
  • Comply with legal obligations.

4. Legal Basis for Processing (for EEA/UK Users)

Where applicable under the GDPR/UK GDPR, we rely on the following bases:

  • Contractual necessity: Processing data to provide our Services to Clients.
  • Legitimate interests: Ensuring the security, availability, and improvement of our Services.
  • Consent: For optional marketing or cookies.
  • Legal compliance: Meeting regulatory or court obligations.

5. How We Share Information

We may share information with:

  • Messaging platforms (e.g., WhatsApp, Telegram, SMS carriers) as required to deliver messages.
  • Service providers who assist with hosting, analytics, support, or payment processing.
  • Authorities when required by law or to protect rights, safety, or prevent fraud.
  • Business transfers: In case of a merger, acquisition, or sale of assets.

We do not sell personal information to third parties.

6. Data Retention

  • Client account and configuration data are retained as long as necessary to provide the Services and comply with legal requirements.
  • Message content may be temporarily stored for delivery, error handling, or backup, and then deleted in accordance with platform requirements and Client settings.
  • Clients may configure their own data retention periods where applicable.

7. Security

We implement technical and organizational measures to protect personal information, including encryption, access controls, monitoring, and secure hosting environments. However, no system is completely secure, and Clients remain responsible for securing their own endpoints and accounts.

8. International Transfers

We may transfer data across borders, including outside the EEA, UK, or other regions. Where required, we use appropriate safeguards such as Standard Contractual Clauses (SCCs) or rely on adequacy decisions.

9. Rights of Individuals

Depending on your location, you may have the right to:

  • Access and receive a copy of your personal data.
  • Correct inaccurate or incomplete data.
  • Delete your personal data.
  • Object to or restrict processing.
  • Data portability.
  • Withdraw consent at any time (for consent-based processing).

End-Users should contact the Client (the business they messaged) directly to exercise their rights, as we act as a data processor on behalf of Clients.

10. Cookies and Tracking

We use cookies and similar technologies on our websites for functionality, analytics, and marketing. You may adjust your browser settings to refuse cookies, but some features may not work properly.

11. Children’s Privacy

Our Services are not directed to children under 16 (or the age defined by local law). We do not knowingly collect information from children.

12. Client Responsibilities

Clients are responsible for:

  • Providing adequate notice to End-Users regarding how their data is processed.
  • Obtaining necessary consents from End-Users where required.
  • Complying with all applicable data protection and communication laws when using our Services.

13. Changes to this Policy

We may update this Privacy Policy from time to time. Updates will be posted on this page with a revised “Last Updated” date. Material changes may be notified to Clients directly.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

ShinHQ

Seocho-gu Gangnamdae-ro 51 gil 10, B1 106-208-ho, Seoul-si, Republic of Korea, 06627

compliance@shinhq.com