WhatsApp Business CRM

Turn WhatsApp into your sweetest sales channel

delaCRM helps your team run broadcasts, automate replies, and manage every customer conversation on WhatsApp — all from one delightfully simple inbox.

• ✓ Built on the official WhatsApp Business API
• ✓ Go live in 10 minutes
• ✓ No-code campaigns & automations

Everything you need to grow on WhatsApp

From bulk campaigns to one-to-one conversations, delaCRM gives your team the tools to scale customer communication responsibly.

Get started in three steps

Most teams go live on the WhatsApp Business API with delaCRM in about 10 minutes.

Privacy Policy

Last updated: 16/06/2026

This Privacy Policy explains how HaiTech ("delaCRM", "we", "us" or "our") collects, uses, shares, and protects information when you visit our website, use our WhatsApp Business CRM platform (the "Service"), connect optional integrations such as Google, or otherwise interact with us. By using the Service you agree to the practices described below.

1. Who we are

HaiTech, a company registered in Israel with its principal place of business at Tel Aviv, Israel, is the data controller of personal information collected through our website and Service, except where we act as a data processor on behalf of our business customers (see Section 6).

2. Information we collect

We collect the following categories of information:

a) Information you provide to us

• Account information: name, business name, email, phone number, password, billing details.
• Communications: messages you send to support, demo requests, survey responses.
• Business content: contacts, message templates, campaign content, and conversation data that you or your customers send through the Service.

b) Information collected automatically

• Usage data: pages viewed, features used, clicks, timestamps, referring URLs.
• Device data: IP address, browser type, operating system, device identifiers.
• Cookies and similar technologies: session cookies, authentication tokens, and limited analytics cookies. You can control cookies through your browser settings.

c) Information from WhatsApp / Meta

• WhatsApp Business Account ID, phone number ID, display name, message-status webhooks, and delivery/read receipts that Meta sends to us when your customers interact with you over WhatsApp.
• The content of messages exchanged between you and your end-customers via WhatsApp, which we process on your behalf to deliver the Service.

d) Information from Google (optional integration)

• If you choose to connect Google, we receive an OAuth access token and the data needed for the features you enable — your Google Calendar list and events, and the Google Sheets/Drive files you explicitly open or create with the Service. See Section 7 for full details and our Limited Use commitments.

3. How we use information

• To provide, operate, and improve the Service.
• To send and receive WhatsApp messages on behalf of our business customers.
• To authenticate users, prevent fraud, and secure the Service.
• To provide customer support and respond to inquiries.
• To send service-related communications (e.g., billing, security alerts, product updates).
• To comply with legal obligations and enforce our Terms of Service.
• To send marketing communications about delaCRM, where permitted — you can opt out at any time.

We do not sell personal information, and we do not use WhatsApp message content or Google user data for advertising.

4. Legal basis for processing (GDPR / UK GDPR)

Where the GDPR or UK GDPR applies, we rely on the following legal bases:

• Performance of a contract — to provide the Service you have signed up for.
• Legitimate interests — to secure, improve, and market our Service in ways that do not override your rights.
• Consent — for optional cookies, marketing emails, optional integrations such as Google, and where required by law.
• Legal obligation — to comply with applicable laws (tax, accounting, law enforcement requests).

5. How we share information

We share personal information only as described below:

• Service providers / sub-processors: cloud hosting, analytics, email delivery, payment processing, and customer support tools that act on our instructions under written data-processing agreements.
• Meta Platforms, Inc. and WhatsApp Ireland Ltd.: as required to deliver WhatsApp messages and operate the WhatsApp Business API.
• Google LLC: where you connect the Google integration, to authenticate you and call the Google APIs you have authorized. Our use of Google data is also governed by Section 7.
• Our business customers: if you message a business that uses delaCRM, your messages, phone number, and profile information will be visible to that business, which is the controller of that conversation.
• Legal & safety: to comply with legal process, enforce our terms, or protect rights, property, or safety.
• Corporate transactions: in connection with a merger, acquisition, or sale of assets, subject to standard confidentiality obligations.

6. WhatsApp & Meta platform data

delaCRM is built on top of the WhatsApp Business Platform provided by Meta. When you use the Service to message your customers:

• We act as a data processor for our business customers with respect to the contact lists and message content they send through the Service.
• Messages sent via WhatsApp are subject to WhatsApp's Privacy Policy and WhatsApp Business Messaging Policy.
• We only send marketing or promotional messages to end-users who have given their prior opt-in consent to the business sending the message.
• We do not use Meta platform data for any purpose other than providing the Service, and we do not transfer Meta platform data to data brokers, ad networks, or other third parties for advertising or marketing purposes.

7. Google user data and Google API Services

delaCRM offers optional integrations that let you connect your Google account so the Service (and our AI assistant) can manage your Google Calendar and the Google Sheets/Drive files you choose. delaCRM's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

• Scopes we request: Google Calendar — view your calendar list and create, edit, and delete events (calendar.events, calendar.calendarlist.readonly); and Google Drive access limited to the specific files you open or create with the Service (drive.file). We do not request access to your full Drive.
• How we use it: solely to provide the calendar and spreadsheet features you request — for example, creating an event or writing to a sheet on your instruction. We do not use Google user data for advertising and we do not sell it.
• Limited Use: we only transfer Google user data to others if necessary to provide or improve these features, to comply with applicable law, or as part of a merger or acquisition. We do not allow humans to read your Google data unless (a) you give explicit consent for specific data, e.g., when contacting support; (b) it is necessary for security purposes or to comply with applicable law; or (c) the data has been aggregated and anonymized.
• Storage & revocation: Google OAuth tokens are encrypted at rest. You can revoke delaCRM's access at any time from your Google Account permissions page, or by contacting us, after which we delete the associated tokens.

8. Data retention

We retain personal information for as long as necessary to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. WhatsApp conversation data is retained for the duration of your subscription plus a short backup period of up to 90 days, after which it is permanently deleted, unless a longer period is required by law. Account data is deleted within 30 days of an account closure or deletion request, subject to the exceptions described in Section 10.

9. Security

We protect personal information using a combination of administrative, technical, and physical safeguards, including encryption in transit (TLS), encryption at rest for sensitive fields (including OAuth tokens), strict access controls based on the principle of least privilege, regular security testing, and continuous monitoring. No system is 100% secure; if you believe your account has been compromised, please contact us immediately at [email protected].

10. Your rights

Depending on where you live, you may have the right to:

• Access the personal information we hold about you.
• Correct information that is inaccurate or incomplete.
• Delete your personal information (see also Data Deletion Instructions below).
• Restrict or object to certain processing activities.
• Receive your information in a portable format.
• Withdraw consent at any time where processing is based on consent.
• Lodge a complaint with your local data protection authority.

To exercise any of these rights, contact us at [email protected]. We will respond within the timeframes required by applicable law (typically within 30 days).

11. International data transfers

We may transfer personal information to countries other than the one in which you reside, including to the United States and India where some of our service providers and sub-processors are located. Where required, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses to protect your information.

12. Children's privacy

The Service is intended for businesses and is not directed at children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

13. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by prominent notice in the Service before the changes take effect. The "Last updated" date at the top of this policy reflects the most recent revision.

14. Contact us

If you have any questions about this Privacy Policy or our data practices, contact us at:

HaiTech
Attn: Privacy / Data Protection Officer
Tel Aviv, Israel
Email: [email protected]
General support: [email protected]

Data Deletion Instructions

Last updated: 16/06/2026

delaCRM respects your right to control your personal information. This page explains how to request deletion of the data we hold about you, in accordance with the WhatsApp Business Platform requirements and applicable privacy laws (including the GDPR and CCPA).

Who can request deletion?

• delaCRM account holders — businesses with a delaCRM account.
• End-customers who have exchanged WhatsApp messages with a business that uses delaCRM.

What information to include in your request

• The WhatsApp phone number(s) the request relates to.
• The name of the business you messaged (if you are an end-customer).
• A short description of what you want deleted (account, messages, contacts, connected Google data, all data, etc.).
• An email address we can use to confirm your identity and reply to.

How to submit a request

You can submit a deletion request using any of the following channels:

1. Email: Send your request to [email protected] with the subject "Data Deletion Request".
2. In-app (account holders): Sign in to your delaCRM dashboard → Settings → Account → Delete account. This will trigger permanent deletion of your workspace and all associated data.
3. Postal mail: HaiTech, Attn: Data Protection Officer, Tel Aviv, Israel.

What happens next

1. We acknowledge your request within 3 business days.
2. We verify your identity (we may ask you to confirm from the email associated with the account or the WhatsApp number).
3. We permanently delete your personal information from our active systems within 30 days of verification, and from backups within an additional 90 days.
4. We send you a written confirmation once deletion is complete.

Revoking connected Google access

If you connected a Google account, you can disconnect it at any time from your Google Account permissions page, or by emailing us. Revoking access deletes the OAuth tokens we hold for your account.

Information we may retain

We may retain a limited amount of information after deletion if required to comply with legal obligations (e.g., tax and accounting records), resolve disputes, prevent fraud and abuse, or enforce our Terms of Service. Any such retained information is kept securely and for the minimum period required by law.

If you messaged a business that uses delaCRM

Where a business is the controller of the conversation, we will forward your deletion request to that business and assist them in honoring it. You may also contact the business directly. To stop receiving WhatsApp messages from a business at any time, reply STOP to any of its messages — this is the fastest way to opt out.

Questions

For any questions about this process, email [email protected].

Get in touch

We'd love to show you what delaCRM can do for your business.

Email: [email protected]

Address: Tel Aviv, Israel

Company: HaiTech, registered in Israel

Request a demo