1. Who We Are
Company: WebOrigin
MSME Registration: MSME: UDYAM-DL-02-0118375
Contact: contact.weborigin@gmail.com
Address: Business correspondence is handled electronically through the contact channels listed below.
Last Updated: June 2026
WebOrigin is an AI-powered WhatsApp communication platform for educational institutes and businesses. We act as a data processor on behalf of our customers (organizations) and are a data fiduciary with respect to account data you provide directly to us.
2. Data We Collect
| Category | Data Collected | Source | Purpose |
|---|---|---|---|
| Account data | Name, email, phone number, organization name | Registration | Account management |
| Billing data | UPI transaction reference, payment screenshots | Manual payment submission | Payment verification |
| WhatsApp credentials | Meta Phone Number ID, access token | Embedded Signup | WhatsApp API connection |
| Usage data | Message counts, token usage, storage usage | Platform activity | Billing and limits enforcement |
| End user conversation data | WhatsApp messages to/from end users | WhatsApp API webhook | AI response generation |
| Knowledge Base content | Documents uploaded by organization | User upload | AI training for that organization |
| Lead data | End user name, phone, interest | AI conversation extraction | CRM functionality |
| Analytics data | Aggregate metrics on conversations and leads | Platform activity | Dashboard analytics |
| Log data | API request logs, error logs | Platform operation | Security and debugging |
3. Data We Do NOT Collect
- ✓We do not collect end user Aadhaar, PAN, or national ID
- ✓We do not collect end user financial information
- ✓We do not sell your data to third parties
- ✓We do not use your organization's training content to train shared AI models
- ✓We do not share end user conversation data across institutes
- ✓We do not monitor end user academic performance directly
4. How We Use Your Data
- Account management: Creating and maintaining your WebOrigin account
- Service delivery: Powering AI responses, lead capture, and bulk messaging
- Billing: Processing payments and applying plan limits
- Platform improvement: Aggregate usage analysis (anonymised)
- Security: Monitoring for abuse, fraud, and compliance violations
- Legal compliance: Meeting obligations under applicable Indian law
5. Third-Party Services and Data Sharing
| Service | Purpose | Data Shared | Policy |
|---|---|---|---|
| Meta (WhatsApp) | Sending/receiving WhatsApp messages | Phone number ID, message content | Meta Privacy Policy |
| Google (Gemini API) | AI response generation | Conversation text | Google Privacy Policy |
| Supabase | Database hosting and authentication | All platform data | Supabase Privacy Policy |
| Razorpay | Payment processing (when available) | Billing data | Razorpay Privacy Policy |
6. End User Data Provisions
When organizations use WebOrigin:
- End User WhatsApp conversations are stored per the organization's retention configuration.
- End User lead data (name, phone, interests) is stored in the organization's CRM.
- End User data is isolated to the organization's workspace — never shared with other organizations.
- WebOrigin processes End User data as a DATA PROCESSOR on behalf of the organization.
- The organization is the DATA CONTROLLER for their End Users' data.
- Organizations are responsible for obtaining appropriate consents from End Users.
See Appendix A (Coaching Institutes Addendum) below for vertical-specific provisions.
7. Data Retention
| Data Type | Default Retention | Configurable? |
|---|---|---|
| Account data | Duration of account | Yes — delete on account closure |
| Conversation data | 90 days | Yes — Deep Privacy Mode available |
| Lead data | Duration of account | Yes — admin can delete individual leads |
| Billing records | 7 years | No — statutory requirement |
| Usage events | 12 months rolling | No |
| Log data | 30 days | No |
8. Your Rights Under DPDP Act 2023
Under the Digital Personal Data Protection Act, 2023 (India):
- Right to access — Request a copy of your data held by WebOrigin
- Right to correction — Request correction of inaccurate data
- Right to erasure — Request deletion of your data (subject to retention requirements)
- Right to withdraw consent — Withdraw consent for processing not legally required
- Right to grievance redressal — Raise a complaint with our Grievance Officer
How to exercise rights: Email contact.weborigin@gmail.com with your request. We respond within 15 business days.
Grievance Officer
Name: Sunder
Role: Sole Proprietor, WebOrigin
Email: contact.weborigin@gmail.com
Response time: 15 business days
10. Changes to This Policy
We will notify you of material changes via email and dashboard notification. Continued use of WebOrigin after the effective date constitutes acceptance of the updated policy.
Appendix A: Coaching Institutes Addendum
When Coaching Institutes use WebOrigin, the following specific provisions apply in addition to the core policies:
- Student Data: "End Users" refers to students and parents/guardians.
- Academic Data: We do not monitor student academic performance directly outside of platform interactions.
- Consents: Coaching institutes are responsible for obtaining appropriate consents from students and parents/guardians, particularly for minors as required under the DPDP Act.
- Minors: For students under 18, parental/guardian consent may be required. Institutes must not use WebOrigin for behavioural targeting of minors.
Contact for Privacy Questions: contact.weborigin@gmail.com · WebOrigin · MSME: UDYAM-DL-02-0118375
WebOrigin is an independent software provider. Not affiliated with or endorsed by Meta Platforms, Inc.