Privacy Policy — MattsApp

Last updated: 06.03.2025

1. Controller Information

MattsApp is operated by:
Mattelligence
Email: mattelligence@gmail.com

Mattelligence acts as data controller for the processing described herein.

2. Scope of the Service

MattsApp is a messaging automation platform that connects to WhatsApp Business Accounts and Instagram Business Accounts through Meta OAuth. It interacts using the official WhatsApp Cloud API and Instagram Graph API to automate responses to customers, manage comments, and run promotional campaigns.

3. Categories of Data Processed

3.1 Business Account Identifiers

When a business connects its accounts, we may process:

  • WhatsApp Business Account ID (WABA ID) and Phone Number ID

  • Instagram Business Account ID and Page ID

  • Business display name and public profile information

  • Webhook configuration identifiers

  • API access tokens

We do not access personal Facebook profiles or unrelated business assets.

3.2 Message and Comment Processing Data

MattsApp processes incoming WhatsApp messages and Instagram Direct Messages strictly for the purpose of generating automated replies and executing configured workflows.

MattsApp also processes Instagram comments for the purpose of:

  • Generating automated replies to comments

  • Detecting eligible participants in promotional campaigns (lotteries, quizzes)

  • Selecting winners and distributing promotional codes via Direct Message

Message and comment content is processed in real time for automation purposes. We do not use message or comment content for advertising, resale, or profiling.

3.3 Promotional Campaign Data

When a business runs a promotional campaign through MattsApp, we may process:

  • Instagram usernames of participants who commented

  • Comment content for quiz answer verification

  • Winner selection results

  • Promotional codes distributed

This data is used solely to execute the campaign configured by the business and is not retained beyond operational necessity.

3.4 Operational Metadata

We may collect limited technical metadata such as message delivery status, timestamps, and aggregated usage metrics. These metrics are anonymized and used solely to maintain and improve service reliability.

4. Purpose of Processing

Data is processed strictly to:

  • Send and receive WhatsApp messages via the official Cloud API

  • Send and receive Instagram Direct Messages via the Instagram Graph API

  • Read and respond to Instagram comments

  • Run automated promotional campaigns configured by the business

  • Manage automation workflows configured by the business

  • Maintain webhook subscriptions

  • Ensure operational stability

MattsApp does not initiate unsolicited marketing messages. The business remains responsible for ensuring lawful opt-in from end users where required by applicable platform policies.

5. Permissions Used

MattsApp uses the following official Meta permissions:

  • whatsapp_business_messaging — send and receive WhatsApp messages

  • whatsapp_business_management — manage WhatsApp Business account settings

  • public_profile — access public WhatsApp Business profile information

  • instagram_basic — access basic Instagram account information

  • instagram_manage_messages — read and send Instagram Direct Messages

  • instagram_manage_comments — read and respond to Instagram comments

  • instagram_content_publish — publish content for promotional campaigns

  • pages_show_list — access list of connected Facebook Pages

  • pages_read_engagement — read engagement data on Facebook Pages

  • pages_manage_metadata — manage webhook subscriptions for Pages

6. Legal Basis (GDPR)

Processing is based on:

  • Contractual necessity

  • Business authorization via Meta OAuth

  • Legitimate interest in service maintenance

7. Data Retention

We retain business account identifiers and configuration data while the service remains active. Message and comment content is not retained longer than operationally necessary unless required for system integrity or legal compliance. Promotional campaign data is deleted once the campaign is concluded. Businesses may request deletion at any time.

8. Data Sharing

Data is shared strictly with:

  • Meta (WhatsApp Cloud API and Instagram Graph API)

  • Infrastructure providers necessary to operate the platform

We do not sell data. We do not share data with advertisers.

9. International Transfers

Where third-party providers operate outside the EU, appropriate safeguards are implemented in accordance with applicable data protection law.

10. Security

We apply encrypted API communications, restricted system access, and minimal data processing principles to protect all data handled by MattsApp.

11. User Rights

Businesses may request access, correction, deletion, or export of their data at any time by contacting:

Mattelligence
Email: mattelligence@gmail.com