Privacy Policy


Last modification: March 2024.

Your privacy is important to WhatSender ("WhatSender" or "we") and is essential for our service. This Privacy Policy explains what personal data we collect, why, what we do with your personal data, and how we use it. Likewise, this Privacy Policy explains under what conditions we process personal data, as in some cases, we act as the data controller for the information of our users or other individuals linked to our website, and in other cases, as a data processor on behalf of our users.

1. Introduction

This Privacy Policy aims to inform you about the conditions and procedures for the collection, use, and disclosure of personal data in relation to our service. WhatSender offers its users a mass messaging service via WhatsApp (the "Service"). Therefore, this Privacy Policy establishes the conditions for the processing of personal data by WhatSender: (i) when you use our Services ("User") or when you access and browse our website ("Website"); and (ii) when, in order to provide our Service, we process on behalf of the User personal data related to the User's communication, including personal data of the recipient ("Recipient").

WhatSender will process personal data in accordance with the European Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of individuals concerning the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC ("GDPR"), Organic Law 3/2018 of December 5, on the Protection of Personal Data and Guarantee of Digital Rights ("LOPD"), and other applicable laws on data protection.

We recommend that before using our Service or browsing our Website, you read this Privacy Policy carefully.

2. Processing of Users' Personal Data by WhatSender (as Data Controller)

Data ControllerWhatSender
Website tincluding all subdomains or sections operated by WhatSender

Purposes for which we use users' personal data and legal basis:

Provide and manage our Service - Contractual performance
Improve the Service and prevent fraud and abuse - Legitimate interest
Send you information about our Service - Legitimate interest and consent, as applicable
Respond to inquiries, requests, and claims - Contractual performance, legitimate interest, or consent, as applicable
Understand the use of our Website and improve it through non-functional cookies - Consent
Rights of the data subject:If you are a user of the Service or the Website, you can request that we provide you with information about the personal data we collect from you, as well as request that we delete or correct any inaccuracies. You can also ask us to restrict or limit the processing or transfer of your personal data, as well as request that we provide you with your personal data so you can use it for your own purposes. You can direct your request to
Additional Information:
For more information about our Website or our Service, you can review our Terms and Conditions or our Cookie Policy.

Section 2.1:This section explains the processing of users' personal data by WhatSender as the data controller, i.e., when WhatSender decides on the purposes and means of processing that personal data. This only applies to user data used by WhatSender to provide the Service, with all the functionalities available at any given time, including ancillary activities such as account maintenance and billing, or to the information collected from users who access and browse the Website. This does not include communications sent by users through the Service and related data, which will only be processed in accordance with Section 3.

2.2. WhatSender may process personal data of Users on the Website in the following cases and for the purposes and periods indicated below:

For the provision of the Service, WhatSender may process personal data of Users provided by them when installing or contracting the Service, such as name, email address, language preferences, location for proper price/currency display, payment data, as well as other data or information from Users derived from the provision of the Service.
These personal data are used by WhatSender for the following purposes:
- Provide the Service and carry out the maintenance and management of the contractual relationship.
- Manage and improve the Service.
- Respond to requests, suggestions, or complaints regarding the Service.
- Send the User the information they have requested.
- Send communications and updates related to the Service.
- Comply with applicable regulations in each case.
- Respond to requests or requirements of public authorities.

The legal basis for processing the above data is the execution of the contractual relationship between the User and WhatSender for the provision of the Service, as well as WhatSender's legitimate interest in informing Users about the Service, unless Users notify WhatSender that they do not wish to receive commercial communications, as well as in improving the Service and preventing fraud and abuse.

The personal data of Users will be processed by WhatSender during the contractual relationship and, subsequently, for the legal period required by applicable regulations, depending on the case.
By using cookies, with respect to Website visitors, in order to offer the functionalities of the Website and to understand the use of the Website and improve its functioning, as described in our Cookie Policy.
When we use cookies for the purposes described in our Cookie Policy, we do so based on the prior consent in accordance with applicable regulations. Website users can accept or reject all our cookies or selectively accept some and reject others through our consent manager.
WhatSender will store the usage information of cookies and your IP as provided in the Cookie Policy.
To respond to requests, suggestions, or complaints. Personal data received by WhatSender through the means provided for this purpose are used exclusively to respond to inquiries, suggestions, or complaints sent by Users or users who access and browse the Website.
The purpose of processing this personal data is to manage inquiries, suggestions, or complaints and carry out their subsequent follow-up, based on the fulfillment of a contractual relationship or, where applicable, WhatSender's legitimate interest in managing the response to these requests and improving the Service.
WhatSender will keep the information for as long as necessary to address inquiries, suggestions, or complaints and carry out their subsequent follow-up. Likewise, WhatSender may retain personal data for the periods necessary to comply with applicable legal obligations.

To participate in selection processes published on the Website. When WhatSender receives personal data from job candidates through the means provided on the Website, it will use this identifying, academic, professional, and profile data, along with data provided during the selection process, to manage those selection processes.
In these cases, the legal basis for processing personal data will be the application of pre-contractual measures at the request of the data subject.
Personal information will only be kept for the duration of the corresponding selection process.

2.3. Duration. The period for which personal data will be retained or the criteria used to determine that period are indicated in each of the cases set out above in Section 2.2 of this Privacy Policy. Additionally, personal data will be retained for the periods required by applicable regulations.

2.4. The above-mentioned personal data may be accessed by data processors of WhatSender, i.e., our service providers, when necessary and solely for the purpose of managing the corresponding service provision. To ensure that personal data receive an adequate level of protection, WhatSender will enter into agreements with third parties with whom personal data is shared, requiring them to treat personal data consistently and in compliance with data protection regulations.

We may also provide personal data to competent judicial or administrative authorities when necessary to comply with any applicable legislation or regulations.

2.5. In general, User's personal data will be stored in the European Economic Area (EEA) (i.e., the Member States of the European Union, Norway, Iceland, and Liechtenstein). However, some of the aforementioned service providers may be located outside the EEA, in which case WhatSender will ensure that personal data is stored and transferred securely. These transfers will be made, depending on the case, on one of the bases permitted by European data protection regulations, either the transfer to a country where the European Commission has established its adequacy with respect to data protection levels or through data transfer agreements that incorporate the standard contractual clauses accepted by the European Commission in accordance with Article 46.2.c) of the GDPR.

2.6. The User or data subject, as appropriate according to the cases set out in section 2.2 above, has the right to request a copy of any personal information we hold about them in our records, to correct any inaccuracies, and to update outdated information. You can also request the deletion of your personal data when, among other reasons, they are no longer necessary for the purposes for which they were collected or, where appropriate, request the portability of your data. In certain circumstances, you may request the limitation of the processing of your data or object to the processing of your data. WhatSender will cease processing the data, except for compelling legitimate reasons, or the exercise or defense of potential claims. Likewise, you have the right to withdraw your consent at any time when this is the legal basis for the processing of your personal data.

The above rights can be exercised by contacting WhatSender by sending an email to

In accordance with the GDPR, when requests are manifestly unfounded or excessive, especially due to their repetitive nature, WhatSender may charge a reasonable fee based on the administrative costs incurred to provide the requested information or communication or to take the requested action, without prejudice to the possibility of refusing to act.

The User or data subject, as appropriate, may also seek assistance from the Spanish Data Protection Agency at

If at any time the User or data subject, as appropriate, wishes to stop receiving commercial communications from WhatSender, they may request this by sending an email to

3. Processing of personal data related to communications to Recipients on behalf of Users by WhatSender (as Data Processor)

3.1. This section details the processing of personal data related to communications to Recipients, carried out by WhatSender on behalf and following the instructions of the Users. In these cases, WhatSender acts as the data processor since the purposes and means for processing personal data are determined by the User, and WhatSender only accesses the data at the User's request and to provide the Service. WhatSender does not act as the data controller with respect to personal data related to communications to Recipients.

3.2. The provision of the Service on behalf of the User may involve WhatSender accessing and processing personal data related to communications to the Recipient, for the purposes established by the User. WhatSender will have access to the following data:

Information necessary to identify the emails sent through the Service:
- Email address
- Email subject
- Message content, temporarily, only when necessary to provide the Service and only during the transmission of data through our Service, until the effective delivery of the email
- Date and time the email was sent
- Name of the document, in the "Advanced documents" functionality
- Document, in the "Advanced documents" functionality

Information provided by the Service:
- Confirmation of email open
- Message content, temporarily, only when necessary to provide the Service and only during the transmission of data through our Service, until the effective delivery of the email
- Email open history (number, date, and time)
- Number of links included in the email
- Text and URL of these links
- Click history (number, date, and time) on the links contained in the email
- Email recipient's open history (number, date, time, and reading time) of the document (in the "Advanced documents" functionality)
- IP address, browser, and operating system used by the person who clicked on the link or downloaded the document
- Recipient's signature (with the signature request functionality)
- Unsubscribe from campaigns (with the campaign unsubscribe functionality)

The processing of the mentioned personal data is carried out solely for the provision of the Service within the terms and duration indicated in the Service Conditions and always under the User's instructions.

3.3. Consequently, WhatSender:

(i) will not process personal data related to communications to the Recipient for purposes other than providing the Service requested by the User and will not transfer such data, even for storage, to unauthorized third parties;

(ii) will process personal data related to communications to the Recipient following the User's instructions. When WhatSender becomes aware that the instructions given by the User violate data protection regulations, WhatSender will immediately inform the User;

(iii) will promptly notify the User if it becomes aware of any data security breach and will provide all relevant details;

(iv) will ensure that authorized persons within WhatSender who process personal data related to communications to the Recipient are committed to confidentiality or are subject to a legal obligation of confidentiality;

(v) taking into account the nature of the processing, will assist the User through appropriate technical and organizational measures, as far as possible, in complying with the Users' obligations to respond to data subject requests established in Chapter III of the GDPR. To this end, WhatSender will promptly notify the corresponding User, through the email provided as a contact in their account, of the requests it receives. In any case, it will be the User's responsibility to handle and respond to requests for the exercise of rights, although in fulfilling the above, WhatSender will follow the instructions provided by the User;

(vi) will take all necessary measures in accordance with Article 32 of the GDPR (security of processing);

(vii) will assist the User in fulfilling their obligations under Articles 32 to 36 of the GDPR, taking into account the nature of the processing and the information available to WhatSender, including, among other things:

- at the User's choice, WhatSender will delete or return to the User all personal data related to communications to the Recipient once the Service is completed, unless applicable regulations require data retention; and
- will make available to the User all necessary information to demonstrate compliance with the obligations set out in Article 28 of the GDPR and will allow and contribute to audits, including inspections, carried out by the User or by an auditor authorized by the User.

3.4. WhatSender will not subcontract third parties for processing operations that may involve access to personal data related to communications to the Recipient without the User's authorization.

In this regard, the following sub-processors of the data will be considered authorized by the User:

- Google Services: Google Apps
- Stripe

3.5. WhatSender will ensure the confidentiality of personal data related to communications to Recipients, even after the termination of the Service.

3.6. In cases where the User is in a country outside the EEA and, as a result of the service provided, international data transfers of personal data are carried out by WhatSender, and the adequacy of data protection levels in the country to which the data is transferred has not been confirmed by the European Commission, the so-called Standard Contractual Clauses contained in Commission Implementing Decision (EU) 2021/914 of June 4, 2021 ("SCC") between WhatSender and the User will apply, completed as follows:

(i) Only Module Four will be applied.
(ii) Clause 7 will not apply.
(iii) The optional paragraph of Clause 11 will not apply.
(iv) With respect to Clause 17, the SCC will be governed by Spanish law.
(v) Regarding Clause 18, the applicable jurisdiction for future disputes arising from the SCC will be that of Spain, and to the extent possible, that of Barcelona.
(vi) The information in Annex I will be deemed completed with the information contained in this Privacy Policy.
3.7. The User is the data controller for personal data of the Recipients or any other type in the context of communications sent through the Service, subject to the scope of the GDPR (taking into account that processing activities exclusively for domestic purposes are excluded from the GDPR), or any other applicable regulations. The User will be the sole party defining the purposes and means of processing such personal data, and it should be understood that WhatSender does not process personal data related to communications to Recipients for its own purposes but only uses them to provide the Service on behalf of the User. Consequently, the User must comply with the obligations applicable under data protection regulations, as appropriate in each case, including, where applicable, the obligations related to obtaining the consent of data subjects and informing them about the processing of their data as a result of using the Service. The User, not WhatSender, will be solely responsible for fulfilling these obligations.

4. Use of WhatsApp APIs

WhatSender's use of information received through the WhatsApp API implies the User's adherence to WhatsApp API User Data Policy.

5. Exclusion from WhatSender's Service by Recipients

If you are a Recipient of emails sent through WhatSender's Service and wish to exercise any rights under the GDPR, please be aware that you should contact the User of WhatSender who sent you the email. The User sending the email is the one who determines the recipient, content, and purpose of the communication, and therefore, according to the regulations, they are the ones responsible and obligated to comply with your rights. For the same reason, the User in question is the only one in a position to make decisions regarding the rights of Recipients whose data is being processed. WhatSender is merely the provider of the Service.

In any case, at WhatSender, we are committed to safeguarding and protecting privacy and provide you with the email to assist you in forwarding your requests to the corresponding User. Likewise, we will assist the User, in their capacity as the data controller, in fulfilling their obligations regarding the exercise of your rights. However, please note that the response and compliance will ultimately depend on the User.