Last updated: 16.03.2026

Privacy Policy

1. Controller Information

MattsApp is operated by:
Mattelligence
Email: mattelligence@gmail.com

Mattelligence acts as data controller for the processing described herein.

2. Scope of the Service

MattsApp is a messaging automation platform that connects to WhatsApp Business Accounts and Instagram Business Accounts through Meta OAuth. It interacts using the official WhatsApp Cloud API and Instagram Graph API to automate responses to customers, manage comments, and run promotional campaigns.

3. Categories of Data Processed

3.1 Business Account Identifiers

When a business connects its accounts, we may process:

• WhatsApp Business Account ID (WABA ID) and Phone Number ID
• Instagram Business Account ID and Page ID
• Business display name and public profile information
• Webhook configuration identifiers
• API access tokens

We do not access personal Facebook profiles or unrelated business assets.

3.2 Message and Comment Processing Data

MattsApp processes incoming WhatsApp messages and Instagram Direct Messages strictly for the purpose of generating automated replies and executing configured workflows. MattsApp also processes Instagram comments for generating automated replies, detecting eligible participants in promotional campaigns, selecting winners, and distributing promotional codes via Direct Message. Message and comment content is processed in real time for automation purposes only. We do not use message or comment content for advertising, resale, or profiling.

3.3 Promotional Campaign Data

When a business runs a promotional campaign through MattsApp, we may process Instagram usernames of participants, comment content for quiz answer verification, winner selection results, and promotional codes distributed. This data is used solely to execute the campaign and is not retained beyond operational necessity.

3.4 Operational Metadata

We may collect limited technical metadata such as message delivery status, timestamps, and aggregated usage metrics. These metrics are anonymized and used solely to maintain and improve service reliability.

4. Purpose of Processing

Data is processed strictly to:

• Send and receive WhatsApp messages via the official Cloud API
• Send and receive Instagram Direct Messages via the Instagram Graph API
• Read and respond to Instagram comments
• Run automated promotional campaigns configured by the business
• Manage automation workflows configured by the business
• Maintain webhook subscriptions
• Ensure operational stability

MattsApp does not initiate unsolicited marketing messages. The business remains responsible for ensuring lawful opt-in from end users where required by applicable platform policies.

5. Permissions Used

MattsApp uses the following official Meta permissions:

• whatsapp_business_messaging — send and receive WhatsApp messages
• whatsapp_business_management — manage WhatsApp Business account settings
• public_profile — access public WhatsApp Business profile information
• instagram_basic — access basic Instagram account information
• instagram_manage_messages — read and send Instagram Direct Messages
• instagram_manage_comments — read and respond to Instagram comments
• instagram_content_publish — publish content for promotional campaigns
• pages_show_list — access list of connected Facebook Pages
• pages_read_engagement — read engagement data on Facebook Pages
• pages_manage_metadata — manage webhook subscriptions for Pages

6. Legal Basis (GDPR)

Processing is based on contractual necessity, business authorization via Meta OAuth, and legitimate interest in service maintenance.

7. Data Retention

We retain business account identifiers and configuration data while the service remains active. Message and comment content is not retained longer than operationally necessary unless required for system integrity or legal compliance. Promotional campaign data is deleted once the campaign is concluded. Businesses may request deletion at any time.

8. Data Sharing

Data is shared strictly with Meta (WhatsApp Cloud API and Instagram Graph API) and infrastructure providers necessary to operate the platform. We do not sell data. We do not share data with advertisers.

9. International Transfers

Where third-party providers operate outside the EU, appropriate safeguards are implemented in accordance with applicable data protection law.

10. Security

We apply encrypted API communications, restricted system access, and minimal data processing principles to protect all data handled by MattsApp.

11. User Rights

Businesses may request access, correction, deletion, or export of their data at any time by contacting:

Mattelligence
Email: mattelligence@gmail.com