Legal

Privacy Policy

How we collect, use, and protect your data.

Effective: February 12, 2026

Bzzip ("we", "our", "us") operates a WhatsApp-First Unified Inbox platform for agencies. This Privacy Policy explains how we collect, use, and protect information when you use our service.

1. Information We Collect

Account Data

When you register, we collect your name, email address, and a securely hashed password. If you create or join an agency, we store your agency name and team role.

Conversation Data

Messages, contacts, and media files exchanged through connected platforms (WhatsApp, Instagram, Facebook, TikTok) are stored to provide the inbox service. This includes text messages, images, documents, and other media shared in conversations.

Platform Credentials

When you connect social accounts via OAuth, we store access tokens and refresh tokens. These credentials are encrypted at rest using Active Record Encryption and are never stored in plaintext.

Billing Data

Payments are processed by Stripe and MercadoPago. We store your subscription status, plan details, and invoice history. We never store credit card numbers on our servers — all card data is handled directly by the payment processor.

Usage Data

We collect analytics data through Google Analytics, including pages visited, features used, and general usage patterns. We also maintain server logs for security and debugging purposes.

Category Examples Stored Where
Account Name, email, hashed password Primary database
Conversations Messages, contacts, media Primary database + Active Storage
Credentials OAuth tokens (encrypted) Primary database (encrypted)
Billing Plan, invoices Stripe / MercadoPago
Analytics Page views, feature usage Google Analytics

2. How We Use Your Information

  • Provide, maintain, and improve the Bzzip platform
  • Process and deliver messages across connected platforms
  • Handle billing and subscription management
  • Send service-related communications and updates
  • Monitor and improve platform performance and security
  • Respond to support requests

3. Data Sharing

We share data only with the following categories of third parties, and only as necessary to provide the service:

  • Meta Platforms — WhatsApp, Instagram, and Facebook APIs require message data to deliver and receive messages on your behalf
  • Payment Processors — Stripe and MercadoPago process your billing information under their own privacy policies
  • Analytics — Google Analytics receives anonymized usage data to help us improve the platform

We never sell your data to third parties. We do not share your data with advertisers or data brokers.

4. Data Security

  • OAuth tokens and sensitive credentials are encrypted at rest using Active Record Encryption
  • All data in transit is protected with TLS (HTTPS)
  • Passwords are hashed using bcrypt with appropriate cost factors
  • Role-based access controls limit data access to authorized team members
  • Regular security audits using automated tools (Brakeman, bundler-audit)

5. Data Retention

We retain your data for as long as your account is active. When you delete your account or request data deletion, we remove your personal data within 30 days. Some data may be retained in backups for up to 90 days before being permanently deleted.

6. Your Rights

Depending on your jurisdiction (including rights under LGPD, GDPR, and CCPA), you may have the right to:

  • Access — Request a copy of the personal data we hold about you
  • Correction — Update or correct inaccurate personal data
  • Deletion — Request that we delete your personal data
  • Export — Receive your data in a portable format
  • Restrict Processing — Limit how we use your data in certain circumstances

To exercise any of these rights, contact us at tech@bzzip.com.

7. International Transfers

Our servers are located in the European Union (Hetzner, Germany). If you access the service from outside the EU, your data will be transferred to and processed in Germany. We ensure appropriate safeguards are in place for international data transfers in compliance with applicable laws.

8. Cookies

We use the following cookies:

  • Session cookies — Essential for authentication and maintaining your logged-in state
  • Google Analytics cookies — Used to understand how visitors interact with our website

You can control cookie preferences through your browser settings.

9. Children

Bzzip is not directed at individuals under 16 years of age. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 16, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you via email or a prominent notice on the platform at least 30 days before the changes take effect.

11. Contact Us

Privacy Questions

If you have questions about this Privacy Policy or how we handle your data, contact us at:

tech@bzzip.com