Your data. Your customers.
None of our business to sell.

ComDove (Stacx24 IT Pvt. Ltd.) (“ComDove”, “we”, “our”) is a company registered in Gautam Buddha Nagar, Uttar Pradesh, India (CIN: U62099UP2024PTC207663; GSTIN: 09ABOCS0885R1Z6). We operate a WhatsApp Business platform for small and medium businesses. This policy explains what personal data we collect, how we use it, and the choices you have.

We collect three categories of data:

• Account data — your name, work email, phone number, company name, GSTIN (if applicable), and billing address.
• Customer data — contacts you upload, messages you send and receive through WhatsApp, and the labels and notes your team attaches to them.
• Usage data — IP address, browser type, pages visited, and feature interactions. Used for security, debugging, and improving the product.

• To deliver the platform — send messages, route replies, and surface analytics.
• To bill you and issue GST-compliant invoices via Razorpay.
• To provide customer support in English and Hindi.
• To detect fraud, abuse, and policy violations.
• To send service announcements. Marketing emails are opt-in.

ComDove is built on top of the WhatsApp Business Platform provided by Meta. When you send messages, they are routed through Meta's infrastructure and are subject to Meta's own terms and privacy practices. We do not control how Meta processes messages in transit.

We share data only with vendors needed to run the service:

• Meta (WhatsApp Business Platform) — message delivery.
• Razorpay — payment processing and GST invoicing.
• AWS (Mumbai region) — hosting and data storage.
• Email and analytics providers under data-processing agreements.

Customer data is stored in AWS data centres in the Mumbai region (ap-south-1). Backups are encrypted and retained for 30 days. Some operational metadata may be processed in other regions where our sub-processors operate.

We keep account data for as long as you have an active subscription, and for up to 24 months after cancellation for tax and audit purposes. You can request earlier deletion of your account at any time — see our Data Deletion policy for the process and timelines.

You can, at any time:

• Access the personal data we hold about you.
• Correct inaccurate data through your account settings.
• Export your contacts and message history as a CSV.
• Request deletion of your account and associated data, subject to legal retention requirements.

To exercise any of these rights, email privacy@comdove.com.

We encrypt data in transit (TLS 1.2+) and at rest (AES-256). Access to production systems is restricted, logged, and reviewed quarterly. We run regular vulnerability scans and engage independent penetration testers annually.

ComDove is a business tool and is not directed at children under 18. We do not knowingly collect personal data from children.

We may update this policy as the product evolves. Material changes will be notified by email or in-app at least 14 days before they take effect. The “Last updated” date at the top of this page reflects the most recent revision.