SwiftMsg
Log inGet Started

Privacy Policy

Effective date: 15 May 2026

This Privacy Policy explains how SwiftMsg (“SwiftMsg”, “we”, “us”) collects, uses, discloses, and safeguards information when you use our WhatsApp bulk-messaging and campaign platform (the “Service”). SwiftMsg is registered in South Africa and is governed by South African law, including the Protection of Personal Information Act, 2013 (POPIA). Where the laws of another jurisdiction grant you broader rights, those rights also apply.

We try to keep this document short and readable. If anything is unclear, write to hello@swiftmsg.io.

1. Who we are

SwiftMsg is a software-as-a-service product that helps small and medium businesses send personalised WhatsApp messages at scale. For the purposes of POPIA, we are the responsible party for your account information and an operator for the contact lists and message content you upload — you remain the responsible party for those.

2. Information we collect

  • Account data — full name, email, phone number, hashed password. Used to authenticate you and contact you about the Service.
  • Workspace data — workspace name, billing settings, the WhatsApp Business credentials you connect (access tokens are encrypted at rest with workspace-scoped pgcrypto keys), and your Paystack customer reference.
  • Contact data you upload — names, phone numbers, and custom fields for the people you intend to message. You are responsible for the lawful basis for uploading these and for honouring opt-outs.
  • Message content and delivery metadata — templates, the rendered messages we send on your behalf, delivery status, and replies received through the WhatsApp Business webhook.
  • Payment data — Paystack handles your card details directly. We receive the transaction reference, amount, channel, and last-4 digits for receipts.
  • Device and log data — IP address, browser user-agent, and timestamps for security and audit purposes.

3. How we use it

  • To deliver and operate the Service.
  • To bill you and prevent fraudulent payments.
  • To detect and stop abuse, spam, and policy violations.
  • To respond to support requests.
  • To comply with legal obligations and lawful requests.

We do not sell your data, use it for behavioural advertising, or train AI models on your contacts or message content.

4. Lawful processing under POPIA

We process personal information in line with POPIA's conditions for lawful processing, including:

  • Accountability — we take responsibility for how personal information is processed through the Service.
  • Processing limitation — we only process information that is necessary for the Service and for lawful business purposes.
  • Purpose specification — we collect and use information for clear, specific, and legitimate purposes.
  • Consent and contract — to provide the Service you signed up for and for optional features you enable.
  • Security safeguards — to protect data, prevent fraud, detect abuse, and maintain service integrity.
  • Legal obligation — record-keeping required by South African law.

5. Subprocessors

We rely on a small number of carefully chosen providers:

  • Supabase — database, authentication, and storage.
  • Hetzner — hosting and edge delivery.
  • Meta Platforms Ireland Ltd. — WhatsApp Business Cloud API for delivering messages.
  • Paystack — payment processing for top-ups.
  • Google — Sign-in with Google OAuth and, where enabled, AI features powered by the Gemini API.

Each subprocessor is contractually bound to protect your data consistent with this policy.

6. Retention

  • Workspace data — while your account is active, plus 90 days after closure for billing and legal records.
  • Message logs — 12 months from send date.
  • Authentication and security logs — 6 months.
  • Encrypted database backups — 30 days.

You can request earlier deletion at hello@swiftmsg.io; we will comply unless a legal obligation requires us to retain a record.

7. Your rights

Under POPIA and similar laws you may:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Request deletion (subject to legal retention limits).
  • Export your data in a portable format.
  • Withdraw consent at any time.
  • Lodge a complaint with the Information Regulator of South Africa.

To exercise any of these, email hello@swiftmsg.io. We respond within 30 days.

8. International transfers

Our subprocessors may operate data-centre regions outside South Africa. Where personal information is transferred outside South Africa, we rely on appropriate safeguards, including contractual protections, consent where required, or confirmation that the recipient is subject to laws or rules that provide adequate protection for personal information. We choose providers with strong security and privacy track records.

9. Cookies

The Service uses first-party cookies strictly necessary for authentication (your login session) and a preference cookie for the active workspace. We do not use third-party tracking or advertising cookies on the dashboard.

10. Security

We encrypt data in transit (TLS) and at rest, and we encrypt your WhatsApp access tokens with workspace-scoped keys before they touch our database. Access to production systems is limited and audited.

No system is perfectly secure. If you discover a vulnerability, please disclose it responsibly to hello@swiftmsg.io.

11. Children

The Service is intended for businesses and the adults who operate them. It is not directed to children under 18 and we do not knowingly collect data from them.

12. Changes

We may update this policy. Material changes will be announced in-app and the effective date above will be updated. Continued use after a change constitutes acceptance.

13. Contact

Questions, requests, or concerns? hello@swiftmsg.io.

Back to the SwiftMsg home page.