← Back to SendLedger
Legal

Privacy Policy

Your privacy matters to us. This policy explains what data we collect, why we collect it, and how we protect it — in plain English.

Last updated: March 7, 2025

1. Overview

This Privacy Policy ("Policy") describes how Zelvaa, operating as SendLedger ("we," "us," or "our"), collects, uses, stores, and shares information when you use our platform at sendledger.zelvaa.com and any associated services (collectively, the "Service").

We are committed to protecting your privacy and complying with applicable data protection laws, including India's Digital Personal Data Protection Act (DPDPA) 2023.

🔒
Our core commitment: We do not sell your personal data to third parties. We only share data as necessary to provide the Service.

2. Who We Are

SendLedger is a B2B SaaS platform developed and operated by Zelvaa, a company registered in India. We help businesses manage customer communication via WhatsApp, powered by Meta's WhatsApp Business Cloud API.

For the purposes of data protection law, Zelvaa is the Data Fiduciary (controller) of the personal data you provide to us.

3. Data We Collect

We collect the following categories of data depending on how you interact with SendLedger:

A. Account & Registration Data

  • Full name and email address
  • Company name and business details
  • Phone number (when provided)
  • Microsoft / Azure authentication tokens (via Microsoft CIAM)
  • Role and access level within your organisation

B. Customer Data You Upload

  • Customer names, email addresses, and phone numbers
  • Country codes and any other fields in your uploaded CSV files
  • File metadata (file name, upload date, record count)

Important: You are the Data Fiduciary for your customers' data. You are responsible for obtaining their consent before uploading their information to SendLedger.

C. Usage & Technical Data

  • IP address and browser/device information
  • Pages visited and actions taken on the platform
  • Login timestamps and session identifiers
  • Error logs and diagnostic data

D. Meta / WhatsApp Integration Data

  • Meta User ID and Facebook access tokens (when you connect your account)
  • WhatsApp Business Account ID and phone number ID
  • OAuth authorisation codes returned by Meta
  • Message delivery status and timestamps

4. How We Use Your Data

We use the data we collect for the following purposes:

PurposeLegal Basis
Providing and operating the ServiceContractual necessity
Processing WhatsApp messages via Meta APIContractual necessity
Authentication and account securityLegitimate interest
Sending transactional and service emailsContractual necessity
Detecting and preventing fraud or abuseLegitimate interest
Improving platform features and UXLegitimate interest
Compliance with legal obligationsLegal obligation
Sending product updates (if opted-in)Consent

5. Third-Party Services

SendLedger integrates with the following third-party platforms. Each provider has its own privacy practices:

☁️Microsoft Azure (CIAM)

Used for user authentication and identity management. Microsoft processes your login credentials and issues access tokens.

Microsoft Privacy Statement →
💬Meta (WhatsApp & Facebook SDK)

Used to send WhatsApp Business messages and for embedded Business Login. Meta receives OAuth tokens, message content, and delivery metadata.

Meta Privacy Policy →
🔷Microsoft Azure Functions & App Services

Our backend API and file processing services are hosted on Microsoft Azure infrastructure in accordance with Microsoft's data processing terms.

Azure Legal →

We do not sell your personal data to any third party. We may share anonymised, aggregated analytics data that cannot reasonably identify you.

6. Cookies

SendLedger uses the following types of cookies and local storage:

  • Essential cookies: Required for authentication sessions and security (set by Microsoft CIAM and our own platform)
  • Facebook SDK cookies: Set by the connect.facebook.net script to support WhatsApp Business Login. These include the fr and xs cookies set by Meta
  • Local storage: We store your session information (e.g., sendledger_user, accessToken) in your browser's local storage for persistent login

We do not use advertising or tracking cookies. You can clear cookies at any time through your browser settings, though this will log you out of the platform.

7. Data Retention

We retain your data for the following periods:

  • Account data: For as long as your account is active, plus 30 days after account deletion to allow for recovery
  • Customer lists you upload: Until you delete them from the platform, or 90 days after account termination
  • Message logs: Up to 12 months for compliance and troubleshooting purposes
  • Technical & diagnostic logs: Up to 90 days

After these periods, data is securely deleted or anonymised. You may request earlier deletion by contacting us at support@zelvaa.com.

8. Data Security

We implement industry-standard security measures to protect your data, including:

  • HTTPS/TLS encryption for all data in transit
  • Encryption at rest for sensitive data stored on Azure
  • Role-based access control (RBAC) within our platform
  • Microsoft Azure CIAM for secure authentication (no passwords stored by us)
  • Regular security reviews and access audits

While we take all reasonable precautions, no system is completely secure. If you suspect a security breach, please notify us immediately at support@zelvaa.com.

9. Your Rights

Under India's DPDPA 2023 and other applicable laws, you have the following rights regarding your personal data:

👁️Access

Request a copy of the personal data we hold about you

✏️Correction

Request correction of inaccurate or incomplete data

🗑️Erasure

Request deletion of your personal data ("right to be forgotten")

📦Portability

Receive your data in a structured, machine-readable format

🚫Objection

Object to processing based on legitimate interests

↩️Withdraw Consent

Withdraw consent at any time where processing is based on it

To exercise any of these rights, please email support@zelvaa.com with your request. We will respond within 30 days.

10. Children's Privacy

SendLedger is a business platform intended for users aged 18 and above. We do not knowingly collect personal data from individuals under 18. If you believe a minor has provided us with their data, please contact us immediately and we will delete it.

11. International Transfers

Your data may be processed on servers located outside India, including within Microsoft Azure's global infrastructure and Meta's servers. By using SendLedger, you consent to these transfers.

We ensure that any international transfer of data is safeguarded by appropriate contractual measures or the data processor's certification under recognised frameworks.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page
  • Notify you via email or an in-app banner
  • Where legally required, seek your explicit consent

We encourage you to review this Policy periodically. Continued use of the Service after changes take effect constitutes acceptance of the revised Policy.

13. Contact Us

For any privacy-related questions, requests, or complaints, please contact our Privacy team:

🏢Zelvaa (operating as SendLedger)
📧support@zelvaa.com
🌐India

We take all privacy inquiries seriously and aim to respond within 30 business days.

📋 Read our Terms & Conditions →← Back to Home