NewPay-as-you-go with credits. Try Waslo for $9.See pricing

Data Processing Agreement

Last updated: May 29, 2026

This Data Processing Agreement ("DPA") forms part of the Terms of Service between Waslo ("Processor", "we", "us") operating at waslo.io and the customer ("Controller", "you") and governs the processing of personal data that Waslo carries out on your behalf when you use the Waslo platform. Where this DPA conflicts with the Terms of Service on the subject of data protection, this DPA prevails.

1. Roles of the Parties

You are the data controller and Waslo is the data processor. You determine the purposes and means of processing the personal data of your leads and customers; Waslo processes that data only to provide the service and only on your documented instructions, including those given through the dashboard and your configuration.

2. Subject Matter and Duration

Waslo processes personal data for the duration of your subscription and for the limited period afterwards described in Section 9. The subject matter is the operation of an AI agent that receives, answers, qualifies, and routes conversations across the channels you connect.

3. Nature and Purpose of Processing

  • Receiving and storing inbound messages from connected channels (WhatsApp QR and Cloud API, Telegram, Instagram, Messenger, Email/Outlook).
  • Generating AI replies, classifying leads, scheduling follow-ups, and booking appointments.
  • Retaining a per-lead memory and conversation history to provide continuity.
  • Producing analytics and operator notifications.

4. Categories of Data Subjects

Your leads, prospects, and customers who contact you on a connected channel, and your own team members who use the dashboard.

5. Types of Personal Data

Contact identifiers (phone number, email, social handle, name where provided), message content, conversation metadata (timestamps, channel, delivery status), lead classification and notes, and any personal data your customers voluntarily include in their messages. You must not use Waslo to process special categories of data (health, biometric, etc.) unless you have a lawful basis and have configured the service accordingly.

6. Sub-processors

You authorize Waslo to engage sub-processors to deliver the service. Current sub-processors include infrastructure and platform providers (e.g. hosting, database, and queue), the AI model provider used to generate replies and classifications, the transactional email provider, and the payment provider. Waslo imposes data-protection obligations on each sub-processor no less protective than those in this DPA and remains liable for their performance. We will give reasonable notice of any new sub-processor and give you the opportunity to object on reasonable data-protection grounds.

7. Security Measures

Waslo maintains technical and organizational measures appropriate to the risk, including encryption of credentials and channel tokens at rest (AES-256-GCM), encryption in transit (TLS), access controls and role-based permissions, tenant isolation by organization, account lockout and rate limiting, and audit logging. A fuller description is available in our Security page.

8. Confidentiality

Personnel authorized to process personal data are bound by confidentiality obligations.

9. Return and Deletion

On termination, or on your request, Waslo will delete or return your personal data within a reasonable period, save where retention is required by law. You may also trigger deletion yourself through the dashboard and the account deletion request flow.

10. Data Subject Rights and Assistance

Taking into account the nature of the processing, Waslo provides reasonable assistance to help you respond to data-subject requests (access, rectification, erasure, portability, objection) and to meet your obligations regarding security, breach notification, and data-protection impact assessments.

11. Personal Data Breaches

Waslo will notify you without undue delay after becoming aware of a personal data breach affecting your data, and will provide the information reasonably needed for you to meet your own notification obligations.

12. International Transfers

Where personal data is transferred across borders, Waslo relies on an appropriate transfer mechanism (such as the Standard Contractual Clauses) and applies supplementary measures where required.

13. Audits

Waslo will make available information reasonably necessary to demonstrate compliance with this DPA and will allow for and contribute to audits, including inspections, conducted by you or an auditor you mandate, subject to reasonable confidentiality and scheduling conditions.

14. Contact

Data-protection questions and requests under this DPA can be sent to hello@waslo.io.

This DPA is a standard processor agreement provided for transparency. For a signed DPA or enterprise terms, contact us at hello@waslo.io.