.svg)
WeNext.ai ("WeNext", "we", "our", or "us") is a WhatsApp-first conversational commerce and revenue platform operated by PhotonX Technologies Private Limited. WeNext enables businesses to manage customer conversations, automate marketing campaigns, sync leads from third-party platforms, and integrate with CRM, ecommerce, logistics, payment, and advertising tools — all from a single platform.
This Privacy Policy explains how we collect, use, store, share, and protect data obtained through our website, platform, and all third-party API integrations including but not limited to Meta, WhatsApp, Facebook, Instagram, LinkedIn, Google, and other connected services.
By using WeNext.ai, you agree to the practices described in this Privacy Policy.
- Business name, owner name, and contact details
- Email address and phone number
- Login credentials (passwords stored as bcrypt hashes; never in plain text)
- Billing address and payment information (processed via PCI-compliant payment gateways; we do not store full card numbers)
- Business category, GST number, and company size (optional, for onboarding)
- WhatsApp Business Account (WABA) IDs and Phone Number IDs
- Message template content and approval metadata
- Message delivery reports, read receipts, and error codes
- Customer phone numbers and conversation history (as initiated or received by the business)
- Meta Business Manager IDs and Ad Account IDs
- Click-to-WhatsApp (CTWA) ad performance data: impressions, clicks, cost, conversions
- Facebook Page IDs connected by the business
- Instagram Business Account IDs connected by the business
- Instagram Direct Message metadata (where applicable and authorised)
We do not collect or store personal Facebook or Instagram profile data of end users such as friends lists, personal photos, gender, birthday, or relationship status.
- Lead Gen Form submissions: name, email, phone number, company, job title, and any other fields the member explicitly consented to share on the Lead Gen Form
- LinkedIn Ad Account IDs and Campaign IDs
- LinkedIn campaign performance metrics: impressions, clicks, spend, leads generated
- OAuth access tokens (encrypted, used solely to make authorised API calls on behalf of the connected client)
- Basic profile data for WeNext platform users who sign in via LinkedIn OpenID Connect: name, email, profile picture
We do not collect LinkedIn member data beyond what is explicitly submitted through a LinkedIn Lead Gen Form. We do not access LinkedIn connections, messages, endorsements, or personal profile information of any LinkedIn member.
- Google Ads account IDs and campaign performance data
- Google Calendar events and availability (where client connects Google Calendar)
- Google My Business profile data (where integrated)
- OAuth tokens scoped strictly to the permissions granted by the client
When a client connects a third-party tool to WeNext, we access only the data required to perform the integration. This includes but is not limited to:
- CRM platforms (Salesforce, HubSpot, LeadSquared, Zoho, AiTrillion, and similar): contact records, lead status, pipeline stage, notes, and tags — synced bidirectionally as configured by the client
- Ecommerce platforms (Shopify, WooCommerce, and similar): order data, product catalogue, customer records, abandoned cart data, and fulfilment status
- Payment platforms (PayTabs, KPay, Razorpay, and similar): transaction IDs, payment status, and order references — we do not store full card or bank account numbers
- Logistics and delivery platforms (Rapido, Dunzo, Shiprocket, and similar): delivery order IDs, pickup/drop addresses, rider assignment status, and delivery status updates
- Vertical-specific platforms (Pet Pooja and similar POS/ERP tools): order data, menu items, customer records, and transaction history as required for the integration use case
- Calendar and scheduling tools (Google Calendar, Calendly, and similar): appointment slots, event metadata, attendee details as shared by the client
- Automation platforms (Zapier, Make, Pabbly Connect, and similar): webhook payloads and data passed through automation workflows configured by the client
- Analytics and marketing platforms (Klaviyo, MoEngage, Yotpo, and similar): contact lists, campaign performance data, and event triggers as configured
- IP address, browser type, operating system, and device identifiers
- Pages visited, features used, and session duration within the WeNext platform
- API request logs (retained for debugging and security purposes)
- Error logs and crash reports
We collect and process data for the following purposes:
- To provide WhatsApp Business API messaging, campaign management, and automation features
- To enable Click-to-WhatsApp (CTWA) ad creation and performance tracking via Meta Ads API
- To sync leads from LinkedIn Lead Gen Forms and trigger automated WhatsApp follow-up messages on behalf of business clients
- To display ad performance from Meta Ads, Google Ads, and LinkedIn Ads within the WeNext dashboard
- To sync customer and order data between connected CRM, ecommerce, and logistics platforms
- To enable appointment booking and calendar management via connected calendar tools
- To process and track payments and delivery orders via connected payment and logistics platforms
- To send automated WhatsApp notifications (order confirmations, delivery updates, appointment reminders, payment receipts) on behalf of business clients to their customers
- To analyse usage patterns and improve WeNext features
- To troubleshoot bugs, errors, and performance issues
- To conduct internal research and develop new integrations
- To send essential service notifications, billing alerts, and system updates
- To respond to support requests and inquiries
- To comply with applicable laws, regulations, and platform API terms
- To detect and prevent fraud, abuse, and unauthorised access
- Enabling WhatsApp Business onboarding via Meta Embedded Signup Flow
- Syncing and managing message templates via WhatsApp Cloud API
- Sending and receiving WhatsApp messages on behalf of authorised business clients
- Managing and reporting on Meta ad campaigns for business clients who have connected their Meta Ad Account
- Managing Facebook Page and Instagram Business Account integrations where connected by the client
- Target advertising to end users on any platform outside of what the client explicitly configures
- Build personal profiles of end users beyond what is required for the client's customer management
- Sell, transfer, or license Meta platform data to any third party
- Combine Meta data with data from other platforms for any purpose not disclosed in this policy
Lead Sync API: Lead Gen Form submissions (name, email, phone, company, and any other fields the member consented to share). Used exclusively to sync leads to the client's WeNext CRM and trigger WhatsApp follow-up messages.
Marketing API: Ad account IDs, campaign IDs, and performance metrics. Used to display LinkedIn ad performance in the WeNext dashboard for the connected client.
Share API: OAuth-scoped access to post on behalf of the authenticated platform user. Used only when the client explicitly initiates a share action.
OpenID Connect: Name, email, and profile picture of WeNext platform users who choose to sign in with LinkedIn. Used for authentication only.
- We do not sell, transfer, or share LinkedIn member data with any third party other than the business client who owns that lead
- We do not use LinkedIn data for advertising targeting on any other platform
- We do not build profiles of LinkedIn members beyond what is necessary for the lead follow-up use case
- We do not scrape or aggregate LinkedIn data beyond what is returned by authorised API calls
- We do not combine LinkedIn member data with data from other sources without explicit consent from the data subject
- We do not retain LinkedIn member data beyond the period required for the client's lead management workflow
- We do not sell, transfer, or share LinkedIn member data with any third party other than the business client who owns that lead
- We do not use LinkedIn data for advertising targeting on any other platform
- We do not build profiles of LinkedIn members beyond what is necessary for the lead follow-up use case
- We do not scrape or aggregate LinkedIn data beyond what is returned by authorised API calls
- We do not combine LinkedIn member data with data from other sources without explicit consent from the data subject
- We do not retain LinkedIn member data beyond the period required for the client's lead management workflow
We collect and process data for the following purposes:
When a client connects a third-party tool to WeNext, they explicitly authorise WeNext to access data from that tool on their behalf. We access only the minimum data necessary to perform the requested integration.
- We sync contact records, lead data, and pipeline updates bidirectionally as configured by the client
- CRM data is used solely to power WhatsApp automation, lead follow-up, and reporting within WeNext
- We do not modify CRM data without explicit client instruction or automation rules set by the client
- We access order data, product catalogue, and customer records to power order notifications, abandoned cart recovery, and customer support automation via WhatsApp
- We do not store payment card data from ecommerce platforms
- We access transaction IDs, payment status, and order references to trigger WhatsApp payment confirmation messages
- We do not store full card numbers, CVVs, or bank account credentials
- Payment processing is handled entirely by the payment gateway; WeNext receives only the result of the transaction
- We access delivery order IDs, pickup and drop addresses, rider assignment status, and delivery status updates to trigger WhatsApp delivery notifications on behalf of the business client to their customers
- Address data received from logistics integrations is used solely for notification purposes and is not retained beyond the delivery lifecycle
- We access order data, menu or product data, customer records, and transaction history as required to enable WhatsApp order notifications, confirmations, and customer communication for the specific business use case
- Data from these integrations is used solely within the scope of the business client's WeNext account
- Webhook payloads sent to WeNext via automation platforms are processed and stored only as long as required to execute the configured automation
- Clients are responsible for ensuring that data passed through automation workflows complies with applicable data protection laws
- We access appointment slots, event metadata, and attendee details only as authorised by the client to enable WhatsApp appointment reminders and booking confirmations
- We do not access calendar data beyond what is required for the specific automation configured by the client
- We sync contact lists, event triggers, and campaign performance data as configured by the client to enable cross-channel marketing automation
- Data shared with these platforms is subject to those platforms' own privacy policies in addition to this policy
We do not sell user data or client data under any circumstances.
We share data only in the following limited and necessary circumstances:
AWS (Amazon Web Services) processes and stores all platform data on our behalf under a Data Processing Agreement. AWS operates under strict contractual data protection obligations and may not use our data for any purpose other than providing infrastructure services.
When clients connect third-party platforms (Meta, LinkedIn, Google, Shopify, Salesforce, Rapido, Pet Pooja, and others), data is transmitted to those platforms as required to perform the integration. Each such transmission is authorised by the client when they connect the platform.
Clients access only their own data within the WeNext platform. One client cannot access another client's data. Client data is logically isolated at the account level.
We may disclose data if required by law, court order, government authority, or to protect the rights, property, or safety of WeNext, our clients, or others. We will notify affected clients of such disclosure to the extent permitted by law.
In the event of a merger, acquisition, or sale of assets, user data may be transferred to the acquiring entity. We will provide notice before such transfer and ensure the acquiring entity is bound by equivalent data protection obligations.
- Business account data is retained for as long as the account is active or as required by applicable law
- LinkedIn lead data is retained for a maximum of 24 months or until deletion is requested by the client or the lead subject
- WhatsApp message logs are retained for 12 months by default; clients may configure shorter retention periods
- Ecommerce and order data is retained for 24 months or as required for tax and legal compliance
- Logistics and delivery data is retained for 90 days following delivery completion
- Usage and technical logs are retained for 90 days
- Upon account termination, all client data is deleted within 30 days
- Clients may request immediate deletion of specific data by contacting support@photonxtech.com
We employ the following security measures:
- Encrypted data transmission: TLS 1.2 and TLS 1.3 for all data in transit
- Encrypted data storage: AES-256 for all data at rest
- API keys and secrets stored in AWS Secrets Manager; never hardcoded or logged
- SHA-256 hashing for queryable phone number lookups
- PII masking in application and CloudWatch logs
- AWS VPC network isolation and security groups
- Role-based access control with least-privilege principles
- Multi-factor authentication for internal admin access
- Periodic security audits and vulnerability assessments
- Automated alerts for unusual access patterns
In the event of a data breach that affects client or end-user data, we will notify affected parties within 72 hours of becoming aware of the breach to the extent required by applicable law.
Users and data subjects (including LinkedIn lead subjects, WhatsApp contacts of business clients, and end customers of integrated ecommerce and logistics platforms) may request:
- Access: a copy of the personal data we hold
- Correction: rectification of inaccurate or incomplete data
- Deletion: erasure of personal data (subject to legal retention requirements)
- Portability: data in a structured, machine-readable format
- Withdrawal of consent: at any time, without affecting prior lawful processing
- Objection: to processing based on legitimate interests
- Restriction: of processing in specific circumstances
To exercise any right, contact privacy@photonxtech.com. We will acknowledge requests within 5 business days and complete them within 30 days.
The WeNext platform uses:
- Session cookies: required for authentication and platform functionality
- Analytics cookies: to understand feature usage and improve the platform (can be opted out)
- No third-party advertising cookies are placed by WeNext on our platform
We do not use cookies to track end users (customers of our business clients) across other websites.
WeNext.ai is a business-to-business platform intended solely for use by registered businesses and professionals. We do not knowingly collect data from individuals under the age of 18. If we become aware that a minor has provided personal information, we will delete it within 7 days.
WeNext is operated from India. Data is stored on AWS infrastructure, which may involve transfers to servers located outside India. All such transfers are conducted under appropriate safeguards including Standard Contractual Clauses or equivalent mechanisms where required by applicable law.
WeNext.ai operates in compliance with:
- Meta Platform Terms and Developer Policies
- WhatsApp Business Policy
- LinkedIn API Terms of Service
- LinkedIn Marketing Developer Platform Agreement
- Google API Services User Data Policy
- Information Technology Act, 2000 (India)
- Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
- Digital Personal Data Protection Act, 2023 (India) — DPDP Act
- General Data Protection Regulation (GDPR) principles for international users
- Applicable RBI guidelines for payment data handling
This Privacy Policy may be updated periodically to reflect new regulations, platform API integrations, product features, or legal requirements. Updates will be posted at this same URL. For material changes, we will notify active clients by email at least 14 days before the change takes effect. Continued use of WeNext after the effective date of an update constitutes acceptance of the updated policy.
For all privacy, compliance, and data-related inquiries:
General privacy : privacy@photonxtech.com
Legal and compliance : legal@photonxtech.com
Support and deletion : support@photonxtech.com
Registered entity :
PhotonX Technologies Private Limited
Hyderabad, Telangana, India
Platform:
WeNext.ai — app.wenext.ai
© 2026 PhotonX Technologies Private Limited. All rights reserved.
This policy is effective from October 2025 and was last updated March 2026.
.svg)
