Thank you for choosing GOWA. This Privacy Policy explains how GoSkylevel and Vezzur (together, "we," "us," or "our"), as joint data controllers, collect, use, store, share, and protect your personal information when you use the GOWA platform and services.
GOWA provides WhatsApp integration services for GoHighLevel (GHL), enabling businesses to send and receive WhatsApp messages through their GHL accounts.
This Privacy Policy applies to users worldwide and addresses the requirements of applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), and the Australian Privacy Act 1988.
By using GOWA, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our services.
1. Information We Collect
1.1 Account Information
When you register for GOWA, we collect the following personal information: your name, email address, payment and billing information (processed securely through our payment providers), GoHighLevel account and subaccount identifiers, and WhatsApp credentials where applicable for integration purposes.
1.2 Usage and System Data
We automatically collect certain technical and usage information, including login timestamps and API call records, device information (operating system, browser type, device identifiers), integration performance metrics, error logs, latency data, and diagnostic information, as well as workflow automation events and triggers.
1.3 WhatsApp Messaging Data
To provide our services, GOWA interacts with your WhatsApp account. We want to be clear about our data practices regarding message content:
We DO NOT read, analyse, store, or process the content of your WhatsApp messages except for temporary logs required by the WhatsApp Cloud API to facilitate message delivery. We collect only metadata necessary for service functionality, including timestamps, delivery and read receipts, message IDs, and sender/recipient identifiers.
We never sell, share, or monetise your customers' message content.
1.4 Cookies and Similar Technologies
We use only essential cookies that are strictly necessary for the operation of our platform. These cookies enable core functionality such as security, authentication, and session management. We do not use advertising, marketing, or tracking cookies.
2. How We Use Your Information
2.1 Service Delivery
We use your information to provide, maintain, and improve GOWA's services, including enabling WhatsApp messaging within GoHighLevel, synchronising messages between WhatsApp and GHL, automating workflows and triggers, delivering template messages, processing payments and managing subscriptions, and providing customer support and onboarding assistance.
2.2 Platform Operations
We also use your information to monitor and improve platform performance and reliability, detect, prevent, and address fraud, abuse, security incidents, or technical issues, ensure compliance with Meta/WhatsApp policies and applicable laws, and communicate important service updates and security alerts.
2.3 Marketing Communications
With your consent provided during registration, we may send you promotional communications about GOWA features, updates, and offers. Every marketing email includes an unsubscribe link, and you can opt out at any time without affecting your use of the service.
2.4 What We DO NOT Do With Your Data
We do not sell, rent, or trade your personal information. We do not use your data for advertising purposes. We do not share your information with unrelated third parties for their marketing purposes. We do not use your customers' message content for any purpose other than message delivery.
3. Legal Basis for Processing (UK/EU Users)
Under the UK GDPR and EU GDPR, we process your personal information based on the following legal grounds:
Processing necessary to provide the GOWA services you have subscribed to, including account management, message synchronisation, workflow automation, and customer support.
Processing necessary for our legitimate business interests, including fraud prevention, security monitoring, platform improvement, and analytics, where these interests are not overridden by your rights and freedoms.
Processing necessary to comply with applicable laws, including tax and accounting requirements, responding to lawful requests from authorities, and compliance with Meta/WhatsApp platform policies.
Where you have given explicit consent, such as for receiving marketing communications. You may withdraw consent at any time.
4. Data Sharing and Third-Party Services
4.1 Service Providers
We share personal information with trusted third-party service providers who assist in operating our platform. These providers include Meta (WhatsApp) for messaging infrastructure, GoHighLevel for CRM integration, payment processors such as Stripe and PayPal for secure payment processing, and cloud hosting providers for data storage and processing. These providers receive only the minimum data necessary to perform their specific functions and are contractually bound to protect your information.
4.2 Legal Requirements
We may disclose your information when required by law, in response to valid legal processes (such as court orders or subpoenas), to prevent fraud, abuse, or security threats, to protect the rights, property, or safety of GOWA, our users, or the public, or to enforce our terms of service.
4.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your personal information may be transferred to the acquiring entity. We will notify you of any such change and any choices you may have regarding your information.
5. International Data Transfers
GOWA is operated by GoSkylevel and Vezzur, both registered in the United Kingdom. Our servers and primary data processing facilities are located in the United Kingdom.
We do not transfer your personal data outside the United Kingdom except where necessary for service delivery through our third-party providers (such as Meta/WhatsApp or payment processors). Where such transfers occur, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office and the European Commission, transfers to countries with adequacy decisions, and other lawful transfer mechanisms.
We do not sell or share your personal data with third parties for their own purposes.
6. Data Retention
We retain your personal information only for as long as necessary to fulfil the purposes described in this Privacy Policy.
We retain your account information and associated data for as long as your account remains active and you continue to use our services.
Upon account closure or deletion request, we will delete your personal data within 72 hours. This includes all account information, usage data, and associated records.
Certain information may be retained longer where required by law, such as billing and tax records which must be kept for the period required by applicable tax authorities.
Temporary message metadata required for service operation is retained only for the minimum period necessary for message delivery and synchronisation.
7. Data Security
We implement industry-standard technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include encrypted connections using HTTPS and SSL/TLS protocols, secure server infrastructure with firewalls and intrusion detection, role-based access controls limiting data access to authorised personnel, continuous activity monitoring and audit logging, tokenised credential storage, and regular security assessments and updates.
While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security but are committed to maintaining appropriate safeguards.
8. Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay, providing information about the nature of the breach and steps you can take to protect yourself.
9. Your Privacy Rights
Depending on your location, you have certain rights regarding your personal information. We are committed to honouring these rights regardless of where you are located.
9.1 Rights for All Users
You can request a copy of the personal information we hold about you.
You can request correction of inaccurate or incomplete personal information.
You can request deletion of your personal information, subject to legal retention requirements.
You can request your data in a structured, commonly used, machine-readable format.
Where processing is based on consent, you can withdraw it at any time.
You can unsubscribe from marketing communications at any time using the link in our emails or by contacting us.
9.2 Additional Rights for UK/EU Users (GDPR)
π¬π§πͺπΊ UK & EU Rights
Right to Restriction: You can request restriction of processing in certain circumstances.
Right to Object: You can object to processing based on legitimate interests.
Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk.
9.3 Additional Rights for California Users (CCPA/CPRA)
πΊπΈ California Rights
Right to Know: You can request information about the categories and specific pieces of personal information we collect, use, and disclose.
Right to Delete: You can request deletion of your personal information.
Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
Notice of Collection: We collect the categories of personal information described in Section 1 of this Policy for the business purposes described in Section 2.
We do not sell or share your personal information as those terms are defined under the CCPA/CPRA. We do not use or disclose sensitive personal information for purposes other than those permitted by the CCPA/CPRA.
9.4 Rights for Canadian Users (PIPEDA)
π¨π¦ Canadian Rights
Canadian users have rights under PIPEDA to access their personal information, challenge its accuracy, and withdraw consent to collection, use, or disclosure (subject to legal or contractual restrictions). You may also file a complaint with the Office of the Privacy Commissioner of Canada.
9.5 Rights for Australian Users
π¦πΊ Australian Rights
Australian users have rights under the Privacy Act 1988 to access and correct their personal information. You may also lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe we have breached the Australian Privacy Principles.
9.6 Exercising Your Rights
To exercise any of these rights, please contact our Data Protection Team at [email protected]. We will respond to your request within the timeframes required by applicable law (generally within 30 days for GDPR requests and 45 days for CCPA requests). We may need to verify your identity before processing your request.
10. Age Requirements
GOWA is a business-to-business service. To use GOWA, you must be old enough to have a valid WhatsApp account in your jurisdiction (typically 16 years in the EU/UK and 13 years elsewhere, though we recommend users be at least 18 years old for business use). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately.
11. Automated Decision-Making
We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you without human involvement.
12. Third-Party Links and Services
Our platform may contain links to third-party websites or integrate with third-party services (such as GoHighLevel and WhatsApp). This Privacy Policy applies only to GOWA. We are not responsible for the privacy practices of third parties, and we encourage you to review their privacy policies before providing them with your personal information.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last Updated" date at the top of this Policy
- Post a notice on our website or within the GOWA platform
- For significant changes, send you an email notification
We encourage you to review this Privacy Policy periodically. Your continued use of GOWA after any changes indicates your acceptance of the updated Policy.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Data Protection Team
GOWA (a service of GoSkylevel and Vezzur)
Email: [email protected]
We aim to respond to all enquiries within 30 days.
15. Joint Data Controllers
GOWA is provided by GoSkylevel and Vezzur, both companies registered in the United Kingdom, acting as joint data controllers. This means both companies jointly determine the purposes and means of processing your personal information.
For all data protection matters, including exercising your rights, please contact our Data Protection Team at [email protected]. Your request will be handled regardless of which controller you contact.