Privacy Policy

1. Introduction

Infini Reach ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our messaging gateway service.

By using Infini Reach, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Name and email address
• Phone number associated with your messaging gateway
• Company name (if applicable)
• Billing information and payment details
• Account credentials (encrypted passwords)

2.2 Message Data

To provide the messaging service, we process:

• Message content (text, images, files)
• Sender and recipient phone numbers
• Message timestamps and delivery status
• Message type (WhatsApp or SMS)
• Delivery receipts and read status

2.3 Device Information

We collect information about devices connected to your account:

• Device model and manufacturer
• Operating system version
• Device identifiers (IMEI, device ID)
• Battery level and connectivity status
• App version and configuration

2.4 Device Permissions

Our mobile application requires certain device permissions to function properly. We request and use these permissions solely for the purposes described below:

• Camera: Used exclusively for scanning QR codes during device registration and setup. We do not capture, store, or transmit any images or video from your camera. The camera is only activated when you explicitly choose to scan a QR code.
• SMS and MMS: Required to send and receive text messages and multimedia messages through your device. This includes reading, writing, and managing messages as part of the messaging gateway functionality.
• Phone: Used to read your phone number and device state for account verification and service configuration. We also access call log information to detect missed calls for auto-reply features.
• Contacts: Used to access your contact list to enable contact-based messaging features and improve message routing. Contact information is processed locally on your device and only synced to our servers if you enable contact synchronization features.
• Notifications: Used to send you important service updates, message delivery notifications, and system alerts related to your messaging gateway.
• Storage: Used on older Android versions to save MMS attachments and media files temporarily for message processing.

All permissions are requested on-demand when needed, and you can revoke them at any time through your device settings. Note that revoking certain permissions (such as SMS or Phone) may limit or disable core functionality of the Service.

2.5 Usage Data

We automatically collect:

• Message volume and patterns
• Feature usage and preferences
• API requests and webhook activity
• Dashboard interactions and analytics
• Error logs and performance metrics

2.6 Technical Data

We collect standard web and application data:

• IP addresses and geolocation data
• Browser type and version
• Cookies and similar tracking technologies
• Referring URLs and page views
• Time zone and language preferences

3. How We Use Your Information

We use collected information for the following purposes:

3.1 Service Delivery

• Processing and routing your messages through WhatsApp and SMS channels
• Managing your account and providing customer support
• Monitoring service performance and delivery rates
• Maintaining device connectivity and gateway functionality

3.2 Service Improvement

• Analyzing usage patterns to enhance features
• Troubleshooting technical issues
• Developing new functionality
• Optimizing message routing and delivery

3.3 Communication

• Sending service updates and notifications
• Responding to inquiries and support requests
• Providing account and billing information
• Sending marketing communications (with your consent)

3.4 Security and Legal Obligations

• Detecting and preventing fraud and abuse
• Enforcing our Terms of Service
• Meeting legal requirements
• Protecting user safety and rights

3.5 Billing and Payments

• Processing subscription payments
• Managing billing cycles and invoices
• Tracking usage for metered billing
• Preventing payment fraud

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We share data with trusted third-party service providers who assist us in operating our Service:

• Cloud infrastructure providers (hosting and storage)
• Payment processors (Stripe, PayPal)
• Analytics and monitoring services
• Customer support tools
• Email delivery services

4.2 WhatsApp and Carriers

Message content is transmitted through WhatsApp's platform and cellular carriers as necessary to deliver your messages. These services have their own privacy policies and terms.

4.3 Legal Requirements

We may disclose information if required by law or in response to:

• Court orders, subpoenas, or legal processes
• Government or regulatory requests
• Protection of our rights or safety
• Enforcement of our Terms of Service

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change in ownership.

4.5 With Your Consent

We may share information with third parties when you explicitly consent to such sharing.

5. Data Retention

We retain your information for different periods based on data type:

• Account data: Retained while your account is active and for up to 90 days after deletion
• Message content: Stored for 30 days for delivery tracking, then deleted
• Metadata: Retained for 12 months for analytics and billing purposes
• Payment records: Retained for 7 years to comply with tax and accounting requirements
• Support tickets: Retained for 3 years for reference and quality assurance

You may request earlier deletion of your data, subject to our legal obligations and legitimate business needs.

6. Data Security

We implement industry-standard security measures to protect your information:

• Encryption in transit (TLS/SSL) and at rest (AES-256)
• Secure authentication and access controls
• Regular security audits and vulnerability assessments
• Employee training on data protection
• Incident response and breach notification procedures
• Infrastructure monitoring and intrusion detection

While we strive to protect your information, no system is completely secure. You are responsible for maintaining the security of your account credentials.

7. Your Privacy Rights

Depending on your location, you may have the following rights:

7.1 Access and Portability

You can access your account information through your dashboard. You may request a copy of your data in a portable format.

7.2 Correction and Update

You can update your account information at any time through your account settings.

7.3 Deletion

You can delete your account and request deletion of your data. Some information may be retained as required by law or for legitimate business purposes.

For detailed instructions on how to request data deletion, please visit our Data Deletion Request page.

7.4 Opt-Out

You can opt out of marketing communications at any time by clicking "unsubscribe" in emails or adjusting your account preferences.

7.5 Object to Processing

You may object to certain data processing activities, though this may limit your ability to use the Service.

To exercise these rights, contact us at privacy@infinireach.io. We will respond within 30 days.

8. Cookies and Tracking

We use cookies and similar technologies for:

• Essential cookies: Required for authentication and basic functionality
• Analytics cookies: Understanding how users interact with our Service
• Preference cookies: Remembering your settings and preferences
• Marketing cookies: Delivering relevant advertisements (with consent)

You can control cookies through your browser settings. Disabling essential cookies may affect Service functionality.

9. International Data Transfers

Our Service is operated in the United States. If you are located outside the United States, your information will be transferred to and processed in the United States.

We implement appropriate safeguards to protect your data during international transfers, including standard contractual clauses and ensuring service providers comply with applicable data protection laws.

10. Children's Privacy

Our Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18.

If we discover that we have collected information from a child under 18, we will delete it immediately. If you believe we may have information from or about a child, please contact us.

11. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected and how it is used
• Right to delete personal information
• Right to opt-out of the sale of personal information (we do not sell information)
• Right to non-discrimination for exercising your privacy rights

To exercise these rights, contact us at privacy@infinireach.io with "California Privacy Rights" in the subject line.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on our website
• Sending an email notification to your registered email address
• Displaying a notice in your dashboard

The "Last Updated" date at the top of this policy indicates when it was last revised. Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us: