Privacy Policy

Last updated: 12 June 2026

This Privacy Policy explains how SlimHippo (“we”, “us”, “our”), operated by SlimHippo (Partnership Firm) with registered office at Bengaluru, Karnataka, India, collects, uses, stores and protects information when you use our website (https://slimhippo.in) and our WhatsApp Business Platform services (the “Service”).

1. Information we collect

Account information: name, business email address, company name and a hashed password when you register.
WhatsApp Business Account (WABA) data: when you connect your WABA via Meta's Embedded Signup or manually, we store your WABA ID, phone number ID, display phone number, verified business name, and the access token Meta issues for your integration.
Message data: messages you send through the Service and messages your customers send to your connected WhatsApp number (content, sender/recipient numbers, timestamps, delivery status), received via Meta webhooks.
Technical data: IP address, browser type and basic request logs needed to operate and secure the Service.

2. How we use information

To provide the Service: connecting your WABA, sending/receiving messages, managing templates.
To secure accounts, prevent abuse, and comply with Meta's WhatsApp Business Platform policies.
To provide customer support and service notifications.
To meet legal and regulatory obligations.

We do not sell your data, and we do not use your customers' message content for advertising or model training.

3. Legal basis

We process data to perform our contract with you, with your consent (which you may withdraw), and where we have a legitimate interest in operating and securing the Service, consistent with India's Digital Personal Data Protection Act, 2023 (DPDP) and, where applicable, the GDPR.

4. Sharing

Meta Platforms, Inc.: message delivery necessarily passes through Meta's WhatsApp Business Platform, subject to Meta's own terms and privacy policies.
Infrastructure providers: our servers are hosted with E2E Networks (India). Data is stored on servers we control.
Legal requests: when required by applicable law or valid legal process.

5. Data retention

Account data is kept while your account is active. Message logs and webhook events are retained for up to 90 days by default (or per your plan's configuration) and then deleted. You may request earlier deletion at any time (see Section 7).

6. Security

All traffic is encrypted in transit (HTTPS/TLS). Access tokens are stored server-side and never exposed to the browser. Passwords are stored using one-way bcrypt hashing. Access to production systems is restricted and logged.

7. Your rights

You may access, correct, export or delete your personal data, and disconnect your WABA at any time from the dashboard. For any request, email admin@slimhippo.in — we respond within 30 days.

8. Children

The Service is intended for businesses and is not directed at children under 18.

9. Changes

We will post any changes to this policy on this page with an updated date, and notify account holders of material changes by email.

10. Contact & Grievance Officer

Shivam Agarwal · SlimHippo (Partnership Firm), Bengaluru, Karnataka, India · admin@slimhippo.in