Home / Privacy Policy
Effective Date: 16 June 2026
Last Updated: 16 June 2026
WhatsRCS ("WhatsRCS," "we," "us," or "our") operates the website whatsrcs.com and provides RCS (Rich Communication Services) based messaging, campaign management, and customer engagement services (the "Services"). This Privacy Policy is published in accordance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023, along with its associated Rules (collectively, "Indian Data Protection Law").
This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you visit our website, register for an account, or use our Services, and describes the rights available to you in respect of your personal data.
This Privacy Policy applies to two categories of individuals:
Under Indian Data Protection Law, WhatsRCS acts as the "Data Fiduciary" in respect of the personal data of Customers (the businesses that use our Services). For personal data of End Users contained in contact lists uploaded by Customer, WhatsRCS acts as a "Data Processor" on Customer's instructions, and Customer is the Data Fiduciary responsible for that personal data, as further explained in Section 7.
1. Personal Data We Collect
1.1 Personal Data You Provide to Us
1.2 Customer Data (End User Personal Data)
When Customer uses the Services to run RCS messaging campaigns, Customer may upload contact lists containing End User personal data such as names, phone numbers, and any other data Customer chooses to include. We process this personal data solely to deliver the Services requested by Customer, such as sending messages and generating performance reports.
1.3 Information Collected Automatically
2. How We Use Personal Data
We process personal data for the following specified purposes:
3. Consent and Legitimate Uses
4. How We Share Personal Data
We do not sell personal data. We may share personal data in the following circumstances:
5. Data Retention
We retain personal data only for as long as is necessary to fulfil the specified purpose for which it was collected, or as required to comply with any applicable legal or regulatory requirement. End User personal data uploaded by Customer is retained for the duration of the relevant campaign and for a reasonable period thereafter for reporting purposes, unless Customer requests earlier erasure or applicable law requires a different retention period. Where personal data is no longer necessary for the specified purpose and Customer's account has been inactive for the period prescribed under applicable law, we will erase such personal data in accordance with that law.
6. Data Security
In accordance with the reasonable security practices prescribed under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 and the Digital Personal Data Protection Act, 2023, we implement reasonable technical and organizational security safeguards designed to protect personal data from unauthorized access, disclosure, alteration, loss, or destruction, including encryption of data in transit, access controls, and periodic security reviews. In the event of a personal data breach, we will take steps to notify the Data Protection Board of India and affected Data Principals as required by applicable law.
7. Role as Data Processor for End User Personal Data
For personal data contained in customer contact lists uploaded by Customer, WhatsRCS acts solely as a Data Processor acting on Customer's instructions. Customer, as the Data Fiduciary for that personal data, is responsible for:
WhatsRCS will provide reasonable assistance to Customer in fulfilling such requests where required by applicable law.
8. Cookies and Tracking Technologies
Our website uses cookies and similar technologies to operate the Platform, remember preferences, and understand how visitors use our website. You can control cookies through your browser settings, although disabling cookies may affect the functionality of the website.
9. Transfer of Personal Data Outside India
Because the Services rely on infrastructure operated by Google and other global service providers, personal data may be transferred to, stored, and processed in countries outside India. The Digital Personal Data Protection Act, 2023 permits such transfers, except to countries or territories that the Government of India may restrict by notification from time to time. We do not knowingly transfer personal data to any country or territory so restricted.
10. Rights of Data Principals
As a Data Principal under the Digital Personal Data Protection Act, 2023, you have the right to:
To exercise these rights, please contact us using the details in Section 14. We may need to verify your identity before fulfilling a request, and we will respond within the timelines prescribed under applicable law.
11. Marketing Communications and Opt-Out
End Users who receive RCS messages from a Customer through our Platform may opt out at any time by replying "STOP" or using the opt-out method indicated in the message. Customer is responsible for promptly honoring such requests and maintaining auditable consent records, and WhatsRCS will provide tools to support this process where applicable.
12. Personal Data of Children
In accordance with the Digital Personal Data Protection Act, 2023, "child" means an individual who has not completed the age of eighteen years. Our Services are intended for use by businesses and individuals above the age of eighteen, and we do not knowingly collect personal data directly from children. Where processing of a child's personal data is unavoidable, we will process such data only with the verifiable consent of the child's parent or lawful guardian, obtained in the manner prescribed under applicable law.
13. Third Party Links and Services
Our website may contain links to third party websites or services, including those of Google and our payment processors. This Privacy Policy does not apply to those third party sites, and we encourage you to review their respective privacy policies.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. The updated version will be posted on whatsrcs.com with a revised "Last Updated" date. We encourage you to review this Privacy Policy periodically.