OVEL logoOVELRequest demo

Privacy Policy

Last updated: 6/3/2026

1. Controller

Weiland Enterprises LTD, Themistokle Dervi 48, Floor 3, Office 306, 1066 Nicosia, Cyprus (Registration Number ΗΕ 451507), operating the OVEL platform ("OVEL", "we", "us"). Contact: hello@ovel.app.

2. Scope

This Privacy Policy describes how we process personal data when you visit ovel.io and when our business customers use the OVEL platform to send WhatsApp Business messages to their own end users via the official WhatsApp Business Platform provided by Meta Platforms, Inc. ("Meta Platform Data").

3. Data we process

  • Customer account data: name, business name, email, login credentials, billing data of the businesses subscribing to OVEL.
  • End-user data (processed on behalf of our customers): phone number, name (if provided), opt-in record and timestamp, message content sent through the platform, delivery and read status, replies received through WhatsApp.
  • Usage and log data: IP address, browser, device, access timestamps, security logs.

4. Purposes and legal bases

  • Providing and operating the OVEL platform (Art. 6(1)(b) GDPR – contract).
  • Delivering messages on behalf of our business customers via the WhatsApp Business Platform (Art. 6(1)(b) and (f) GDPR; Art. 28 GDPR as processor for end-user data).
  • Tracking delivery and message status, fraud prevention, security and abuse monitoring (Art. 6(1)(f) GDPR).
  • Complying with statutory obligations (Art. 6(1)(c) GDPR).

5. Use of Meta Platform Data (WhatsApp Business Platform)

To deliver messages on behalf of our customers we use the official WhatsApp Business Platform provided by Meta Platforms, Inc. When a business customer triggers a campaign through OVEL, we transmit the message content and recipient phone numbers to Meta only for the purpose of delivering the message and receiving back delivery and status information.

We commit to the following with respect to Meta Platform Data:

  • We only transmit messages to recipients for whom the business customer has obtained a valid, documented opt-in to receive WhatsApp messages from that business.
  • We use Meta Platform Data solely to provide the OVEL service to the business customer who supplied or generated the data. We do not use it for our own marketing.
  • We do not sell, rent or license Meta Platform Data. We do not share it with third parties for advertising or any unrelated purpose, and we do not use it to build user profiles for advertising.
  • We do not transfer Meta Platform Data to data brokers, ad networks, information resellers, or any party that would re-identify or monetize the data.
  • Recipients can opt out at any time by replying STOP or by contacting the sending business; opt-outs are honoured by the platform and stored.

6. Recipients and processors

We rely on carefully selected service providers (sub-processors) to operate OVEL, including cloud hosting providers within the EU and Meta Platforms, Inc. as the WhatsApp Business Platform provider. A list of current sub-processors is available on request at hello@ovel.app.

7. International transfers

Where personal data is transferred outside the European Economic Area (for example to Meta Platforms, Inc.), the transfer is protected by the EU Standard Contractual Clauses and additional safeguards in line with Art. 46 GDPR.

8. Retention

Personal data is retained only as long as necessary to provide the service or to comply with statutory retention obligations. Message content and delivery metadata are retained for the period configured by the business customer and are deleted thereafter. Opt-out records are retained as long as needed to honour the opt-out.

9. Data subject rights

Data subjects have the right to access, rectification, erasure, restriction, objection and data portability, as well as the right to lodge a complaint with a supervisory authority. For end-user data processed on behalf of a business customer, requests should generally be directed to that business; we will support our customers in fulfilling such requests. Requests can also be sent to hello@ovel.app.

10. Data processing on behalf of customers

For end-user data we act as a processor on behalf of our business customers (controllers) and enter into a Data Processing Agreement pursuant to Art. 28 GDPR.

11. Data security

Data is transmitted using TLS encryption and stored in EU-based data centres with access controls, encryption at rest, logging and regular security reviews.

12. Changes to this policy

We may update this Privacy Policy from time to time. The current version is always available at https://ovel.io/privacy.