Privacy Policy
Effective Date: 2026-05-14
Last Updated: 2026-05-14
1. Who we are
MADEBYJJ, LLC (“we,” “us,” “our”) is a Delaware limited liability company operating the back-office automation service available at deskwiz.app (the “Service”). The Service helps small business clients automate WhatsApp customer responses and appointment booking.
Legal entity: MADEBYJJ, LLC
Registered address: 254 Chapman Rd, Ste 208 #14797, Newark, DE 19702
Operating from: Lakewood, NJ
Contact: privacy@madebyjj.com
This Privacy Policy explains how we collect, use, share, and protect information when you use the Service.
2. Who this policy applies to
This policy applies to three groups:
- Clients — small businesses that subscribe to the Service to automate their customer communications
- End-customers — individuals who message our clients via WhatsApp and whose messages Desk processes
- Visitors — anyone visiting deskwiz.app
We have different obligations to each group, explained in the relevant sections below.
3. Information we collect
3.1 From Clients (businesses subscribing to the Service)
When you sign up as a client, we collect:
- Account information: name, business name, email address, phone number, billing address
- Authentication credentials: OAuth tokens issued by Meta during WhatsApp Embedded Signup
- WhatsApp Business Account (WABA) IDs and phone number IDs
- Payment information: processed by our payment provider (Stripe); we do not store full card numbers
- Configuration data: your business hours, services, reply settings, booking preferences
- Booking system credentials: session cookies for third-party booking tools you authorize us to access on your behalf (Vagaro, Square, Cal.com, etc.) — stored encrypted at rest
3.2 WhatsApp Business Platform Data
This section describes data we receive from Meta’s WhatsApp Business Platform and is provided specifically for transparency to Meta and to end-customers whose messages our clients process.
When an end-customer sends a WhatsApp message to one of our clients’ business numbers, Meta delivers that message to our webhook endpoint. We receive and process:
- End-customer phone number in E.164 format
- WhatsApp display name (whatever the user has set publicly)
- Message content including text, images, audio, documents, location data, and reactions sent during an active 24-hour customer service window
- Message metadata: timestamp, message ID, conversation ID, delivery and read receipts
- Customer profile information that Meta sends with the message payload
We use this data solely to:
- Send a reply on behalf of our client during the active service window
- Book, reschedule, or cancel appointments in our client’s booking system
- Maintain conversation context for follow-up messages in the same thread
- Log interactions for our client’s review in their dashboard
We do not:
- Sell WhatsApp data to anyone
- Share WhatsApp data with advertising networks
- Use WhatsApp data for advertising or resale
- Cross-reference WhatsApp end-customer data with data from other clients
- Retain message content longer than necessary (see Section 8 on retention)
3.3 From Visitors to deskwiz.app
When you visit our website, we automatically collect:
- IP address (anonymized after 30 days)
- Browser type, operating system, device type
- Pages visited, time spent, referring URL
- Cookies and similar technologies (see Section 11)
4. How we use information
We use information for the following purposes:
| Purpose | Information used | Legal basis (GDPR) |
|---|---|---|
| Provide the Service | Client account data, WABA credentials, end-customer messages | Contract performance |
| Respond to end-customer messages on a client’s behalf | WhatsApp message content, conversation history | Contract performance (with our client) and legitimate interest |
| Book appointments in third-party tools on a client’s behalf | Client booking system credentials, end-customer name and contact info | Contract performance |
| Bill clients | Account and payment information | Contract performance |
| Improve the Service | Aggregated, anonymized usage data | Legitimate interest |
| Detect fraud and abuse | All categories as needed | Legitimate interest |
| Comply with legal obligations | Any data as legally required | Legal obligation |
| Communicate with clients | Account email, business contact info | Contract performance |
We do not use automated processing to make any decision that produces legal or similarly significant effects on end-customers without human review.
5. Sharing and third parties (subprocessors)
We share information with the following categories of recipients:
5.1 Subprocessors
A current, complete subprocessor list is maintained at deskwiz.app/subprocessors and updated when changes occur.
5.2 Legal disclosures
We may disclose information if required by law, court order, or to:
- Comply with a valid legal process
- Protect our rights, property, or safety
- Protect our clients or end-customers from harm
- Investigate fraud or security incidents
We notify clients of any government data request unless legally prohibited.
5.3 Business transfers
If we are acquired or merge with another entity, your information may be transferred. We will notify clients before any such transfer.
6. We do NOT sell your data
We do not sell personal information as defined under CCPA, GDPR, or any other privacy law. We do not share data with advertising networks. We do not use end-customer data for marketing of any kind.
7. Data security
We implement industry-standard security measures including:
- TLS/HTTPS encryption for all data in transit
- AES-256 encryption for sensitive data at rest (OAuth tokens, booking credentials)
- Role-based access controls; only authorized personnel access production data
- Regular security audits
- Logging and monitoring of access to client data
- Breach notification procedures aligned with GDPR (72 hours) and applicable US state laws
No security system is perfect. If we discover a breach affecting your data, we will notify affected clients without undue delay.
8. Data retention
| Data category | Retention period |
|---|---|
| Client account data | Duration of subscription + 90 days after termination |
| WhatsApp end-customer messages | 90 days from receipt, then deleted unless client opts to retain longer |
| Booking system credentials | Until client revokes or cancels Service |
| Billing records | 7 years (for tax compliance) |
| Webhook delivery logs | 30 days |
| Aggregated, anonymized analytics | Indefinite |
Clients can request earlier deletion of end-customer message data at any time via the dashboard or by emailing privacy@madebyjj.com.
9. Your rights
9.1 Rights for individuals in the EU/UK/EEA (GDPR)
You have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Request deletion (“right to be forgotten”)
- Restrict or object to processing
- Data portability (receive your data in machine-readable format)
- Withdraw consent at any time
- Lodge a complaint with a supervisory authority
To exercise these rights, email privacy@madebyjj.com. We respond within 30 days.
9.2 Rights for California residents (CCPA / CPRA)
You have the right to:
- Know what personal information we collect and how it’s used
- Delete personal information we hold about you
- Correct inaccurate personal information
- Opt out of the sale or sharing of personal information (we do not sell or share)
- Limit the use of sensitive personal information
- Non-discrimination for exercising your rights
To exercise these rights, email privacy@madebyjj.com.
9.3 End-customers messaging our clients
If you are an end-customer who sent a WhatsApp message to a business using our Service and want your data deleted, please:
- Contact the business you messaged directly (they are the data controller for that conversation), OR
- Email us at privacy@madebyjj.com with the WhatsApp phone number you used and the business name
We will delete your data within 30 days, subject to legal retention requirements.
10. International data transfers
We are based in the United States. If you are located outside the US, your information will be transferred to and processed in the US. We rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission for transfers from the EU/UK
- Adequacy decisions where applicable
- Your explicit consent where required
11. Cookies and tracking
deskwiz.app uses:
- Essential cookies: for authentication and session management (cannot be disabled)
- Analytics cookies: privacy-friendly analytics (Plausible), no personal data (can be disabled)
We do not use advertising cookies, retargeting pixels, or cross-site tracking.
12. Children’s privacy
The Service is intended for businesses. We do not knowingly collect personal information from individuals under 18. If you believe we have collected data from a minor, contact privacy@madebyjj.com and we will delete it.
13. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the “Last Updated” date at the top
- Notify clients via email
- Post a notice on deskwiz.app
Continued use of the Service after changes constitutes acceptance.
14. Contact us
For any questions about this Privacy Policy or to exercise your rights:
MADEBYJJ, LLC
254 Chapman Rd, Ste 208 #14797, Newark, DE 19702
Email: privacy@madebyjj.com
General inquiries: hello@madebyjj.com
Privacy Policy v1.0