Privacy Policy

Last updated: April 07, 2026

1. General Provisions

This Privacy Policy defines the procedure for processing and protecting personal data of users of the Fiwano integration platform (WhatsApp, Instagram, Facebook Messenger). Use of the service implies unconditional consent of the user to this Policy and the conditions for processing personal information specified therein.

Fiwano (hereinafter referred to as the "Service") is operated by Individual Entrepreneur Roman Babakin (P/E Roman Babakin), registered in Georgia. The Service provides technical integration between your systems and Meta communication channels (WhatsApp Business, Instagram, Facebook Messenger).

2. Data Collected

2.1. Data Provided by User

When creating an account and connecting communication channels, we process the following data:

• Account information (email, name, password hash)
• Access tokens from Meta (Facebook) for access to WhatsApp Business Account, Instagram, and Facebook Page
• Channel identifiers (WhatsApp Business Account ID, Phone Number ID, Instagram Account ID, Page ID)
• Channel metadata (phone numbers, names, verification statuses)
• Connection session data (OAuth state, connection statuses)

2.2. Data Received from Meta

When processing incoming messages via webhooks from Meta, we receive:

• Message content from users
• Message metadata (sender ID, send time, message type)
• Delivery and read status data
• Sender profile information (name, profile picture — where available)

This data is transmitted to your configured webhook URL and is not stored in the Service longer than necessary for processing and delivery.

3. Data Processing Purposes

Personal data is processed for the following purposes:

• Ensuring the functioning of integration with Meta channels (WhatsApp, Instagram, Facebook Messenger)
• Transmitting messages between users and your systems via webhooks
• Managing channel connections and their statuses
• Processing subscription and billing through Paddle
• Ensuring security and preventing fraud
• Compliance with legal requirements

4. Data Storage and Protection

4.1. Encryption

All access tokens from Meta are stored in encrypted form using the Fernet algorithm (symmetric encryption). The encryption key is stored separately from the data and is not shared with third parties. User passwords are hashed using bcrypt.

4.2. Retention Periods

• Access tokens are stored until the channel is disconnected or the token expires
• Webhook logs are stored for 30 days to ensure idempotent processing
• Connection session data is deleted after the connection process is completed
• API keys are stored in hashed form (SHA-256)

4.3. Technical Security Measures

• Use of HTTPS for all connections
• Webhook verification via HMAC-SHA256 signatures
• API key authentication with rate limiting
• Regular access token refresh (7 days before expiry)
• Data isolation between user accounts

5. Data Transfer to Third Parties

The Service transfers data only to the following recipients:

• Your Webhook Endpoints — incoming messages and status updates are delivered to your configured webhook URL using signed HTTP requests.
• Meta (Facebook) — for sending messages via Graph API. Data transfer is governed by Meta's privacy policies.
• Paddle.com Market Limited — for payment processing. Only billing-related data (email, subscription details) is shared.

Data is not transferred to other third parties, is not used for marketing purposes, and is not sold.

6. User Rights

Users have the right to:

• Receive information about stored data
• Request correction of inaccurate data
• Request deletion of data (by disconnecting channels and deleting the account)
• Withdraw consent to data processing (by deactivating the account)
• Export their data

To exercise these rights, contact us at contact@fiwano.com.

7. Cookies and Tracking

The Service uses session cookies to maintain authentication state. We may use analytics (Google Analytics) to understand usage patterns. We do not use cookies for advertising or tracking across third-party sites.

8. Changes to Privacy Policy

We reserve the right to make changes to this Privacy Policy. We will notify you of significant changes via email or dashboard notification. We recommend reviewing this page periodically.

9. Contact Information

For questions related to personal data processing, please contact us: