1. Introduction
This Privacy Policy explains how CrmOfficialOptimus (the “Service”), operated by CV Optimal Memajukan Usaha (the “Company”, “we”, “us”, or “our”), collects, uses, discloses, and protects personal data in connection with our WhatsApp-based customer relationship management platform.
The Service is a web-based CRM that enables businesses to receive and respond to customer-initiated messages through the WhatsApp Business Platform provided by Meta Platforms, Inc. We take the privacy of both our business users (the “Businesses”) and the end-customers (the “Customers”) who message those Businesses very seriously.
By using CrmOfficialOptimus, you agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the Service.
2. Data Controller
The data controller responsible for personal data processed through CrmOfficialOptimus is:
CV Optimal Memajukan Usaha
Operating the product: CrmOfficialOptimus
Email: [email protected]
Website: https://optimus-code.com
For personal data processed by Meta Platforms, Inc. on the WhatsApp Business Platform, Meta acts as a separate data controller. Please refer to Meta's privacy policy for details on how they process such data.
3. Data We Collect
We collect personal data only as necessary to operate the Service and fulfill the purposes described in this Policy. The categories of data we collect include:
3.1 Data from Business Users (Account Data)
- Full name, business name, and email address
- Account credentials (hashed passwords, session tokens)
- Billing information and transaction history
- WhatsApp Business Account ID and Phone Number ID
- System User Access Token metadata (issued by Meta)
- IP address, browser type, and device information
3.2 Data from End-Customers (Message Data)
- WhatsApp phone number of the customer initiating contact
- Message content, timestamps, and delivery status
- Media files (images, documents, audio) sent by the customer
- Profile name and profile picture (if provided by the customer)
3.3 Technical & Usage Data
- Server logs (request time, status codes, error traces)
- Application usage analytics (feature usage, performance)
- Cookies and similar tracking technologies (see our Cookie Notice)
4. How We Use Your Data
We process personal data for the following purposes:
- Service delivery: Routing incoming WhatsApp messages from the WhatsApp Business Platform into the CRM dashboard and delivering replies back to the customer.
- Account management: Creating and maintaining business user accounts, authenticating users, and managing subscriptions.
- Customer support: Responding to inquiries, troubleshooting issues, and providing technical assistance.
- Security & fraud prevention: Detecting suspicious activity, abuse, and protecting the integrity of the Service.
- Service improvement: Analyzing aggregated usage data to improve features, performance, and reliability.
- Legal compliance: Complying with applicable laws, regulations, and lawful requests from authorities.
We do not sell personal data to third parties, and we do not use personal data for behavioral advertising.
5. WhatsApp Business Platform & Meta
CrmOfficialOptimus integrates with the WhatsApp Business Platform using a server-to-server architecture via the official Cloud API. We use a System User Access Token issued by Meta to authenticate API calls. End-users (Customers) do not log in with Meta accounts to use the Service.
Data flows as follows:
- A Customer sends a message to a Business's WhatsApp Business number from their mobile device.
- Meta's WhatsApp Business Platform delivers the message to our servers via webhook.
- Our system persists the message and surfaces it inside the authorized Business user's CRM dashboard.
- When the Business user replies, our system sends the reply to the Customer via the WhatsApp Cloud API.
We process WhatsApp message data solely on behalf of the Business user, in accordance with Meta's WhatsApp Business Messaging Policy and the WhatsApp Commerce Policy. We do not initiate outbound messages to Customers who have not first contacted the Business.
6. Legal Basis for Processing
We rely on the following legal bases under applicable data protection laws (including the EU GDPR and Indonesia's PDP Law):
- Contract: to provide the Service you have signed up for.
- Legitimate interests: to secure, improve, and operate the Service.
- Consent: for non-essential cookies and for any processing that requires explicit opt-in.
- Legal obligation: to comply with applicable laws and lawful requests.
7. Data Sharing & Sub-Processors
We do not sell personal data. We share personal data only with:
- Meta Platforms, Inc. — as the provider of the WhatsApp Business Platform.
- Cloud infrastructure providers — for secure hosting (e.g., AWS, Google Cloud, or similar).
- Payment processors — for billing and subscription management.
- Customer support & analytics vendors — bound by data processing agreements.
- Law enforcement or regulators — when required by valid legal process.
Each sub-processor is contractually obligated to process data only on our documented instructions and to maintain appropriate security measures.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes outlined in this Policy, after which it is securely deleted or anonymized.
| Data Category | Retention Period |
|---|---|
| Account data | Lifetime of account + 30 days after deletion |
| WhatsApp message content | Configurable per Business (default 24 months) |
| Billing records | 7 years (tax & accounting obligations) |
| Server logs | 90 days |
| Backups | Up to 35 days, then securely overwritten |
9. Data Security
We implement industry-standard technical and organizational measures to protect personal data, including:
- TLS 1.2+ encryption in transit; AES-256 encryption at rest
- Role-based access controls and least-privilege principles
- Regular security audits and vulnerability scanning
- Encrypted backups and disaster recovery procedures
- Employee training on data protection and confidentiality
10. International Data Transfers
CrmOfficialOptimus is operated from Indonesia. By using the Service, you understand that your data may be transferred to and processed in countries other than your country of residence, including the United States and the European Economic Area. When we transfer personal data internationally, we rely on appropriate safeguards such as Standard Contractual Clauses.
11. Your Rights
Subject to applicable data protection laws, you have the following rights:
- Right of access — request a copy of the personal data we hold about you.
- Right to rectification — correct inaccurate or incomplete data.
- Right to erasure — request deletion of your personal data.
- Right to restriction — limit how we process your data.
- Right to data portability — receive your data in a structured, machine-readable format.
- Right to object — object to processing based on legitimate interests.
- Right to withdraw consent — at any time, where processing is based on consent.
- Right to lodge a complaint — with a supervisory authority.
To exercise any of these rights, see Section 15 (Contact Us).
12. Data Deletion Requests
We honor data deletion requests in accordance with Meta's Developer Policies and applicable law. End-Customers may request deletion of their WhatsApp message data by either:
- Contacting the Business directly and asking them to remove the conversation, or
- Emailing our privacy team at [email protected] with the phone number and a description of the data to be deleted.
We will process verified deletion requests within 30 calendar days. For full instructions, please visit our Data Deletion page.
13. Children's Privacy
The Service is not directed to children under the age of 16 (or such higher age as required by local law). We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will delete it promptly.
14. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page and, where appropriate, notify Business users via email or in-product notice. Material changes will not be applied retroactively without consent where required by law.
15. Contact Us
If you have any questions about this Privacy Policy, our data practices, or wish to exercise your rights, please contact us:
CV Optimal Memajukan Usaha
Product: CrmOfficialOptimus
Email: [email protected]
Data Protection Officer: [email protected]
Website: https://optimus-code.com
We aim to respond to all privacy-related inquiries within 7 business days.