Privacy Policy
Last updated: December 19, 2025
1. Introduction
This Privacy Policy explains how SIA Baltic Oranges ("we", "us", or "our") collects, uses, and protects your information when you use WA Contact Verify ("the Service"), a Pipedrive marketplace application that verifies WhatsApp availability for your contacts.
Company Information:
- Company: SIA Baltic Oranges
- Address: Anniņmuižas bulvāris 19-35, Rīga, Latvia
- Jurisdiction: Latvia, European Union
By installing and using WA Contact Verify, you agree to the collection and use of information as described in this policy. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR).
2. Data We Collect
2.1 Account Information
When you install WA Contact Verify via Pipedrive OAuth, we collect:
- Company ID: Your Pipedrive company identifier
- User information: Name and email of the user who installed the app
- OAuth tokens: Access and refresh tokens to communicate with Pipedrive on your behalf
2.2 Contact Data
When you verify a contact, we access:
- Phone numbers: Retrieved from Pipedrive contacts for verification purposes only
- Person IDs: Pipedrive contact identifiers linked to verification results
Important: We do NOT store phone numbers in our database. Phone numbers are processed in real-time for verification and immediately discarded. We only retain the Pipedrive person ID and the verification result.
2.3 Verification Results
We store the outcome of each verification:
- Whether the phone number has WhatsApp (yes/no)
- Timestamp of the verification
- Associated Pipedrive person ID
2.4 Payment Information
When you purchase credits, Stripe (our payment processor) collects:
- Payment card details (handled entirely by Stripe)
- Billing information
We receive from Stripe: transaction ID, amount, and purchase confirmation. We never see or store your full card details.
2.5 Usage Data
We automatically collect:
- Number of verifications performed
- Credit balance and usage statistics
- Feature usage patterns
3. How We Use Your Data
We use the collected data to:
- Provide the Service: Verify WhatsApp availability for your contacts
- Update Pipedrive: Write verification results to custom fields in your CRM
- Track Usage: Monitor credit consumption and enforce usage limits
- Process Payments: Handle credit pack purchases through Stripe
- Improve the Service: Analyze usage patterns to enhance functionality
- Communicate: Send important service-related notifications
We do NOT:
- Sell your data to third parties
- Use your contact data for marketing purposes
- Share your data with advertisers
- Store phone numbers beyond the verification request
4. Data Storage & Security
4.1 Where We Store Data
Your data is stored on servers hosted by Railway, located in the European Union. This ensures compliance with GDPR data residency requirements.
4.2 Security Measures
We implement industry-standard security practices:
- Encryption in transit: All data transmitted between your browser, our servers, and third-party services uses TLS/SSL encryption
- Encryption at rest: Database storage is encrypted
- Access controls: Strict access limitations to production systems
- Secure authentication: OAuth 2.0 for Pipedrive integration
- Regular updates: Security patches applied promptly
4.3 Data Minimization
We follow the principle of data minimization:
- Phone numbers are never stored - only processed in memory
- We only collect data necessary for the service to function
- Webhook delivery logs are automatically deleted after 7 days
5. Third-Party Services
WA Contact Verify integrates with the following third-party services:
5.1 Pipedrive
We access your Pipedrive account via OAuth to read contact phone numbers and write verification results. Pipedrive's privacy policy applies to data within their platform.
- Website: pipedrive.com
- Privacy Policy: pipedrive.com/en/privacy
5.2 Whapi.cloud
We use Whapi.cloud to verify WhatsApp registration status. Phone numbers are sent to their API for verification and are subject to their privacy practices.
- Website: whapi.cloud
- Privacy Policy: whapi.cloud/privacy-policy
5.3 Stripe
We use Stripe to process credit pack payments. All payment data is handled directly by Stripe and subject to their security standards (PCI DSS compliant).
- Website: stripe.com
- Privacy Policy: stripe.com/privacy
5.4 Railway
Our application is hosted on Railway's infrastructure in the EU.
- Website: railway.app
- Privacy Policy: railway.app/legal/privacy
6. Data Retention
We retain your data for the following periods:
| Data Type | Retention Period |
|---|---|
| OAuth tokens & account info | While app is installed (deleted on uninstall) |
| Verification history | 12 months |
| Webhook delivery logs | 7 days (auto-deleted) |
| Payment records | 7 years (legal requirement) |
| Phone numbers | Not stored (processed in real-time only) |
When you uninstall the app from Pipedrive, we delete your OAuth tokens and account information. You may request deletion of all your data at any time.
7. Your Rights (GDPR)
Under the General Data Protection Regulation (GDPR), you have the following rights:
7.1 Right to Access
You can request a copy of all personal data we hold about you. We provide a data export feature directly in the app settings.
7.2 Right to Rectification
You can request correction of any inaccurate personal data.
7.3 Right to Erasure ("Right to be Forgotten")
You can request deletion of your personal data. Use the "Delete All My Data" option in app settings, or contact us directly. This will:
- Remove your installation record
- Delete verification history
- Revoke OAuth tokens
Note: Payment records may be retained as required by law.
7.4 Right to Data Portability
You can export your data in a machine-readable format (JSON) from the app settings.
7.5 Right to Object
You can object to processing of your data. Uninstalling the app stops all data processing.
7.6 Right to Withdraw Consent
You can withdraw consent at any time by uninstalling the app from Pipedrive.
How to Exercise Your Rights
To exercise any of these rights, you can:
- Use the self-service options in the app settings (Account tab)
- Email us at info@balticoranges.com
We will respond to your request within 30 days.
8. Contact Information
For any privacy-related questions or requests, please contact us:
- Email: info@balticoranges.com
- Company: SIA Baltic Oranges
- Address: Anniņmuižas bulvāris 19-35, Rīga, Latvia
We aim to respond to all inquiries within 5 business days.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by:
- Posting a notice in the app
- Updating the "Last updated" date at the top of this page
Continued use of the Service after changes constitutes acceptance of the updated policy.