Privacy Policy

DeepVault Technologies Ltd. (“DeepVault,” “we,” “our,” or “us”) is a custom software engineering company registered in Ghana. We build production-grade SaaS products, e-commerce systems, ERPs, internal tools, system integrations, and AI-driven automation for business customers. We also operate a WhatsApp Business platform that helps our clients manage customer orders and conversations.

This Privacy Policy explains how we collect, use, share, store, and protect personal information in connection with our website (deepvaultechnologies.com), our software services, and our WhatsApp Business platform.

Legal Entity

DeepVault Technologies Ltd.

Website

https://www.deepvaultechnologies.com

Contact Email

business@deepvaultechnologies.com

Registered Address

Plot 14 Block D, Oduom, Oyoko Street, Kumasi, Kumasi Metropolitan, Ashanti Region, Ghana

P.O. Box

P.O. Box 159, KNUST – Kumasi – Ashanti, Ghana

Digital Address

AK-778-4830

Jurisdiction

Republic of Ghana

This Privacy Policy applies to personal information processed by DeepVault in connection with:

• our website at deepvaultechnologies.com;
• our custom software engineering and implementation services;
• our WhatsApp Business platform used by clients to manage customer chats and orders;
• integrations with Meta and WhatsApp Business APIs;
• our customer support, onboarding, and business communications.

Where we process personal information on behalf of a client business (as a data processor), that client’s own privacy notice governs how it handles its end users’ data. This policy covers DeepVault’s processing activities.

We collect information:

• directly from business customers during onboarding, contracting, and support;
• through website inquiries and email communications;
• through client and end-user interactions on our WhatsApp Business platform;
• via the Meta/WhatsApp Business API, including webhooks and API responses;
• automatically through the operation, monitoring, and security of our systems;
• from third-party service providers that support our infrastructure.

We use personal information for the following purposes:

• to provide, operate, and maintain our software services and WhatsApp Business platform;
• to facilitate message delivery, order management, and customer interaction workflows for our clients;
• to build, configure, and support bespoke software solutions;
• to enable and maintain integrations with Meta and WhatsApp Business APIs;
• to communicate with clients about onboarding, support, updates, and service matters;
• to monitor service performance, troubleshoot issues, and detect security threats;
• to improve our services and internal operations;
• to comply with applicable laws, including Ghana’s Data Protection Act, 2012 (Act 843), and to enforce our agreements.

Where we process data on behalf of a business customer (as a data processor), we do so strictly in accordance with the client’s instructions and the terms of our service agreement.

We do not sell personal information. We may share personal information in the following circumstances:

Our WhatsApp Business platform is designed to help client businesses manage customer conversations and orders through the WhatsApp Business API. In connection with this:

• we receive and process phone numbers, profile names, message content, attachments, message status events, template messages, and webhook data from Meta/WhatsApp;
• we use this data solely to operate, support, and secure the platform on behalf of our clients;
• we do not use WhatsApp or Meta platform data for advertising, data brokering, or any purpose unrelated to providing the requested service;
• our clients are responsible for ensuring they have appropriate legal bases, notices, and permissions for their communications with end users;
• we retain platform data in accordance with the retention periods described in Section 9.

Our use of WhatsApp Business API data complies with Meta’s Platform Terms and Developer Policies.

We retain personal information only as long as reasonably necessary for the purposes described in this policy. Our standard retention periods are:

• Client account and administrator records: retained for the duration of the active service relationship, plus 12 months after account closure for recordkeeping and dispute resolution.
• WhatsApp message and chat data: retained for the duration of the active service relationship. Deleted within 90 days after a client’s account is closed or the client requests deletion.
• Order and transaction data: retained for the duration of the active service relationship. Deleted within 90 days after account closure, unless a longer period is required by law.
• Support and communication records: retained for up to 12 months after the last interaction.
• Server logs, backups, and audit data: retained for up to 12 months for security, troubleshooting, and compliance purposes.
• Website inquiry data: retained for up to 12 months after the inquiry, unless the inquiry leads to an active client relationship.

When retention periods expire, data is securely deleted or anonymised.

We implement technical, administrative, and organisational measures to protect personal information against unauthorised access, misuse, alteration, loss, or disclosure. Our current security measures include:

• encryption in transit using HTTPS/TLS for all data transmissions;
• encryption at rest for stored data;
• role-based access controls limiting data access to authorised personnel;
• two-factor authentication for all team members;
• regular backups with secure storage;
• audit and access logging to monitor system activity;
• firewall and network security controls.

No method of storage or transmission is completely secure. While we take reasonable precautions, we cannot guarantee absolute security.

Our services are primarily offered in Ghana. However, because our infrastructure providers (such as DigitalOcean) and integration partners (such as Meta) may process data in locations outside Ghana, personal information may be transferred to and processed in countries other than the country in which it was originally collected.

Where such transfers occur, we take reasonable steps to ensure that personal information is protected in accordance with this policy and applicable data protection laws, including Ghana’s Data Protection Act, 2012 (Act 843).

Under Ghana’s Data Protection Act, 2012 (Act 843), and depending on other applicable laws, individuals may have rights to:

• request access to personal information we hold about them;
• request correction of inaccurate or incomplete personal information;
• request deletion of personal information, subject to legal and contractual retention requirements;
• object to or restrict certain processing of personal information.

If we process your information on behalf of a business customer (i.e., as a data processor), your request should be directed to that business in the first instance. We will assist the business customer in fulfilling such requests as required.

To submit a privacy-related request, contact us at:

When you contact us, please include sufficient information for us to verify your identity and understand the scope of your request. We will respond to verified requests within 30 days. If a request relates to data we process on behalf of a business customer, we may redirect you to that customer or coordinate with them to fulfil your request.

DeepVault as data controller: We act as the data controller for personal information we collect directly, such as website inquiries, our own client relationship data, and information needed to operate our business.

DeepVault as data processor: When we process personal information on behalf of a business customer through our WhatsApp Business platform (including end-user phone numbers, messages, orders, and related data), we act as a data processor. The business customer is the data controller and is responsible for ensuring it has appropriate legal bases and notices for its processing activities.

If you are a business customer using our services, you are responsible for:

• ensuring your use of our platform complies with applicable privacy and data protection laws, including Ghana’s Data Protection Act, 2012 (Act 843);
• providing appropriate notices to, and obtaining necessary consents from, your end users before communicating with them via WhatsApp;
• complying with Meta’s WhatsApp Business and Commerce Policies;
• responding to end-user data access, correction, and deletion requests where you are the data controller;
• ensuring any data you provide to us for processing is collected lawfully.

Our services are intended for business and commercial use and are not directed to children under the age of 18. We do not knowingly collect personal information from children. If we learn that we have inadvertently collected personal information from a child, we will take prompt steps to delete it. If you believe a child’s information has been provided to us, please contact us at business@deepvaultechnologies.com.

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or business practices. When we make changes, we will update the “Last Updated” date at the top of this document. For material changes, we will notify our business customers by email or through our platform.

If you have questions about this Privacy Policy or our data practices, contact us at:

This Privacy Policy is governed by and construed in accordance with the laws of the Republic of Ghana, including the Data Protection Act, 2012 (Act 843).