ConvoDash

ConvoDash — WhatsApp Automation Platform
Owned & Operated by ProspeRise Education LLP
Last Updated: 30 November 2025

This Data Processing Agreement (“Agreement” or “DPA”) forms part of the Terms & Conditions between:

1) Controller (“Client”, “You”)

The business or user who uploads customer data to ConvoDash.

2) Processor (“Processor”, “We”, “Us”)

ProspeRise Education LLP, the owner of ConvoDash, which processes data on behalf of the Client.

This DPA governs how we process personal data you upload while using ConvoDash’s WhatsApp Automation services.

1. Definitions

  • “Personal Data”: Customer phone numbers, names, message content, tags, metadata, or any identifiable information.
  • “Processing”: Any operation performed on personal data, including storing, sending, receiving, organizing, integrating with Meta WhatsApp Cloud API.
  • “Controller”: You, the Client, who decides the purpose & means of messaging customers.
  • “Processor”: ProspeRise Education LLP (ConvoDash), processing data strictly under your instructions.
  • “Sub-processors”: Third-party tools (Meta, Razorpay, cloud hosting providers, analytics).
  • “Meta”: Meta Platforms, provider of WhatsApp Business Cloud API.

2. Purpose of Processing

ConvoDash processes personal data solely for providing WhatsApp automation services, including:

  • Sending WhatsApp messages through the Meta Cloud API
  • Executing automated flows & chatbots
  • Managing templates & outbound communication
  • Receiving delivery reports & reading webhook events
  • Contact management, segmentation & analytics

We do not process your data for our own purposes.

3. Roles & Responsibilities

3.1 Controller Responsibilities (You)

You agree to:

  • Obtain consent from your customers before messaging them
  • Upload data that you legally have permission to use
  • Ensure your use complies with WhatsApp Business and Meta policies
  • Ensure lawful basis for processing customer phone numbers
  • Delete or update customer records as required by law

You are solely responsible for the content of messages you send.

3.2 Processor Responsibilities (ConvoDash)

We agree to:

  • Process data only for delivering ConvoDash services
  • Not sell, rent, or misuse your customer data
  • Maintain security, encryption, and infrastructure protections
  • Ensure only authorized personnel access your data
  • Assist with deletion or export of data upon request
  • Notify you of any data breach within a reasonable time
  • Follow Meta’s WhatsApp Business API compliance rules

4. Sub-Processors (Third-Party Services)

To provide ConvoDash services, we use trusted partners:

  1. Meta (WhatsApp Cloud API) — Messaging & webhook processing
  2. Razorpay — Payment processing
  3. Cloud Hosting / Server Infrastructure — Secure data storage
  4. Firebase Analytics / Hosting — Performance monitoring, CDN
  5. Email Services (e.g., Amazon SES / SMTP) — Sending notifications

Each sub-processor is vetted for security compliance.

By using ConvoDash, you authorize these sub-processors.

5. Data Security Measures

We implement industry-standard safeguards including:

  • HTTPS encryption
  • Encrypted storage of access tokens
  • Role-based access control
  • Secure API key storage
  • Firewall and server-level protections
  • Continuous monitoring for suspicious activity
  • Regular token auto-rotation (Meta requirement)

6. Data Retention & Deletion

  • Customer data is retained only as long as needed for service functionality.
  • Message logs may be stored for 6–12 months unless deleted earlier.
  • You may request deletion of specific contacts or your full account data.
  • Upon account deletion, all associated data is permanently erased.

7. International Data Transfers

Depending on your location, your data may be transferred to secure servers located in India or other regions.
We ensure all transfers maintain equivalent safety standards.

8. Data Breach Notification

If a data breach occurs:

  • We will notify you promptly and without unreasonable delay
  • Provide details of the breach and mitigation steps
  • Assist you in fulfilling legal obligations towards your customers

9. Confidentiality

All customer data is treated as strictly confidential.
Employees or contractors accessing data must sign confidentiality agreements and follow strict access protocols.

10. Customer Data Ownership

  • You retain full ownership of all data you upload.
  • ConvoDash is only a processor, never the owner.
  • We do not claim rights over your customer lists, messages, or phone numbers.

11. Audit Rights (Optional, Case-by-Case)

Upon justified request:

  • You may request details about our security measures
  • Remote/document-based audits may be allowed
  • Physical audits may require agreement, scheduling, and compliance fees

12. Term & Termination

This DPA remains valid as long as:

  • You have an active ConvoDash account, or
  • Data is being processed on your behalf

Upon termination of your ConvoDash account:

  • All data is permanently deleted
  • Your Meta connection is disconnected
  • API tokens and automation flows are purged

13. Governing Law

This DPA is governed by the laws of India.
Jurisdiction lies in Varanasi, Uttar Pradesh.

14. Contact Information

For privacy, security, or compliance inquiries:

📧 privacy@prosperriseeducation.com
📧 support@prosperriseeducation.com
🌐 Websites: www.convodash.com | www.prosperriseeducation.com
🏢 Address:
ProspeRise Education LLP
S-5/159 R JD Nagar Colony, Ramerepur, Pahariya,
Varanasi 221007, Uttar Pradesh, India