Privacy Policy

Effective: 3 May 2026 · Last updated: 3 May 2026

This Privacy Policy explains how Singlemonkey Solutions, a sole proprietorship registered in Hyderabad, India ("Singlemonkey", "we", "us") collects, uses, stores, and shares information when you use Daksend (the "Service"), our Google Sheets add-on for sending bulk WhatsApp messages.

By using Daksend you agree to this policy. We've tried to write it in plain language. If anything is unclear, email support@daksend.com and we'll explain.

1. Data we collect

1.1 Information you provide directly

• Google account email and basic profile. When you sign in to Daksend with Google, we receive your email address, name, and Google profile picture URL via OpenID Connect. This is required to identify you across sessions and to send you notifications (campaign-completion summaries, template-approval emails).
• WhatsApp Business Provider credentials. When you connect a provider (MSG91, Gupshup, Meta Cloud, Interakt, or WATI), we collect your account identifier (e.g., MSG91 integrated number), your authentication key, and any other credentials your provider requires. These are encrypted at rest with AES-256-GCM. We never log them and never display them in our UI in full (only the last four characters appear).
• Workspace and team information. If you invite team members, we collect their email addresses and the role you assign them.

1.2 Information from Google Sheets (during sends only)

When you send a campaign, Daksend reads the rows you select from the active spreadsheet to extract recipient phone numbers and any column values you've mapped to message variables. We use the https://www.googleapis.com/auth/spreadsheets.currentonly OAuth scope, which limits our access to the spreadsheet currently open in the user's browser tab — we cannot read or write any other file in your Google Drive.

The data we read includes:

• Phone numbers (the column you designate as the recipient column)
• Variable values (any sheet columns you map to {{variable}} placeholders in your WhatsApp template)
• Header information (column names, used to detect or place delivery-status columns)

We do not read columns you haven't mapped. Sheet rows transit through our servers temporarily during the send (they're forwarded to your chosen WhatsApp provider) and are stored as part of campaign records so we can retry failures and write delivery status back to your sheet.

1.3 Delivery status data

When your WhatsApp provider sends webhook events back to us (e.g., "message delivered", "message read", "message failed"), we store these events linked to the corresponding campaign and message row. We then write status updates back to your spreadsheet (Status, Sent At, Delivered At, Read At, Failure Reason columns).

1.4 Information from inbound WhatsApp messages

If a recipient replies to a message you sent through Daksend, your provider forwards the reply to our webhook receiver. We process replies only to detect opt-out keywords (STOP, UNSUBSCRIBE, CANCEL, END, QUIT, REVOKE, OPT OUT) so that future sends skip those recipients. We do not store the full content of inbound messages beyond what's needed for opt-out detection and compliance audit logs.

1.5 Operational and diagnostic data

• Server logs. Standard request logs (timestamp, IP address, HTTP path, response code, request duration) for debugging and abuse prevention. Phone numbers in logs are truncated to the last four digits. Message body content is never logged at INFO level or above.
• Audit logs. Significant actions (workspace creation, provider attach, opt-out add/remove, workspace rename) are logged with timestamps and the responsible user, for compliance and account security.

2. How we use your data

We use the data we collect only for these purposes:

• To deliver the Service: read sheet data, forward messages to your provider, write delivery status back to your sheet, send you completion-summary emails.
• To detect opt-outs and prevent sending to recipients who have asked to be removed.
• To debug, investigate abuse, and respond to security incidents.
• To send you transactional communications related to your account (template approvals, campaign completions, billing receipts).
• To improve the Service (aggregated usage patterns; never identifying individual recipients).

We do not:

• Sell, rent, or trade your data to third parties.
• Use your data, sheet contents, or recipient lists to train AI or machine-learning models.
• Show you advertisements based on your usage.
• Read sheet rows you haven't selected for a send.
• Access any Google Drive files other than the spreadsheet currently open.

3. Google API Services Limited Use disclosure

Specifically, the data Daksend accesses via Google OAuth scopes is used as follows:

• https://www.googleapis.com/auth/spreadsheets.currentonly — read sheet rows and write delivery-status columns. Used only during active campaign sends and writeback. Data is never transferred to anyone other than your designated WhatsApp Business Provider for the purpose of message delivery, and is never used for advertising, AI/ML training, or any purpose unrelated to providing the Service.
• https://www.googleapis.com/auth/userinfo.email (and profile, openid) — identify you across sessions, link your account to your workspace memberships, send transactional emails. Never shared with third parties.
• https://www.googleapis.com/auth/script.container.ui — display Daksend's sidebar and modals inside Google Sheets.
• https://www.googleapis.com/auth/script.external_request — make HTTPS requests from Apps Script to Daksend's API at api.daksend.com.
• https://www.googleapis.com/auth/script.scriptapp — obtain the OAuth token associated with the user's session, presented to our API for server-side identity verification.

We do not transfer Google user data to AI models. We do not use Google user data to develop, improve, or train generalized or non-personalized AI/ML models. Human review of Google user data is performed only when (a) the user explicitly grants permission for a specific purpose; (b) it is necessary for security purposes (such as investigating abuse); (c) it is necessary to comply with applicable law; or (d) the data has been aggregated and is used for internal operations in compliance with the Google API Services User Data Policy.

4. Who we share data with

4.1 Sub-processors

We share data with the following service providers, each contractually bound to protect your data:

• Render (USA) — application hosting. Servers are located in Singapore.
• Render Postgres (Singapore) — primary database. All campaign and account data resides here.
• Render Redis (Key-Value) (Singapore) — job queue for outbound message processing.
• Resend (USA) — transactional email delivery (campaign-completion summaries, template-approval notifications).
• Your chosen WhatsApp Business Provider — MSG91, Gupshup, Meta Cloud, Interakt, or WATI. We forward your message content and recipient phone numbers to the provider you connect; the provider then delivers the message via Meta/WhatsApp infrastructure.
• Google — for OAuth identity verification and the Apps Script sidebar runtime.

4.2 Legal requests

We may disclose data when legally required (court order, subpoena, or applicable Indian law). We will notify you before disclosure unless legally prohibited.

4.3 Business transfers

If Singlemonkey is acquired or merged, your data may transfer to the acquiring entity. We will notify you by email at least 30 days before any such transfer takes effect, and you'll have the option to delete your account before the transfer.

5. Where data is stored, how it's secured

All Daksend data is stored on infrastructure operated by Render in Singapore. Provider credentials (MSG91/Gupshup/etc. authkeys) are encrypted at rest using AES-256-GCM with keys held only in environment variables, never written to the database alongside the encrypted data.

Connections between your browser, the Daksend sidebar, our API, and your WhatsApp provider are secured with TLS 1.2 or higher. We follow OWASP best practices for input validation, output encoding, and access control. Our application code is reviewed for security issues before each release.

6. Retention

• Account data (your user record, workspace memberships, encrypted provider credentials) — retained until you delete your workspace.
• Campaign data and message records — retained until the workspace is deleted, then purged within 30 days. You can request earlier deletion via support.
• Opt-out records — retained indefinitely on a per-workspace basis. This is required for WhatsApp Business Policy compliance — once a recipient has opted out, we must continue to recognize that opt-out across all future sends.
• Server logs — retained for 30 days, then deleted.
• Audit logs — retained for 12 months.
• Inbound message content (beyond opt-out detection) — not retained.

7. Your rights

Regardless of where you live, you have the right to:

• Access the data we hold about you. Request via support@daksend.com; we'll provide a machine-readable export within 30 days.
• Correct inaccurate data. Most account data can be corrected via the Daksend dashboard.
• Delete your data. Request via support@daksend.com; we'll complete deletion within 30 days, except for legally required records (audit logs, opt-out compliance records).
• Object to specific uses of your data. Email us; we'll evaluate and respond within 30 days.
• Withdraw consent at any time by uninstalling Daksend and deleting your workspace.
• Revoke Google access at any time via your Google Account permissions page. Daksend will lose access immediately upon revocation.

If you're in the European Economic Area, the United Kingdom, or California, you have additional rights under GDPR / UK GDPR / CCPA. We honor those rights for all users globally, regardless of jurisdiction.

8. Cookies and tracking

Daksend's web dashboard (app.daksend.com) uses a single essential cookie for session authentication (__Secure-authjs.session-token). It's set as HttpOnly and Secure; it's never accessible to client-side JavaScript. We use no third-party tracking scripts, no analytics, no advertising pixels.

The Daksend marketing site (daksend.com) uses no cookies and no tracking.

9. Children

Daksend is intended for business use and is not directed at children under 16. We do not knowingly collect data from children. If we learn we have collected data from a child, we delete it.

10. International data transfers

Singlemonkey Solutions is based in India. Our infrastructure is in Singapore. Some of our sub-processors (Render, Resend) are based in the United States. Data you submit to Daksend may therefore be transferred outside your country of residence. By using Daksend you consent to this transfer. We rely on standard contractual clauses and other lawful transfer mechanisms where required by applicable law.

11. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top of this page reflects the most recent change. For material changes, we'll notify you by email at least 14 days before the change takes effect. Continued use of Daksend after the effective date of an updated policy constitutes acceptance.

12. Contact us

Privacy questions, data-access requests, deletion requests, complaints — all go to:

Singlemonkey Solutions
Email: support@daksend.com
Hyderabad, India

We respond to privacy inquiries within 7 business days and complete formal access/deletion requests within 30 days.