Privacy Policy
Last updated: 22 February 2026
Cox.id ("we", "us", or "our") operates the Cox.id platform (https://cox.id), which provides WhatsApp Business API onboarding and messaging services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services.
By accessing or using our services, you agree to this Privacy Policy. If you do not agree, please do not use our services.
1. Information We Collect
1.1 Information from Facebook Login & Embedded Signup
When you connect your WhatsApp Business Account through our platform using Facebook's Embedded Signup flow, we receive the following information from Meta (Facebook):
- WhatsApp Business Account ID (WABA ID)
- Phone Number ID associated with your business
- Business token (OAuth access token) for API access on your behalf
- Account review status from Meta
1.2 Information You Provide
We may collect information you voluntarily provide, including:
- Business name and contact information
- Email address
- Any information submitted through our platform forms
1.3 Automatically Collected Information
When you access our platform, we may automatically collect:
- IP address and browser type
- Device information and operating system
- Pages visited and time spent on our platform
- Referring URL and access timestamps
2. How We Use Your Information
We use the information we collect for the following purposes:
- To provide and maintain our WhatsApp Business API onboarding services
- To register and configure your WhatsApp Business phone number via the Meta Graph API
- To subscribe your WhatsApp Business Account to webhook notifications for account updates
- To manage and display your onboarded account status on our dashboard
- To communicate with you about service updates or issues
- To comply with legal obligations and enforce our policies
- To detect, prevent, and address technical issues or fraud
3. Use of Meta Platform Data
We access Meta Platform Data (including WhatsApp Business API) in compliance with Meta's Platform Terms and Developer Policies. Specifically:
- We only request permissions necessary for the functionality of our service (
whatsapp_business_managementandwhatsapp_business_messaging) - We do not sell, license, or sub-license Meta Platform Data to any third party
- We do not use Meta Platform Data for purposes unrelated to providing our services
- We do not transfer Meta Platform Data to any ad network, data broker, or other advertising or monetization-related service
- Access tokens are stored securely and used solely to make authorized API calls on your behalf
4. Data Storage & Security
We implement appropriate technical and organizational measures to protect your information:
- Data is stored in secure PostgreSQL databases with encrypted connections
- Access tokens and sensitive credentials are stored securely and never exposed to client-side code
- All data transmission is encrypted using TLS/HTTPS
- Access to data is restricted to authorized personnel only
- We regularly review our data collection, storage, and processing practices
5. Data Sharing & Disclosure
We do not sell your personal information. We may share your information only in the following circumstances:
- With Meta/Facebook: as required to provide WhatsApp Business API services (API calls, webhook subscriptions)
- Service Providers: with trusted third-party service providers who assist in operating our platform (e.g., hosting, database services), bound by confidentiality agreements
- Legal Requirements: when required by law, court order, or governmental regulation
- Business Transfers: in connection with a merger, acquisition, or sale of assets, with prior notice to affected users
6. Data Retention
We retain your information for as long as your account is active or as needed to provide our services. If you request account deletion, we will delete or anonymize your data within 30 days, except where retention is required by law. Meta Platform Data is deleted when no longer necessary for the purpose for which it was collected.
7. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access: request a copy of the personal data we hold about you
- Correction: request correction of inaccurate data
- Deletion: request deletion of your data, subject to legal retention requirements
- Portability: request transfer of your data in a machine-readable format
- Withdraw Consent: withdraw consent at any time where processing is based on consent
- Revoke Access: you may revoke our access to your Meta/WhatsApp data at any time through your Facebook Business Integrations settings
To exercise any of these rights, please contact us at privacy@cox.id.
8. Data Deletion Instructions
You can request deletion of your data at any time by:
- Sending an email to privacy@cox.id with the subject "Data Deletion Request"
- Revoking our app access through your Facebook Business Integrations settings
Upon receiving a valid deletion request, we will delete all associated data within 30 days and confirm the deletion via email.
9. Cookies & Tracking
Our platform uses essential cookies required for the Facebook SDK to function properly during the embedded signup process. We do not use advertising cookies or third-party tracking cookies. The Facebook SDK may set its own cookies as described in Meta's Cookie Policy.
10. Children's Privacy
Our services are intended for businesses and are not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of our services after changes constitutes acceptance of the revised policy.
12. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, please contact us at: