Privacy Policy

Last Updated: 11/01/2026

This Privacy Policy explains how Inofinix Private Limited (“Inofinix”, “we”, “us”, “our”), a company incorporated in India with its registered office in Bengaluru, Karnataka, collects, uses, stores, shares, and protects Personal Data when you use Cocoonmail, our software-as-a-service platform (the “Service”).

Cocoonmail enables businesses to engage with their customers using multiple communication channels, including Email Marketing and WhatsApp Business (optional integration).

1. Scope of This Policy

This Policy applies to:

• Businesses and individuals who create accounts on Cocoonmail (“Customers”)
• End users (“End Users”) who receive communications from Customers via Email or WhatsApp

In most cases, Customers are the Data Controllers, and Inofinix acts as a Data Processor / Service Provider, processing Personal Data strictly on Customer instructions.

2. Information We Collect

2.1 Account and Business Information

• Name, email address, phone number
• Company and business details
• Login credentials
• Billing and payment information
• Customer support communications

2.2 Email Marketing Data

When Customers use Cocoonmail for email marketing, we may process:

• Email addresses of recipients
• Contact attributes uploaded by the Customer
• Email content, subject lines, and attachments
• Campaign analytics such as opens, clicks, bounces, and delivery status

2.3 WhatsApp Business Integration Data

If a Customer connects WhatsApp Business using Meta’s WhatsApp Cloud API(and in the future via our services as a WhatsApp Business Solution Provider), we may process:

• WhatsApp Business Account (WABA) details
• Business phone numbers
• WhatsApp message templates
• Customer-provided phone numbers and contact identifiers
• WhatsApp message content sent and received
• Message metadata such as timestamps and delivery/read status

Message content, templates, and metadata are stored solely to provide the Service, support reporting, customer support, compliance, and troubleshooting.

2.4 Technical and Usage Data

• IP address
• Device, browser, and operating system information
• Log files and timestamps
• Cookies and similar technologies

3. How We Use Information

• Operate and maintain the Cocoonmail platform
• Enable Email and WhatsApp communications on behalf of Customers
• Support WhatsApp Business integrations
• Provide message storage, analytics, and reporting
• Provide customer support
• Ensure security, compliance, and service improvement

We do not use message content or contact data for our own advertising or marketing.

4. Legal Basis for Processing

Processing is based on:

• Performance of a contract with the Customer
• Compliance with legal obligations
• Legitimate interests such as security and fraud prevention
• Consent obtained by Customers from End Users where required

5. WhatsApp & Meta Platform Compliance

• WhatsApp Platform Data is processed strictly in accordance with Meta and WhatsApp Business Terms
• WhatsApp data is used only to provide the Service to the relevant Customer
• We do not sell, rent, or misuse WhatsApp data
• Data may be shared with Meta/WhatsApp as required for message delivery or compliance
• Customers are responsible for lawful use and End User consent

5.1 End-User Consent for WhatsApp Communications

• Cocoonmail provides tools that enable its customers (“Customers”) to send messages to end users via WhatsApp using the WhatsApp Business Platform.
• Customers are solely responsible for obtaining all necessary consents, permissions, and lawful authorizations from end users before initiating any WhatsApp communication, including business-initiated or marketing messages.
• Such consent must comply with applicable laws and WhatsApp policies and may include, where required, explicit opt-in mechanisms such as checkboxes, forms, or other affirmative user actions.
• Cocoonmail does not initiate WhatsApp messages to end users on its own behalf and acts solely as a service provider processing data on behalf of its Customers.
• End users may opt out of WhatsApp communications at any time using mechanisms provided by the Customer or as supported by the WhatsApp platform.

5.2 Retention of WhatsApp Messaging Data

• WhatsApp messaging data processed through Cocoonmail, including phone numbers, message content, templates, and message metadata, is retained only for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, enforce agreements, or meet operational and audit requirements.
• Message content and metadata may be stored temporarily to enable message delivery, reporting, analytics, troubleshooting, and compliance with platform or legal requirements.
• Upon termination of the Customer’s account or upon Customer request, such data will be deleted or anonymized within a reasonable period, unless retention is required by law or applicable platform policies.

5.3 Relationship With WhatsApp and Meta Platforms

• Cocoonmail integrates with the WhatsApp Business Platform provided by Meta Platforms, Inc. or its affiliates.
• WhatsApp data is processed in accordance with Meta’s platform terms, WhatsApp Business Policies, and applicable laws. Meta and WhatsApp may independently process certain data as described in their own privacy policies.
• Cocoonmail does not sell WhatsApp data, does not use WhatsApp message content for advertising purposes, and does not access or process WhatsApp data beyond what is necessary to provide the Services.

For more information on how WhatsApp and Meta process personal data, please review WhatsApp's Privacy Policy available on WhatsApp's official website.

6. Data Sharing

We may share data with:

• Cloud hosting and infrastructure providers
• Payment processors
• Customer support tools
• Legal or regulatory authorities where required by law

7. International Data Transfers

Personal Data may be processed outside India. Where required, we apply lawful transfer mechanisms such as standard contractual clauses or equivalent safeguards.

8. Shopify App & Integration Privacy Policy

8.1 Overview

When you install and use the Cocoonmail Shopify App (the “App”), Cocoonmail processes certain data from your Shopify store to enable features such as abandoned cart recovery, order notifications, transactional messaging, marketing automation, and analytics. This section applies only to data accessed or processed via Shopify APIs.

8.2 Data Accessed from Shopify

Based on permissions approved during installation, the App may access:

• Store & Merchant Data: Store name, domain, timezone, currency, Merchant email and contact details, Shopify store identifiers and API tokens
• Customer & Order Data: Customer name, email address, phone number, Order details, order value, line items, order status, Cart and abandoned checkout data
• Usage & Event Data: Event timestamps (order created, cart abandoned, order fulfilled), Message delivery, engagement, and workflow execution logs

8.3 Purpose of Data Use

Shopify data is used strictly to:

• Execute messaging workflows and notifications
• Enable automation rules and analytics
• Provide reporting and performance insights
• Support troubleshooting and customer support

We do not use Shopify customer data for our own marketing purposes.

8.4 Legal Basis

Processing of Shopify data is based on:

• Merchant request and contractual necessity
• Legitimate interest in providing and improving the App
• Merchant responsibility to obtain customer consent where required

8.5 Data Sharing

Shopify data may be shared with:

• Messaging providers (e.g., WhatsApp Cloud API, email delivery services)
• Cloud infrastructure and analytics providers

All subprocessors are bound by confidentiality and data protection obligations.

8.6 Data Retention & Deletion

• Shopify data is retained only while your store is connected and the App is active
• Upon app uninstallation, data is deleted or anonymized within a reasonable timeframe unless legally required

8.7 Merchant Responsibilities

Merchants are responsible for:

• Providing legally compliant privacy notices to their customers
• Obtaining required consent for messaging and data processing
• Ensuring compliance with applicable data protection laws

9. Data Retention

Data is retained only as long as necessary to provide the Service, comply with legal obligations, or resolve disputes. Customers may request deletion or configure retention settings.

10. Security Measures

We implement appropriate technical and organizational measures to protect Personal Data against unauthorized access, loss, or misuse.

11. Rights of Individuals

Depending on applicable law, individuals may request access, correction, deletion, restriction, or portability of their data. Requests should be directed to the relevant Customer.

12. Children’s Data

Cocoonmail is not intended for children under 16 years of age, and we do not knowingly process children’s Personal Data.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted with a revised “Last Updated” date.

14. Contact Information

Inofinix Private Limited
301, 10th Cross, Celebrity Paradise
Electronic City, Bengaluru – 560100
Karnataka, India
Email: privacy@cocoonmail.com

Cocoonmail is a product of Inofinix Private Limited.