Legal | Wably – AI WhatsApp Assistant for Bookings and Reminders

WABLY – Legal Privacy Centre

Last updated: 3 May 2026

This document contains all legal policies governing the use of the Wably platform. It is structured as a single Legal Hub with the following sections: (1) Legal Notice, (2) Terms of Service, (3) Acceptable Use Policy, (4) Privacy Policy, (5) WhatsApp Messaging Data, (6) Data Processing Agreement, (7) Cookie Policy, (8) Contact Rights.

1. LEGAL NOTICE (AVISO LEGAL)

In accordance with Article 10 of Spanish Law 34/2002 on Information Society Services and Electronic Commerce (LSSI-CE), the following information is provided:

Service Provider: Marco Santucci

Trade Name: Wably

NIF / Tax ID: Y0814119W

Registered Address: Calle Agustina de Aragón 92, Barcelona, Spain

Email: legal@wably.app

Website: wably.app

Governing Law: Kingdom of Spain

Jurisdiction: Courts of Barcelona, Spain

Access to and use of this website and its services implies full acceptance of these legal terms.

Intellectual Property

All content on this website — including text, graphics, logos, software, and workflows — is the exclusive property of Wably or its licensors and is protected under Spanish and EU intellectual property law. Reproduction, distribution, or transformation of any content without prior written authorisation is strictly prohibited.

Disclaimer

Wably provides its platform on an “as is” and “as available” basis. Wably does not guarantee uninterrupted availability and accepts no liability for damages arising from service interruptions, third-party failures, or force majeure events.

2. TERMS OF SERVICE

These Terms of Service (“Terms”) constitute a legally binding agreement between you (“Client”, “you”) and Wably (“we”, “us”) governing your access to and use of the Wably platform.

1. Service Description

Wably is a multi-tenant SaaS platform that enables businesses to automate transactional and operational communications, manage appointment scheduling, and connect business tools including WhatsApp Business API, Google Calendar, and contact management systems.

Wably is not a mass marketing platform. Use of the service for unsolicited marketing or bulk promotional messaging is strictly prohibited and constitutes a material breach of these Terms.

2. Account Registration

To use Wably you must:

• Be at least 18 years of age or the legal age of majority in your jurisdiction;

• Provide accurate, current, and complete registration information;

• Maintain the confidentiality of your credentials;

• Promptly notify us at support@wably.app of any unauthorised access.

You are solely responsible for all activity conducted under your account.

3. Subscriptions, Billing Trials

Wably is offered as a recurring subscription billed monthly or annually, in Euro (€) inclusive of applicable taxes unless otherwise stated. Payments are processed by a third-party payment provider (e.g. Stripe). By subscribing you authorise recurring charges in accordance with your selected plan.

Free Trial

Where a free trial is offered, it runs for the stated trial period. Unless cancelled before the trial ends, the subscription automatically converts to a paid plan at the then-current price.

Price Changes

We will provide at least 30 days’ advance notice of price changes, which take effect at the next billing cycle following the notice period.

4. Cancellation Refunds

You may cancel your subscription at any time from your account settings. Cancellation takes effect at the end of the current billing period. No partial refunds are issued for unused time within a billing period, except where required by applicable law.

Right of Withdrawal (Consumer Purchases)

Where you are a consumer under EU or Spanish law, you have a 14-day right of withdrawal from the date of purchase. By requesting and using the service immediately upon subscription, you expressly consent to immediate performance and acknowledge that the right of withdrawal is waived upon full or substantial performance of the service.

5. Invoicing VAT

Electronic invoices are issued for each billing cycle. Provide accurate billing information, including a valid EU VAT number where applicable. VAT is applied in accordance with EU VAT rules based on your location. EU businesses providing a valid VAT ID may benefit from the reverse charge mechanism.

6. Limitation of Liability

To the maximum extent permitted by law:

• Wably shall not be liable for indirect, incidental, special, or consequential damages, including loss of profits, data, or business opportunity;

• Our aggregate liability for any claim shall not exceed the total fees paid by you in the three months preceding the claim.

7. Modifications

We may update these Terms at any time. We will notify you via email or in-app notice at least 15 days before changes take effect. Continued use of the service after the effective date constitutes acceptance.

8. Governing Law Disputes

These Terms are governed by the laws of Spain. Any dispute shall be submitted to the exclusive jurisdiction of the courts of Barcelona, Spain, without prejudice to your rights as a consumer under the law of your country of residence if it provides greater protection.

3. ACCEPTABLE USE POLICY

This Acceptable Use Policy (“AUP”) applies to all clients and end users of Wably. Violation may result in immediate suspension or termination of service without refund.

1. Permitted Use

Wably may be used only for lawful, operational business communications that meet one or more of the following criteria:

• Transactional messages triggered by a user action (e.g. appointment confirmations, reminders);

• Operational notifications relating to an existing service or contractual relationship;

• Customer support communications initiated or requested by the end user.

2. Absolute Prohibitions

The following are strictly and unconditionally prohibited:

• Sending unsolicited commercial messages (spam) of any kind;

• Mass or bulk promotional campaigns without prior explicit opt-in from each recipient;

• Use of purchased, rented, or scraped contact lists;

• Impersonating any person or entity;

• Using Wably to facilitate illegal activities, fraud, phishing, or harassment;

• Sending content that infringes third-party intellectual property rights;

• Distributing malware, viruses, or any harmful code;

• Attempting to reverse-engineer or bypass platform security measures;

• Processing special categories of personal data without an explicit legal basis and prior written consent;

• Any use that violates WhatsApp Business Policy, Meta Platform Terms, or applicable telecommunications regulations.

3. Consent Requirements

Before sending any communication via Wably, you must have a valid legal basis under GDPR. For WhatsApp Business communications, recipients must have:

• Provided their phone number directly to your business; and

• Expressly opted in to receive WhatsApp messages from your business; and

• Not opted out or unsubscribed.

You must be able to demonstrate consent upon request.

4. Opt-Out Compliance

Every communication channel must include a clear, functional opt-out mechanism. Opt-out requests must be honoured within 24 hours.

5. Monitoring Enforcement

Wably applies automated monitoring, sending-rate analysis, and abuse detection. We may throttle, suspend, or block traffic that violates this AUP, and may report illegal activity to competent authorities. No refund is due upon suspension or termination for AUP violations.

4. PRIVACY POLICY

This Privacy Policy explains how Wably collects, uses, stores, and shares personal data when you use our platform or when our clients use the platform to communicate with their end customers.

Two roles under GDPR: Wably acts as Data Controller when processing data of registered clients and platform visitors. Wably acts as Data Processor when processing end-customer data on behalf of its clients (see Section 6 — DPA).

1. Data Controller

Controller: Marco Santucci (trading as Wably)

Address: Calle Agustina de Aragón 92, Barcelona, Spain

Privacy contact: privacy@wably.app

2. Data We Collect and Why

2.1 Platform Clients (B2B)

When you register and use Wably as a business client, we process:

• Identity data — name, company name, NIF/VAT number;

• Contact data — email address, phone number;

• Billing data — payment method details (handled by Stripe; we do not store card data), invoicing address;

• Account data — username, hashed password (via Keycloak), role, subscription plan;

• Usage data — login timestamps, feature usage, API call logs;

• Configuration data — connected integrations, calendar settings, workflow configurations.

Legal basis and retention per processing purpose:

• Account creation and authentication — contractual necessity (Art. 6(1)(b)) — retained for contract duration + 1 year;

• Service provision — contractual necessity (Art. 6(1)(b)) — retained for contract duration;

• Billing and invoicing — legal obligation (Art. 6(1)(c)) — retained 5 years (Spanish tax law);

• Customer support — contractual necessity (Art. 6(1)(b)) — retained 3 years from last interaction;

• Security and fraud prevention — legitimate interests (Art. 6(1)(f)) — logs retained 12 months;

• Marketing communications (opt-in only) — consent (Art. 6(1)(a)) — until consent withdrawn;

• Legal compliance and dispute resolution — legal obligation (Art. 6(1)(c)) — as required by law.

2.2 Website Visitors

• IP address and browser metadata (for security and analytics);

• Cookie data (see Section 7).

2.3 End Customers of Our Clients

When our clients use Wably to interact with their own customers, those end customers’ personal data is processed under the instructions of our client, who acts as Data Controller. We act as Data Processor. See Section 6 (DPA) and Section 5 (WhatsApp Data) for details.

3. Data Sharing

We do not sell personal data. We share data only with:

• Infrastructure providers — EU-based cloud hosting for database and application;

• Stripe Inc. — payment processing;

• Keycloak — self-hosted identity management;

• Meta Platforms Inc. — WhatsApp Business API delivery;

• Google LLC — Calendar and Contacts API integration (where enabled);

• Legal authorities — when required by law or to protect rights and safety.

All third-party processors are bound by appropriate data processing agreements.

4. International Transfers

Wably stores data primarily within the European Economic Area (EEA). Where transfers outside the EEA occur (e.g. via Meta or Google infrastructure), they are carried out under EU Standard Contractual Clauses (SCCs) as adopted by the European Commission.

5. Your Rights

Under GDPR and Spanish Organic Law 3/2018 (LOPDGDD), you have the following rights:

• Access (Art. 15) — request a copy of personal data we hold about you;

• Rectification (Art. 16) — correct inaccurate or incomplete data;

• Erasure (Art. 17) — request deletion where no compelling reason to continue processing;

• Restriction (Art. 18) — request limitation of processing in certain circumstances;

• Portability (Art. 20) — receive your data in a structured, machine-readable format;

• Objection (Art. 21) — object to processing based on legitimate interests;

• Withdraw consent — at any time without affecting prior processing;

• Lodge a complaint — file with the AEPD (Agencia Española de Protección de Datos) at www.aepd.es.

To exercise any right, contact us at privacy@wably.app. We will respond within 30 days.

6. Data Security

• Encryption of data in transit (TLS 1.2+) and at rest;

• Role-based access control with principle of least privilege;

• Audit logging of data access and system events;

• OAuth tokens stored in encrypted form;

• Regular security review of third-party integrations.

7. Data Retention

After termination of a client account:

• Account and configuration data is deleted within 90 days;

• Billing and invoice data is retained for 5 years (Spanish tax law);

• Anonymised usage statistics may be retained indefinitely.

5. WHATSAPP MESSAGING DATA

This section provides additional transparency required by Meta’s WhatsApp Business Platform policies and applies to all use of Wably as a WhatsApp Business Solution.

Wably integrates with the WhatsApp Business API (provided by Meta Platforms Inc.) to enable businesses to automate appointment-related and transactional messages.

1. What WhatsApp Data We Process

When clients send messages via WhatsApp through Wably, we may process:

• Phone number (E.164 format);

• Messaging metadata (delivery status, timestamps);

• Message content to the extent required to route and log the communication;

• Opt-in and opt-out status;

• Contact profile data provided by the client (name, email, appointment details).

2. How We Use WhatsApp Data

WhatsApp data is used exclusively to:

• Deliver messages requested by the client (appointment confirmations, reminders, notifications);

• Log delivery status and errors for operational purposes;

• Maintain conversation context for the AI scheduling assistant;

• Comply with legal obligations.

WhatsApp data is never used for: advertising profiling, third-party data sales, cross-tenant data sharing, or any purpose unrelated to the contracted service.

3. Consent for WhatsApp Messaging

Our clients must ensure that every WhatsApp message recipient has explicitly opted in to receive messages. Opt-in must be: obtained directly by the client from the end customer; clear, specific, and freely given; documented and verifiable. Clients are solely responsible for obtaining and maintaining valid opt-in records.

4. Opt-Out

End customers can opt out at any time by replying “STOP” or equivalent, or by contacting the business directly. Opt-outs must be honoured by the client within 24 hours.

5. Permitted Message Types

• Utility — appointment confirmations, reminders, rescheduling, cancellations;

• Service — responses to user-initiated conversations within a 24-hour messaging window.

Promotional or marketing templates are not supported and their use is prohibited.

6. Meta’s Role

Meta Platforms Inc. is an independent data controller with respect to WhatsApp infrastructure. Their data handling is governed by the WhatsApp Business Policy and Meta Platform Terms. Wably is not responsible for Meta’s data practices.

7. Retention of Messaging Data

Message content and delivery logs are retained for a maximum of 12 months, after which they are permanently deleted unless legal obligations require longer retention.

6. DATA PROCESSING AGREEMENT (DPA)

This Data Processing Agreement forms part of the contract between Wably (“Processor”) and the Client (“Controller”) and governs the processing of personal data on behalf of the Controller, as required by Article 28 of the GDPR.

By accepting these Terms of Service, the Client enters into this DPA. For enterprise clients requiring a separately executed DPA document, contact legal@wably.app.

1. Definitions

• Controller — the Client who determines the purposes and means of processing;

• Processor — Wably, who processes data on behalf of the Controller;

• Data Subject — the end customer of the Client;

• Personal Data — as defined in GDPR Article 4(1).

2. Subject Matter

Wably processes personal data of the Controller’s end customers to provide scheduling, messaging, and automation services. Processing activities include: storing contact records, routing WhatsApp messages, syncing calendar events, logging automation results.

3. Types of Personal Data Processed

• Contact identification data (name, phone number, email address);

• Appointment data (date, time, notes, status);

• Communication data (message delivery logs, session context);

• Consent records (opt-in timestamp, opt-out status).

4. Processor Obligations

Wably undertakes to:

• Process personal data only on documented instructions from the Controller;

• Ensure personnel with access to personal data are bound by confidentiality;

• Implement appropriate technical and organisational security measures (Art. 32 GDPR);

• Not engage sub-processors without prior authorisation;

• Assist the Controller in responding to Data Subject rights requests;

• Delete or return all personal data upon termination of the service;

• Provide all information necessary to demonstrate compliance with Art. 28 GDPR.

5. Controller Obligations

The Controller undertakes to:

• Have a valid legal basis for all processing instructions given to Wably;

• Obtain all necessary consents, in particular for WhatsApp messaging;

• Ensure the accuracy of personal data before uploading to Wably;

• Notify Wably of any data subject restriction request that requires Processor action.

6. Authorised Sub-Processors

General authorisation is granted for:

• EU-based cloud infrastructure provider;

• Meta Platforms Inc. — WhatsApp Business API delivery;

• Google LLC — Calendar and Contacts API (where enabled by Controller);

• Stripe Inc. — payment processing (billing data only).

Wably will notify the Controller of any intended changes to sub-processors with at least 15 days’ advance notice.

7. Data Breach Notification

Wably will notify the Controller of any personal data breach within 48 hours of becoming aware, providing all information required for the Controller to meet its Art. 33 GDPR notification obligations.

8. International Transfers

Processing occurs primarily within the EEA. Where data is transferred to third countries, appropriate safeguards are in place in the form of EU Standard Contractual Clauses.

9. Audit Rights

The Controller has the right to conduct audits or request documentation to verify compliance, subject to reasonable advance notice and confidentiality obligations.

10. Duration

This DPA remains in force for the duration of the service contract. Upon termination, Wably will delete or return all Controller personal data within 90 days, unless legal obligations require continued retention.

7. COOKIE POLICY

This Cookie Policy applies to the Wably website (wably.app) and the platform dashboard.

Cookies We Use

• Strictly necessary — authentication session (Keycloak), CSRF protection, load balancing. Legal basis: contractual necessity. Cannot be disabled. Duration: session.

• Functional — user preferences, language settings. Legal basis: legitimate interest. Duration: up to 12 months.

• Analytics — aggregate, anonymised usage statistics to improve the platform. Legal basis: consent. Duration: up to 13 months.

Wably does not use advertising or tracking cookies for third-party marketing purposes.

Managing Cookies

You can manage or disable non-essential cookies through your browser settings or via the cookie preference panel displayed on first visit. Disabling strictly necessary cookies will prevent login and platform use.

8. CONTACT RIGHTS REQUESTS

General inquiries: info@wably.app

Privacy data rights: privacy@wably.app

Legal compliance: legal@wably.app

Support: support@wably.app

Postal address: Marco Santucci / Wably, Calle Agustina de Aragón 92, Barcelona, Spain

Supervisory authority: Agencia Española de Protección de Datos (AEPD) — www.aepd.es

We aim to respond to all privacy-related requests within 30 calendar days. Complex requests may take up to 3 months in total, with notification provided within the first 30 days.

This document was last updated on 3 May 2026 and supersedes all previous versions. The current version is always available at wably.app/legal.

Cookies & Privacy