Privacy Policy
This Privacy Policy explains how Wagwizi, operated by a company incorporated in Zimbabwe (“Wagwizi”, “we”, “us”, or “our”), collects, uses, shares, and protects information when you visit our website, create an account, or use our social media management application (collectively, the “Service”).
By accessing or using the Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service. Capitalized terms not defined here have the meaning given in our Terms of Service.
1. Definitions
- Personal data means information that identifies or can reasonably be linked to an individual, such as a name, email address, or account identifier.
- Content means text, images, videos, files, captions, drafts, schedules, and other material you upload, compose, or store in the Service.
- Usage data means technical information generated when you interact with the Service, such as IP address, browser type, and activity logs.
- Connected accounts means third-party social media or publishing accounts you authorize us to access through OAuth or API credentials.
- Workspace means a shared environment in the Service where one or more users manage content, settings, and connected accounts together.
2. Information we collect
We collect information in three broad ways: information you provide, information generated by your use of the Service, and information from third parties you connect.
2.1 Information you provide
- Account and profile data: name, email address, password (if you use email sign-in), phone number, bio, language preference, timezone, avatar, and notification settings.
- Workspace data: workspace name, membership role, workspace avatar, invitations you send or accept, and preferences configured for a workspace.
- Content and media: posts, drafts, captions, hashtags, scheduled publish times, uploaded images and videos, media library metadata, and workflow or automation configurations.
- Support and communications: messages, attachments, and other information you submit through support tickets, feedback forms, or direct contact with us.
- Billing-related information: plan selection, billing interval, invoices, transaction references, and limited billing contact details. Payment card or wallet details are handled by our payment processors and are not stored by us in full.
- Referral and affiliate data: referral codes, referral relationships, and commission-related records where you participate in referral or affiliate features.
- AI settings: if you use bring-your-own-key AI features, we store the configuration you provide (such as provider choice and API credentials you choose to save). Prompts and generated output may be processed to deliver the feature you request.
- API and webhook configuration: API client names, credentials, webhook URLs, and related operational settings if your plan includes developer features.
2.2 Information collected automatically
- Usage and device data: IP address, browser type and version, operating system, device identifiers, pages viewed, features used, timestamps, referring URLs, and diagnostic logs.
- Security and audit data: login events, session identifiers, failed authentication attempts, and security-related activity records used to protect the Service.
- Performance data: error reports, crash information, and aggregated analytics that help us maintain reliability and improve the product.
2.3 Information from connected platforms
When you connect a social network, blog, messaging channel, or other third-party service, we receive information authorized by that platform and by you, such as account identifiers, profile names, access tokens, page or channel lists, publishing permissions, and metrics needed for scheduling, publishing, previews, or analytics. The exact data depends on the platform and the permissions you grant.
Once content is published to a third-party platform, that platform’s privacy policy and terms govern how the content and related data are used. For example, connecting a Google or YouTube account may involve Google API services; Google’s terms and privacy policy apply to your use of those services. You can review and revoke third-party access through the relevant platform’s security or permissions settings.
3. How we use information
We use the information we collect to:
- Provide, operate, maintain, and secure the Service, including scheduling, publishing, media storage, calendars, insights, workflows, and team collaboration features.
- Authenticate you, manage your account and workspace memberships, and enforce plan limits and feature access.
- Process subscriptions, payments, invoices, trials, upgrades, downgrades, and billing support.
- Connect to and publish on third-party platforms at your direction.
- Provide AI-assisted features when enabled, including platform-managed AI or AI using credentials you supply.
- Send service messages such as verification codes, password resets, billing notices, security alerts, product updates, and support replies.
- Send marketing or promotional communications where permitted and where you have not opted out.
- Monitor usage, troubleshoot problems, detect abuse, fraud, or unauthorized access, and protect users and the Service.
- Comply with legal obligations, respond to lawful requests, and enforce our Terms and policies.
- Improve and develop the Service through analysis, testing, and aggregated reporting.
4. Legal bases for processing
Where applicable data-protection laws require a legal basis, we process personal data because:
- It is necessary to perform our contract with you and provide the Service you request.
- You have given consent, such as for optional marketing emails or for connecting third-party accounts.
- Processing is in our legitimate interests, such as securing the Service, preventing abuse, improving features, and supporting customers, where those interests are not overridden by your rights.
- Processing is necessary to comply with law or respond to valid legal process.
- Processing is necessary for payment and billing operations.
5. Cookies and similar technologies
We use cookies, local storage, session storage, and similar technologies to keep you signed in, remember preferences such as theme or timezone, protect against cross-site request forgery, measure performance, and understand how the Service is used.
Examples include:
- Essential cookies: required for authentication, security, and core functionality.
- Preference cookies: remember settings you choose in the application.
- Analytics cookies: help us understand usage patterns and improve the Service.
You can control cookies through your browser settings. Disabling essential cookies may prevent parts of the Service from working correctly. We do not currently respond to “Do Not Track” browser signals in a uniform way across all browsers.
6. How we share information
We do not sell your personal information. We may share information in the following circumstances:
6.1 Service providers
We use trusted third parties to help us operate the Service, such as hosting providers, email delivery services, payment processors, analytics tools, and customer support systems. These providers may access personal data only to perform services for us and are expected to protect it appropriately.
6.2 Payment processors
Paid plans may be processed through third-party payment providers such as Stripe, PayPal, Paynow, or Pesepay, depending on what is enabled for your checkout. Payment information is supplied directly to the processor and is governed by that processor’s privacy policy and security standards, including PCI-DSS requirements where applicable. We receive limited billing metadata such as payment status, transaction references, and customer contact details needed for account management.
6.3 Third-party platforms you connect
We share Content and account identifiers with social networks and publishing platforms only as needed to perform actions you request, such as publishing a post, retrieving analytics, or listing pages and channels available for connection.
6.4 Workspace members
If you join or create a workspace, certain profile information, workspace content, connected account metadata, and activity within that workspace may be visible to other members of the same workspace according to their role and permissions.
6.5 AI providers
If you use AI features, relevant prompt text and context may be sent to an AI provider selected by us or configured by you in bring-your-own-key mode, solely to generate the output you request. Do not submit sensitive personal data in prompts unless you accept that it may be processed by the relevant provider.
6.6 Legal, safety, and business transfers
We may disclose information if we believe in good faith that disclosure is necessary to comply with law, respond to lawful requests, protect the rights, property, or safety of Wagwizi, our users, or the public, investigate fraud or abuse, or enforce our agreements. If we are involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction, subject to appropriate protections.
7. International transfers
We are based in Zimbabwe. Your information may be processed in Zimbabwe and in other countries where we or our service providers operate. Those countries may have data protection laws that differ from the laws where you live. Where required, we take reasonable steps designed to ensure that personal data receives an appropriate level of protection.
8. Retention
We retain personal data for as long as your account is active, as needed to provide the Service, and as necessary to comply with legal obligations, resolve disputes, enforce agreements, and maintain security records.
Usage data is generally kept for a shorter period unless needed for security, troubleshooting, or legal compliance. After you delete your account, we delete or anonymize personal data in our active systems except where retention is required by law or reasonably necessary for billing reconciliation, fraud prevention, dispute resolution, or backup systems that are purged on a regular cycle.
9. Security
We implement technical and organizational measures designed to protect personal data, including access controls, encryption where appropriate, and monitoring for suspicious activity. However, no method of transmission over the Internet or electronic storage is completely secure, and we cannot guarantee absolute security.
You are responsible for maintaining the confidentiality of your password and for securing any API keys, webhook secrets, or third-party credentials you store in the Service.
10. Your rights and choices
Depending on where you live, you may have rights to access, correct, update, delete, restrict, or object to certain processing of your personal data, or to request portability of information you provided. Zimbabwean law and other applicable privacy laws may provide additional rights.
You can also:
- Update profile and workspace settings in the Service.
- Disconnect third-party social accounts from the accounts area.
- Opt out of marketing emails using the unsubscribe link in those messages or through your account settings where available.
- Delete your account and associated personal data using the self-service option described below.
- Contact us through the support options in the Service to exercise rights or ask questions about your data.
We may need to verify your identity before responding to certain requests. We will respond within a reasonable time and as required by applicable law. You may also have the right to lodge a complaint with a supervisory authority in your country.
11. Marketing communications
With your consent or where otherwise permitted by law, we may send you emails about product updates, offers, or educational content. You can opt out at any time. Even if you opt out of marketing, we may still send transactional or service-related messages, such as billing receipts, security alerts, or responses to support requests.
12. Deleting your data
Signed-in users can permanently delete their account and associated personal data from Profile → Your data → Delete my account and data. Self-service deletion removes your profile, drafts, scheduled posts, media uploads, connected social accounts, API credentials you created, and workspace content tied to workspaces you solely own.
If you own a workspace with other members, you must transfer ownership or remove those members before deletion. If you cannot use self-service deletion, contact us through the support options in the Service with the email address associated with your account. We will confirm receipt within a reasonable time and complete verified deletion requests within 30 days where possible, unless certain records must be retained for legal or compliance reasons.
13. Children’s privacy
The Service is not directed to children under 13, or the minimum age required in your jurisdiction to consent to online services. We do not knowingly collect personal information from children. If you believe a child has provided us personal data, contact us and we will take steps to delete it.
14. Links to other websites
The Service may contain links to third-party websites, platforms, or services that we do not control. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing information to them.
15. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will post the updated policy on this page, update the “Last updated” date, and where appropriate provide additional notice such as by email or an in-product message. Your continued use of the Service after the effective date of an updated policy constitutes acceptance of the changes where permitted by law.
16. Contact us
For privacy questions, data requests, or concerns about this policy, contact us through the support options provided in the Service, including the in-app support ticket system. Please include the email address associated with your account so we can verify and respond to your request.