This Privacy Policy explains how Digital Evolutions ("we", "us", "our") collects, uses, stores, and protects information when you interact with us through WhatsApp using the WhatsApp Business number +971 58 544 0955 ("the Service"), and when you visit https://digitalevolutions.ae/.
We operate from the United Arab Emirates. This Policy is written to be compatible with the UAE Federal Decree-Law No. 45 of 2021 (PDPL) and, where you contact us from the European Union or United Kingdom, the EU/UK GDPR.
1. Who we are
Digital Evolutions
United Arab Emirates
Website: https://digitalevolutions.ae/
Contact: hello@digitalevolutions.ae
For the purpose of data protection law, Digital Evolutions is the data controller for personal information you share with us through the Service. WhatsApp / Meta Platforms Ireland Limited acts as our data processor for message delivery and is itself bound by its own terms — see whatsapp.com/legal/business-policy.
2. What information we collect
We collect only the information you choose to share with us through WhatsApp, plus the minimum technical identifiers required to deliver and audit messages.
From your WhatsApp messages
- The contents of messages you send (text, images, audio, video, documents, stickers)
- Captions and quoted-reply context
- Timestamps and delivery/read receipts
Identifiers WhatsApp provides to us
- Your WhatsApp display name (profile name)
- Your phone number in international format
- Your WhatsApp Business-Scoped User ID ("BSUID") — a per-business identifier introduced by Meta on 31 March 2026
- A WhatsApp message ID for each message (used for de-duplication)
Click-to-WhatsApp attribution (only if you arrive via a Meta ad)
- The campaign click identifier (
ctwa_clid) and the pre-filled welcome message text
From our website (https://digitalevolutions.ae/)
- Standard server access logs (IP address, browser, request timestamp) retained for security only
- Any information you voluntarily submit through contact forms
We do not collect financial information, government identifiers, or biometric data through this Service. Please do not send such information through WhatsApp.
3. How we use your information
We use the information you share with us strictly to:
- Respond to your enquiries and provide customer support
- Maintain a conversation history so any of our operators can pick up where another left off
- Comply with legal, accounting, and audit obligations
- Improve the quality and security of the Service
We do not sell your data, share it with advertising networks, or use it to train third-party AI models.
4. Legal basis for processing
Where the EU/UK GDPR applies, our legal bases are:
- Performance of a service you requested (Article 6(1)(b)) — when you message us, we process the message to respond
- Legitimate interest (Article 6(1)(f)) — for record-keeping, fraud prevention, and service security
- Consent (Article 6(1)(a)) — for any optional marketing communication, which we will request separately
You may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.
5. Where your data is stored
Customer-service conversations are stored with a third-party managed-database provider hosted in Frankfurt, Germany (EU region). That provider acts as our sub-processor and handles data on documented instructions only.
Our public website is served from a global content-delivery network (edge servers worldwide).
The WhatsApp transport layer is operated by Meta Platforms Ireland Limited and may temporarily route your messages through Meta infrastructure outside the EU as part of normal delivery.
6. How long we keep your data
| Data category | Retention |
|---|---|
| WhatsApp conversation history | 24 months after the last message, then deleted |
| Operator-added notes on a contact | Same as conversation history |
| Webhook delivery/flow audit events | 12 months |
| Server access logs | 90 days |
| Information you submit via website forms | Until your enquiry is resolved, plus 24 months |
You can ask us to delete your conversation history sooner — see Section 8.
7. Who can access your data
Internally, only authorised personnel of Digital Evolutions can access conversations, restricted to a single named operator account with permission rules enforced at the database level.
We share data with the following categories of third party, all bound by appropriate contracts:
- Meta Platforms Ireland Limited — for WhatsApp message transport
- Cloud hosting and database providers — for storing conversations and operating the website
- Content-delivery and edge-security providers — for serving the public website
- Transactional email providers — for delivering website contact-form submissions to our team
- Google LLC — for website analytics (Google Analytics 4), advertising and conversion measurement (Google Ads), and tag delivery (Google Tag Manager) on the public website only
- LinkedIn Ireland Unlimited Company — for the LinkedIn Insight Tag, used for ad conversion measurement and audience building on the public website only
- Legal, accounting, and regulatory authorities — where compelled by law
WhatsApp conversation content is never shared with advertising platforms or analytics providers. Website-visitor analytics and advertising cookies are described in Section 12 and only apply to https://digitalevolutions.ae/, not to the WhatsApp Service.
8. Your rights
Depending on where you live, you may have the right to:
- Access a copy of the data we hold about you
- Correct information that is inaccurate
- Delete ("erasure" / "right to be forgotten") your conversation history
- Restrict or object to certain processing
- Portability — receive your data in a machine-readable format
- Withdraw consent for any processing based on consent
To exercise any of these rights, email us at hello@digitalevolutions.ae with "Privacy request" in the subject line. We will respond within 30 days. We may request reasonable verification that you are the person whose data is requested.
If you believe we have not handled your data appropriately, you may complain to your local data protection authority. In the UAE, this is the UAE Data Office.
9. Security
We use:
- HMAC-SHA-256 signature verification on every inbound webhook to prevent forgery
- HTTPS-only transport with rejected protocol downgrades and disabled cross-host redirects
- Server-side allowlisting of media-download hosts to Meta's published domains only
- A single named operator account managed by Appwrite Account (password hashing handled by the provider), scoped to a specific user ID
- Per-table row-level permissions in Appwrite, restricted to the named operator
- Short-lived (15 minute) JSON Web Tokens for the operator's web session, with auto-refresh
- Encrypted private keys (PEM, AES-256-CBC passphrase) for WhatsApp Flows where applicable
Despite these measures, no system is perfectly secure. If we ever become aware of a breach affecting your data, we will notify you and the relevant authority without undue delay.
10. Children's data
The Service is intended for business communication with adults. We do not knowingly collect data from anyone under 16. If you believe a child has contacted us, please email hello@digitalevolutions.ae and we will delete the data.
11. WhatsApp's own role and policy
When you message us, you are also subject to:
- WhatsApp's Privacy Policy: whatsapp.com/legal/privacy-policy
- WhatsApp Business Messaging Policy: whatsapp.com/legal/business-policy
Meta independently processes message metadata for delivery and quality scoring. Their handling is not something we control.
12. Cookies and tracking on our website
This section applies only to the public website at https://digitalevolutions.ae/, not to WhatsApp conversations.
We use cookies and similar technologies through Google Tag Manager for the following purposes:
Strictly necessary
- Session management and basic security on our website
- Remembering minor preferences like accepted UI states
These do not identify you to any third party and cannot be disabled while you use the site.
Analytics — Google Analytics 4
- Operated by Google LLC
- Cookies:
_ga,_ga_*(first-party, 13-month max lifespan) - Purpose: aggregate, statistical understanding of how visitors find and use the site — page views, session length, traffic source, country, device type
- We use only standard GA4 measurement. We have not enabled Google Signals, ad personalisation features, or User-ID linking
Advertising and conversion measurement
- Google Ads Remarketing — cookie
_gcl_au. Allows us to show ads to people who have visited the site and to measure when a form submission follows an ad click. Operated by Google LLC. - LinkedIn Insight Tag — sets
li_*cookies. Used for ad conversion measurement and audience building on LinkedIn campaigns. Operated by LinkedIn Ireland Unlimited Company. - Conversion Linker — a Google helper that improves attribution accuracy between an ad click and a subsequent conversion event. Sets the same
_gcl_aucookie.
Opting out
- Google Analytics: install the Google Analytics Opt-out Browser Add-on
- Google Ads personalisation: manage at adssettings.google.com
- LinkedIn ads: manage at linkedin.com/psettings/guest-controls/retargeting-opt-out
- Browser-level: most modern browsers let you block third-party cookies entirely in settings
If you visit from the EU, UK, or another jurisdiction with cookie-consent requirements, we may introduce a consent banner. Until then, by continuing to use the site you accept the cookies described above.
13. Changes to this Policy
We may update this Policy from time to time. Material changes will be highlighted on this page and, where appropriate, communicated to active customers through WhatsApp. The "Last updated" date at the top of this Policy reflects the most recent revision.
14. Contact
For privacy questions, data requests, or to raise a concern:
Email: hello@digitalevolutions.ae
Subject: Privacy request
We are committed to handling personal information responsibly and to addressing any concerns promptly.