Privacy Policy
Last updated: 10 July 2026
This policy explains how Stravax Group LLC handles data on Stravax Engage. It covers two different roles: the data we control as the operator of the platform, and the data we process on behalf of our business customers.
1. Who we are and our two roles
Stravax Engage is operated by Stravax Group LLC, United Arab Emirates (licence 2537844.01), registered at Shams Business Center, Sharjah Media City Free Zone, Al Messaned, Sharjah, UAE.
- As a controller, we decide how we handle the account and admin data of the businesses that sign up, and visitors to this website.
- As a processor, we handle the messages, contacts, and related data that our customers route through the platform. In that case the customer is the controller and we act on their instructions. If you are an end-customer messaging a business that uses Engage, that business, not Stravax, is responsible for your data; please contact them.
2. Information we collect as controller
- Account data: name, work email, business details, and login credentials of the people who administer an Engage account.
- Access and billing data: plan, usage volumes, invoices, and payment status (card details are handled by our payment processor, not stored by us).
- Enquiries: anything you send us by email or through our enquiry forms.
- Website data: standard analytics such as pages viewed, device, and approximate location.
3. Data we process on your behalf
When you use Engage, we process the data you route through it so we can deliver the Service. This includes your contacts' WhatsApp numbers and profile names, the content and metadata of messages you send and receive, lead and pipeline records in the CRM, and the conversion events you choose to sync to ad platforms. We process this on your instructions and do not use it for our own purposes or sell it. You are responsible for having a valid opt-in and legal basis for the contacts you message.
4. How we use data
We use controller data to provide and secure the Service, to bill you, to provide support, and (with your consent where required) to send service updates. We use processor data only to operate the platform for you: routing messages through WhatsApp, storing your inbox, running automations and cart recovery, and syncing the conversions you configure.
5. Subprocessors
We use a focused set of providers to run the Service. Each processes data only as needed and under its own terms:
| Provider | Purpose |
|---|---|
| Meta / WhatsApp | The WhatsApp Business Platform that sends and receives your messages. |
| Cloudflare | Hosting, database, message and media storage, and platform security. |
| Resend | Transactional and notification email. |
| Shopify | Store and order data for abandoned-cart recovery, where you connect a store. |
| Stripe | Payment processing for paid plans. |
| Google and Meta (Ads) | Receiving the conversion events you choose to sync to ad accounts you connect. |
We keep this list current and take reasonable steps to ensure each provider protects data appropriately.
6. Ad Sync and conversion data
If you enable Ad Sync, we send the conversion events you configure to the Meta or Google ad accounts you connect, so your reporting and optimisation reflect real outcomes. You control which events are sent and to which accounts, and you can disconnect at any time. Those ad platforms handle the data they receive under their own policies.
7. Data retention
We retain account and billing data for as long as you have an account and as required for legal and tax purposes afterwards. Message content and media are retained while your account is active and are deleted or made available for export within a reasonable period (typically 30 days) after termination. Website leads are retained for up to 90 days.
8. Security
Data is encrypted in transit. Each customer's data is isolated to its own tenant, and access is scoped and controlled. Message media is stored separately from metadata, and secrets are managed with our hosting provider's secret storage. No system is perfectly secure, but we take reasonable technical and organisational measures to protect data.
9. International transfers
Our providers, including Meta and Cloudflare, operate global infrastructure, so data may be processed outside the UAE. Where that happens, we rely on the providers' safeguards for such transfers.
10. Your rights
Subject to applicable law, including the UAE Personal Data Protection Law, you may request access to, correction of, or deletion of your personal data, and you may object to or restrict certain processing. Account holders can email us using the details below. If you are an end-customer of a business that uses Engage, please direct your request to that business, which controls your data; we will assist them as their processor.
11. Cookies and analytics
Our website uses essential cookies and standard analytics to understand usage and improve the site. You can control cookies through your browser settings.
12. Children
Engage is a business tool and is not directed to children. We do not knowingly collect data from anyone under 18 through our account signup.
13. Changes to this policy
We may update this policy as the Service evolves. Material changes will be notified in the app or by email before they take effect.
14. Contact
Stravax Group LLC, Sharjah, UAE. Privacy and data requests: [email protected].
For customers with formal data-processing requirements, our Data Processing Agreement forms part of the Terms of Service and prevails over this policy to the extent of any conflict.