Privacy Policy

Liquidsend is a SaaS product operated by African Luxury Group Limited, a company registered in England & Wales. We provide a WhatsApp + email subscription-funnel platform that brands install to run founder drops, manage subscribers, and track conversion. This privacy policy covers how Liquidsend handles data — both the data of brands who install our app (merchants) and the data of their end-customers we process on their behalf.

Contact: daniel@africanluxurygroup.com. Address: 45 Albemarle Street, London W1S 4JL, United Kingdom.

• Account identity: business name, contact email, billing email, country.
• Connected provider credentials: API keys for Stripe, PayPal, Recharge (encrypted at rest); OAuth tokens for Shopify (encrypted at rest).
• Configuration: payment provider preference, invitation URL base, brand assets.
• Usage data: when you log in, which dashboard pages you visit, which buttons you click. Aggregate, not for advertising.

When a merchant uses Liquidsend, their customer data flows through our platform. We act as a Data Processor; the merchant is the Data Controller. We process:

• Customer name, email, phone number, postal address (for fulfilment).
• Subscription state: invited, opened, clicked, committed, activated, cancelled.
• Communication signals: email opens/clicks, WhatsApp delivery/read/reply status.
• Payment provider identifiers (e.g. Stripe customer ID); never card numbers.

The merchant’s own privacy policy governs how they collect and authorise this data. We don’t use end-customer data for our own marketing; we don’t share it with third parties beyond the merchant’s chosen processors (Stripe, PayPal, Resend, Meta, etc.).

• Provide the service: send messages, process subscriptions, sync orders.
• Operator dashboard: surface message status, channel quotas, conversion funnel.
• Improve the platform: aggregate stats on which features are used, which message types convert.
• Comply with our legal obligations (tax, accounting, regulatory).
• Communicate product updates to merchant operators.

To run the service, end-customer data flows through:

• Meta (WhatsApp Cloud API) — for WhatsApp template message delivery + status webhooks.
• Resend — for transactional email delivery.
• Stripe / PayPal — when the merchant has connected them, for payment processing.
• Shopify — when the merchant has connected their store, for product/customer/order sync.
• Supabase — our database, hosted in the EU.
• Vercel — application hosting (US/EU edge).
• Cloudinary — product image hosting (no personal data).

We don’t sell data. We don’t share with advertising networks or brokers.

• Contract: processing necessary to operate Liquidsend for the merchant.
• Legitimate interest: aggregate analytics, security monitoring, fraud prevention.
• Consent: for non-essential cookies, marketing emails to merchant operators.
• Legal obligation: tax records (6 years per HMRC).

• Merchant account data: lifetime of account + 90 days post-cancellation, then deleted.
• End-customer data: held only while the merchant’s account is active. On merchant cancellation, exported to merchant on request, then deleted within 30 days.
• Suppression records (do-not-contact): kept indefinitely as a hashed reference so re-imports don’t accidentally re-message opted-out users.
• Aggregate platform analytics: kept indefinitely.
• Tax records: 6 years.

Both merchants and end-customers have the rights afforded by UK GDPR and equivalent regimes:

• Access — request a copy of data we hold about you.
• Correct — fix anything inaccurate.
• Delete — request erasure (subject to statutory retention).
• Object — opt out of marketing or specific processing.
• Port — receive your data in machine-readable form.
• Complain — to the UK Information Commissioner’s Office at ico.org.uk.

End-customers should contact the merchant they subscribed with first. If unresolved, email us directly at daniel@africanluxurygroup.com or use our Data Deletion form. We respond within 30 days.

When a merchant sends a WhatsApp message via Liquidsend, the recipient’s phone number and the message content are transmitted to Meta’s WhatsApp Cloud API for delivery. The merchant is responsible for ensuring they have valid opt-in. Each template includes opt-out language (typically “Reply STOP”); when a recipient opts out, Liquidsend honors it within 5 minutes via webhook and adds the number to a permanent do-not-message list shared with all sub-processors.

Some sub-processors are based in the US (Stripe, Resend, Meta, Vercel, Cloudinary). Transfers rely on UK Adequacy Decisions where in place, Standard Contractual Clauses, or each processor’s Data Privacy Framework certification. End-customer payment data is held entirely by the payment provider; Liquidsend never sees it.

We use only essential cookies on the merchant dashboard (authentication, session state). No third-party tracking cookies, no advertising cookies, no per-visitor analytics profiling.

We’ll update this page if we change sub-processors, add data categories, or change retention. Material changes get an email to active merchants. The “last updated” date at the top reflects the most recent change.