Privacy Policy

Liquidsend is a SaaS product operated by African Luxury Group Limited, a company registered in England & Wales. We provide a WhatsApp + email subscription-funnel platform that brands install to run founder drops, manage subscribers, and track conversion. This privacy policy covers how Liquidsend handles data — both the data of brands who install our app (merchants) and the data of their end-customers we process on their behalf.

Contact: daniel@africanluxurygroup.com

• Account identity: business name, contact email, billing email, country.
• Connected provider credentials: API keys for Stripe, PayPal, Recharge (encrypted at rest); OAuth tokens for Shopify (encrypted at rest).
• Configuration: payment provider preference, invitation URL base, brand assets.
• Usage data: when you log in, which dashboard pages you visit, which buttons you click. Aggregate, not for advertising.

When a merchant uses Liquidsend, their customer data flows through our platform. We act as a Data Processor; the merchant is the Data Controller. We process:

• Customer name, email, phone number, postal address (for fulfilment).
• Subscription state: invited, opened, clicked, committed, activated, cancelled.
• Communication signals: email opens/clicks, WhatsApp delivery/read/reply status.
• Payment provider identifiers (e.g. Stripe customer ID); never card numbers.

The merchant’s own privacy policy governs how they collect and authorise this data. We don’t use end-customer data for our own marketing; we don’t share it with third parties beyond the merchant’s chosen processors (Stripe, PayPal, Resend, Meta, etc.).

• Meta (WhatsApp Cloud API) — WhatsApp template delivery + status webhooks.
• Resend — transactional email delivery.
• Stripe / PayPal — when the merchant has connected them, payment processing.
• Shopify — when the merchant has connected their store, product/customer/order sync.
• Supabase — our database, hosted in the EU.
• Vercel — application hosting (US/EU edge).
• Cloudinary — product image hosting (no personal data).

• Contract: processing necessary to operate Liquidsend for the merchant.
• Legitimate interest: aggregate analytics, security monitoring, fraud prevention.
• Consent: non-essential cookies, marketing emails to merchant operators.
• Legal obligation: tax records (6 years per HMRC).

• Merchant account data: lifetime of account + 90 days post-cancellation, then deleted.
• End-customer data: held only while the merchant’s account is active.
• Suppression records (do-not-contact): kept indefinitely as a hashed reference.
• Aggregate platform analytics: kept indefinitely.
• Tax records: 6 years.

Both merchants and end-customers have the rights afforded by UK GDPR and equivalent regimes:

• Access — request a copy of data we hold about you.
• Correct — fix anything inaccurate.
• Delete — request erasure (subject to statutory retention).
• Object — opt out of marketing or specific processing.
• Port — receive your data in machine-readable form.
• Complain — to the UK Information Commissioner’s Office at ico.org.uk.

End-customers should contact the merchant they subscribed with first. If unresolved, email us at daniel@africanluxurygroup.com or use our Data Deletion form. We respond within 30 days.

When a merchant sends a WhatsApp message via Liquidsend, the recipient’s phone number and the message content are transmitted to Meta’s WhatsApp Cloud API for delivery. The merchant is responsible for ensuring they have valid opt-in. Each template includes opt-out language (typically “Reply STOP”); when a recipient opts out, Liquidsend honours it within 5 minutes via webhook.

Some sub-processors are based in the US (Stripe, Resend, Meta, Vercel, Cloudinary). Transfers rely on UK Adequacy Decisions where in place, Standard Contractual Clauses, or each processor’s Data Privacy Framework certification.

We use only essential cookies on the merchant dashboard (authentication, session state). No third-party tracking cookies, no advertising cookies.