Last updated: May 12, 2026
Mekoshi helps merchants create storefronts, receive orders, coordinate payments, send order updates, and manage seller-owned WhatsApp, Instagram, and delivery workflows.
We collect account details, merchant store details, product information, order details, delivery information, payment references, support messages, and operational logs needed to run the service.
When a merchant connects WhatsApp or Instagram through Meta, we may receive Meta business account IDs, WhatsApp phone number IDs, Facebook Page IDs, Instagram professional account IDs, display names, message identifiers, inbound message payloads, message delivery statuses, and access tokens needed to send or receive merchant-approved messages.
Meta access tokens are stored as server-side secret files outside the database. The database stores only the generated secret file name and account metadata needed to route messages to the correct merchant.
We use information to authenticate users, operate storefronts, process orders, initialize payments, estimate delivery, route customer updates, receive webhook events, protect accounts, troubleshoot errors, and comply with legal or platform requirements.
We share information only with service providers needed to operate the platform, including payment processors, hosting providers, storage providers, delivery workflows, observability tools, and Meta APIs when merchants connect their own WhatsApp or Instagram accounts.
We keep account, store, order, payment, delivery, and messaging records for as long as needed to provide the service, resolve disputes, keep audit records, and meet legal obligations. Merchants can disconnect Meta channels from the dashboard, and Meta deletion callbacks disable connected channel accounts and remove database references to channel token files.
Meta users can request deletion through Meta's app controls. Meta sends deletion requests to our data deletion callback, and we record the request, disable matching WhatsApp or Instagram channel connections, remove stored token-file references, and provide a confirmation code and status page.
Open Data Deletion Instructions
We use server-side secret files, authenticated API routes, webhook signature verification, restricted container mounts, and least-privilege operational practices to reduce unauthorized access risk.
For privacy requests, contact the Mekoshi operator through the support channel listed on the production site or merchant agreement.