From 6d7687a31135383c13ac6372a568c3325e24066d Mon Sep 17 00:00:00 2001
From: Hein <hein@bitechsystems.co.za>
Date: Wed, 4 Feb 2026 19:19:35 +0200
Subject: [PATCH] =?UTF-8?q?feat(static):=20=E2=9C=A8=20Add=20privacy=20pol?=
 =?UTF-8?q?icy=20page=20and=20route?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Implement ServePrivacyPolicy handler to serve the privacy policy.
- Update index.html to include a link to the privacy policy.
- Add privacy-policy.html file with content outlining data handling practices.
---
 docker-compose.yml                      |   2 +-
 pkg/handlers/static.go                  |  16 +++
 pkg/handlers/static/index.html          |   2 +-
 pkg/handlers/static/privacy-policy.html | 184 ++++++++++++++++++++++++
 pkg/whatshooked/server.go               |   3 +
 5 files changed, 205 insertions(+), 2 deletions(-)
 create mode 100644 pkg/handlers/static/privacy-policy.html

diff --git a/docker-compose.yml b/docker-compose.yml
index d0d73db..08e94ef 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -35,7 +35,7 @@ services:
     # environment:
     #   - LOG_LEVEL=info
 
-    network_mode: bridge
+
 
     # Resource limits (optional)
     deploy:
diff --git a/pkg/handlers/static.go b/pkg/handlers/static.go
index eeab97a..e287b3f 100644
--- a/pkg/handlers/static.go
+++ b/pkg/handlers/static.go
@@ -31,6 +31,20 @@ func (h *Handlers) ServeIndex(w http.ResponseWriter, r *http.Request) {
 	writeBytes(w, content)
 }
 
+// ServePrivacyPolicy serves the privacy policy page
+func (h *Handlers) ServePrivacyPolicy(w http.ResponseWriter, r *http.Request) {
+	content, err := staticFiles.ReadFile("static/privacy-policy.html")
+	if err != nil {
+		logging.Error("Failed to read privacy-policy.html", "error", err)
+		http.Error(w, "Internal Server Error", http.StatusInternalServerError)
+		return
+	}
+
+	w.Header().Set("Content-Type", "text/html; charset=utf-8")
+	w.WriteHeader(http.StatusOK)
+	writeBytes(w, content)
+}
+
 // ServeStatic serves static files (logo, etc.)
 func (h *Handlers) ServeStatic(w http.ResponseWriter, r *http.Request) {
 	// Get the file path from URL
@@ -53,6 +67,8 @@ func (h *Handlers) ServeStatic(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("Content-Type", "image/jpeg")
 	case ".svg":
 		w.Header().Set("Content-Type", "image/svg+xml")
+	case ".html":
+		w.Header().Set("Content-Type", "text/html; charset=utf-8")
 	case ".css":
 		w.Header().Set("Content-Type", "text/css")
 	case ".js":
diff --git a/pkg/handlers/static/index.html b/pkg/handlers/static/index.html
index 934adf4..12fe3bc 100644
--- a/pkg/handlers/static/index.html
+++ b/pkg/handlers/static/index.html
@@ -564,7 +564,7 @@
         </div>
 
         <div class="footer">
-            <p>Need help? Check out the <a href="https://git.warky.dev/wdevs/whatshooked" target="_blank">documentation</a></p>
+            <p>Need help? Check out the <a href="https://git.warky.dev/wdevs/whatshooked" target="_blank">documentation</a> &middot; <a href="/privacy-policy">Privacy Policy</a></p>
             <p style="margin-top: 10px;">Made with ❤️ for developers</p>
         </div>
     </div>
diff --git a/pkg/handlers/static/privacy-policy.html b/pkg/handlers/static/privacy-policy.html
new file mode 100644
index 0000000..e3db877
--- /dev/null
+++ b/pkg/handlers/static/privacy-policy.html
@@ -0,0 +1,184 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Privacy Policy - WhatsHooked</title>
+    <style>
+        * {
+            margin: 0;
+            padding: 0;
+            box-sizing: border-box;
+        }
+
+        body {
+            font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, sans-serif;
+            background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
+            min-height: 100vh;
+            display: flex;
+            align-items: center;
+            justify-content: center;
+            padding: 20px;
+            color: #333;
+        }
+
+        .container {
+            background: white;
+            border-radius: 20px;
+            box-shadow: 0 20px 60px rgba(0, 0, 0, 0.3);
+            max-width: 800px;
+            width: 100%;
+            padding: 60px 40px;
+        }
+
+        .header {
+            text-align: center;
+            margin-bottom: 40px;
+        }
+
+        .header h1 {
+            font-size: 2.4em;
+            margin-bottom: 10px;
+        }
+
+        .header h1 .whats {
+            color: #1e88e5;
+        }
+
+        .header h1 .hooked {
+            color: #1a237e;
+        }
+
+        .header p {
+            color: #666;
+            font-size: 1.1em;
+        }
+
+        .policy-section {
+            margin-bottom: 30px;
+        }
+
+        .policy-section h2 {
+            color: #1a237e;
+            font-size: 1.3em;
+            margin-bottom: 12px;
+            padding-bottom: 8px;
+            border-bottom: 2px solid #e8eaf6;
+        }
+
+        .policy-section p {
+            color: #555;
+            line-height: 1.7;
+            margin-bottom: 12px;
+        }
+
+        .policy-section ul {
+            color: #555;
+            line-height: 1.9;
+            padding-left: 20px;
+        }
+
+        .highlight-box {
+            background: #e8f5e9;
+            border: 2px solid #4caf50;
+            border-radius: 10px;
+            padding: 20px 24px;
+            margin-bottom: 30px;
+        }
+
+        .highlight-box p {
+            color: #2e7d32;
+            font-weight: 600;
+            font-size: 1.05em;
+            line-height: 1.6;
+            margin: 0;
+        }
+
+        .highlight-box p + p {
+            margin-top: 8px;
+        }
+
+        .footer {
+            margin-top: 40px;
+            padding-top: 24px;
+            border-top: 2px solid #eee;
+            text-align: center;
+            color: #999;
+            font-size: 0.9em;
+        }
+
+        .footer a {
+            color: #1e88e5;
+            text-decoration: none;
+        }
+
+        .footer a:hover {
+            text-decoration: underline;
+        }
+
+        @media (max-width: 600px) {
+            .container {
+                padding: 40px 20px;
+            }
+
+            .header h1 {
+                font-size: 1.8em;
+            }
+        }
+    </style>
+</head>
+<body>
+    <div class="container">
+        <div class="header">
+            <h1><span class="whats">Whats</span><span class="hooked">Hooked</span></h1>
+            <p>Privacy Policy</p>
+        </div>
+
+        <div class="highlight-box">
+            <p>No customer data is collected, stored, or saved by WhatsHooked. Messages are forwarded in real time and are not retained on our servers.</p>
+            <p>Our use of the Meta API is limited exclusively to WhatsApp Business messaging.</p>
+        </div>
+
+        <div class="policy-section">
+            <h2>What We Do Not Collect</h2>
+            <p>WhatsHooked does not save, log, or persist any customer data. This includes, but is not limited to:</p>
+            <ul>
+                <li>Message content exchanged via WhatsApp</li>
+                <li>Contact information or phone numbers of end users</li>
+                <li>Media files, locations, or any other payload sent through the platform</li>
+                <li>Browsing history, cookies, or device identifiers</li>
+            </ul>
+        </div>
+
+        <div class="policy-section">
+            <h2>How WhatsApp Messages Are Handled</h2>
+            <p>WhatsHooked acts as a bridge between WhatsApp and your configured webhook endpoints. Incoming messages are received and forwarded to your endpoints in real time. No message content is stored or cached beyond what is necessary for the immediate delivery.</p>
+        </div>
+
+        <div class="policy-section">
+            <h2>Use of the Meta API</h2>
+            <p>WhatsHooked integrates with the Meta (WhatsApp Business) API solely for the purpose of sending and receiving WhatsApp Business messages. The API access is not used for any other purpose, including but not limited to:</p>
+            <ul>
+                <li>Advertising or marketing outside of your own business messaging</li>
+                <li>Data collection or analytics on end users</li>
+                <li>Any use beyond WhatsApp Business messaging as permitted by Meta's terms of service</li>
+            </ul>
+        </div>
+
+        <div class="policy-section">
+            <h2>Your Responsibilities</h2>
+            <p>As the operator of a WhatsHooked instance, you are responsible for ensuring that your use of the platform complies with applicable privacy laws and Meta's terms of service. WhatsHooked provides the infrastructure; the data handling obligations rest with you as the account owner.</p>
+        </div>
+
+        <div class="policy-section">
+            <h2>Changes to This Policy</h2>
+            <p>This privacy policy may be updated at any time. Changes will be reflected on this page. Continued use of WhatsHooked after an update constitutes acceptance of the revised policy.</p>
+        </div>
+
+        <div class="footer">
+            <p><a href="/">Back to WhatsHooked</a></p>
+            <p style="margin-top: 10px;">Made with ❤️ for developers</p>
+        </div>
+    </div>
+</body>
+</html>
diff --git a/pkg/whatshooked/server.go b/pkg/whatshooked/server.go
index 86f6298..742ce4e 100644
--- a/pkg/whatshooked/server.go
+++ b/pkg/whatshooked/server.go
@@ -207,6 +207,9 @@ func (s *Server) setupRoutes() *http.ServeMux {
 	// Landing page (no auth required)
 	mux.HandleFunc("/", h.ServeIndex)
 
+	// Privacy policy (no auth required)
+	mux.HandleFunc("/privacy-policy", h.ServePrivacyPolicy)
+
 	// Static files (no auth required)
 	mux.HandleFunc("/static/", h.ServeStatic)