legal docs
Legal & Compliance
Terms of Service, Privacy Policies, GDPR guidelines, and transaction security for WhatAPI.
Legal & Compliance
WhatAPI prioritizes the security of your business communication and compliance with global data privacy frameworks (GDPR) and WhatsApp Business terms.
1. Security & Data Privacy
WhatAPI functions as a secure gateway router between your e-commerce storefront (Shopify/WooCommerce) and the WhatsApp Network.
- TLS Encryption: All payloads transmitted through public REST APIs (`/api/v1/*`) or client dashboard routes (`/api/client/*`) are fully encrypted in transit using standard TLS protocol.
- Message Content Storage: WhatAPI **does not** log or cache the body content of your WhatsApp conversations long-term on our servers. Message bodies are immediately routed through OpenWA endpoints and sent out. Our Firestore logs store metadata (status, sender, recipient phone, timestamp) solely to render analytical graphs.
- Credential Storage: Access tokens, WooCommerce consumer keys, and Stripe payment bindings are locked inside Firebase Firestore with restricted server-side rules. Session cookies are protected via secure CORS headers.
2. Acceptable Use Policy
To prevent phone numbers from being flagged or banned by the WhatsApp network, WhatAPI enforces guidelines:
- Spam Prohibition: The use of WhatAPI for spam, unsolicited advertising, or cold-outreach lists is strictly forbidden. Accounts violating this will be terminated.
- Opt-In Requirement: You must only send messages to customers who have explicitly opted-in (e.g. provided their number during checkout for order tracking).
- Rate-Limited Delays: To respect WhatsApp's traffic algorithms, WhatAPI forces a configurable delay interval (10 to 30 seconds) between messages sent via bulk spreadsheet uploads.
- Stripe Billing Integration: Subscription plans are billed securely via Stripe. Cancellation or account suspension follows standard SLA terms.
