legal docs
legal docs

Legal & Compliance

Terms of Service, Privacy Policies, GDPR guidelines, and transaction security for WhatAPI.

Legal & Compliance

WhatAPI prioritizes the security of your business communication and compliance with global data privacy frameworks (GDPR) and WhatsApp Business terms.

1. Security & Data Privacy

WhatAPI functions as a secure gateway router between your e-commerce storefront (Shopify/WooCommerce) and the WhatsApp Network.

  • TLS Encryption: All payloads transmitted through public REST APIs (`/api/v1/*`) or client dashboard routes (`/api/client/*`) are fully encrypted in transit using standard TLS protocol.
  • Message Content Storage: WhatAPI **does not** log or cache the body content of your WhatsApp conversations long-term on our servers. Message bodies are immediately routed through OpenWA endpoints and sent out. Our Firestore logs store metadata (status, sender, recipient phone, timestamp) solely to render analytical graphs.
  • Credential Storage: Access tokens, WooCommerce consumer keys, and Stripe payment bindings are locked inside Firebase Firestore with restricted server-side rules. Session cookies are protected via secure CORS headers.

2. Acceptable Use Policy

To prevent phone numbers from being flagged or banned by the WhatsApp network, WhatAPI enforces guidelines:

  • Spam Prohibition: The use of WhatAPI for spam, unsolicited advertising, or cold-outreach lists is strictly forbidden. Accounts violating this will be terminated.
  • Opt-In Requirement: You must only send messages to customers who have explicitly opted-in (e.g. provided their number during checkout for order tracking).
  • Rate-Limited Delays: To respect WhatsApp's traffic algorithms, WhatAPI forces a configurable delay interval (10 to 30 seconds) between messages sent via bulk spreadsheet uploads.
  • Stripe Billing Integration: Subscription plans are billed securely via Stripe. Cancellation or account suspension follows standard SLA terms.