Whatsapp icon integrated with an authentication API, showcased on a green square.

Channel | WhatsApp Business

With more than 2 billion people using WhatsApp around the world to send 60 billion messages every day, the chat app has revolutionized the way we communicate. With an enterprise-grade API, companies can now send notifications and provide customer service through WhatsApp in a secure, reliable, and customer-friendly way.

GDPR With WhatsApp Business

Channels

WhatsApp Business

Overview

Introduction

Phone Numbers

Self-Service

Architecture

Get Started

Get Started

Create a New Profile

IVR Onboarding

Verify Your Business

Send Your First Message

Messaging Limits

Business Account Types

Message Templates

Message Templates

Create New Message Templates

Message Types

Quality Rating

Message Template Manager

Content Types

Overview

Text Message

Image

Files & Documents

Audio

Video

Location

Interactive Buttons

Buttons: Call-to-Action

Buttons: Quick-Reply

Buttons: Reply Buttons

Product Catalog Messages

List Messages

Sticker

Security & Privacy

What Is GDPR

GDPR With WhatsApp Business

Encryption

Data Protection

Data Processing

Opt-ins

Opt-out

Security Measures by tyntec

Integrations

Cognigy

Dialogflow

Freshdesk

Hubspot Via Zapier

Microsoft Bot Framework

Microsoft Dynamics 365

Microsoft Teams

Microsoft Outlook

Salesforce

Slack

Shopify

Stripe

Zapier

Zoom and Google Calendar Via Zapier

API Reference

GDPR with WhatsApp Business

WhatsApp takes data protection seriously, and so does tyntec. Both parties ensure that the WhatsApp Business API is fully compliant with the GDPR.

We appreciate that GDPR requires our business partners when acting as data controllers, to make sure WhatsApp (when acting as the data processor) has the appropriate safeguards in place. We are committed to those safeguards and therefore meet those requirements.

 

WhatsApp acts as a Data Controller and/or Data Processor, depending on the circumstances:

 

    • Data controller: Concerning consumer end-users of WhatsApp Messenger, WhatsApp acts as a data controller, as outlined in the privacy policy applicable to WhatsApp Messenger consumer end-users.

 

    • Data processor: Each Enterprise is a data controller of its consumer end-users. When the Enterprise provides its consumer end-users to WhatsApp via the WhatsApp Business API, WhatsApp is a data processor of those consumer end-users to deliver messages from the Enterprise Customer’s to those end-users.

 

When WhatsApp is the data processor, tyntec handles personal data as described in our data practices and our data processing terms.

 

Our Data Processing Terms align with GDPR requirements governing contracts between data controllers and data processors.

 

In addition, this is how tyntec and WhatsApp ensure all communications facilitated by WhatsApp Business is compliant with GDPR:

 

 

Measure

Description

No access to user’s phone book

Differently from the consumer WhatsApp app, the Business API does NOT include access to the user’s phone book.

End-to-end encryption

WhatsApp messages are encrypted from tyntec to the device and secured over HTTPS from your application to tyntec.

Data protection

Media and messages are only stored for delivery and are deleted after 7/30 days, respectively. It’s at the discretion of the Enterprise to decide on customer data storage, chat message archiving, etc.

Data processing

The content sent from enterprises to tyntec is secure and within the EU (datacenter in Dortmund, Germany). The transmission of data between the involved networks is done via HTTPS.

Opt-ins

Active opt-ins are required and can be collected with existing communication channels used by the enterprise.

Opt-outs

Users can report or block the enterprise on WhatsApp.

Additional security measures by tyntec

Multiple security transmission options like VPN or TLS, regular penetration tests, automated vulnerability scans, and more.