Security & GDPR

Viber is one of the most secure and privacy-driven messaging apps on the market today. All messages between your business, Viber, and your users are end-to-end encrypted.

Viber API Client Hosting

  • The connection between business & Viber servers is secured and encrypted. Requests are being sent over HTTPS only.
  • Messages can only be viewed on the end user’s device. Viber does not save or store the message content once the message is delivered. 
  • Viber does not sell customers’ data. 
  • Push notifications do not reveal the content of the message itself on the end user’s device lock-screen. 
  • The connection between Viber & end-user is secured and encrypted (unique key per end-user).
  • For every Business, Viber safelists a limited number of IPs (no domains allowed). This ensures that only requests sent from the whitelisted IP addresses will be sent successfully.
  • Push notification purpose is to “wake up” the Viber client and does NOT include message content.
  • The Viber Business platform uses industry security best practices and complies with applicable laws.
  • Viber only uses secured servers for Business Messages. All servers are hosted on virtual private clouds.

ℹ️ Find out more about Viber’s GDPR compliance in its Privacy Policy.

Opt-in Policy

The recipient of messages must provide consent (opt-in) before a business sends any messages. Companies must retain the proof of receipt of such consent. Companies can collect opt-ins by promoting Viber on their usual communication channels, incl. Website, email, SMS, and more.

Users can block a company from sending messages at any stage. 

For the Sessions message type, the user must initiate a business conversation using Viber’s URL scheme. A user who has started the conversation will be considered as opted-in for future messages until he revokes such opt-in or unsubscribes.

Messages sent to users without their consent will be considered SPAM, and the service will be subjected to a penalty, as mentioned in the warranty letter.

Also, businesses must send content that exclusively correlates to the information they presented to Viber at the registration stage. Content unrelated to the company of the Business/sender ID  will also be considered as SPAM.

Viber proactively monitors block rates and may disable services with exceptional block rates until further notice. A disabled Business will have to provide all the information requested by Viber concerning the content of the message to release its account and avoid liquidated damages, which release remains at Viber's sole discretion.

ℹ️ It’s the business’s responsibility to store customer opt-ins and ensure each customer you choose to contact has already agreed to receive messages from you on Viber. There is no opt-in needed if you’re only planning to answer customer inquiries.