|No access to user’s phone book||Differently from the consumer WhatsApp app, the Business API does NOT include access to the user’s phone book.|
|End-to-end encryption||WhatsApp messages are encrypted from tyntec to the device and secured over HTTPS from your application to tyntec.|
|Data protection||Media and messages are only stored for delivery and are deleted after 7/30 days, respectively. It’s at the discretion of the Enterprise to decide on customer data storage, chat message archiving, etc.|
|Data processing||The content sent from enterprises to tyntec is secure and within the EU (datacenter in Dortmund, Germany). The transmission of data between the involved networks is done via HTTPS.|
|Opt-ins||Active opt-ins are required and can be collected with existing communication channels used by the enterprise.|
|Opt-outs||Users can report or block the enterprise on WhatsApp.|
|Additional security measures by tyntec||Multiple security transmission options like VPN or TLS, regular penetration tests, automated vulnerability scans, and more.|
We appreciate that GDPR requires our business partners when acting as data controllers, to make sure WhatsApp (when acting as the data processor) has the appropriate safeguards in place. We are committed to those safeguards and therefore meet those requirements.
WhatsApp acts as a Data Controller and/or Data Processor, depending on the circumstances:
- Data processor: Each Enterprise is a data controller of its consumer end-users. When the Enterprise provides its consumer end-users to WhatsApp via the WhatsApp Business API, WhatsApp is a data processor of those consumer end-users to deliver messages from the Enterprise Customer’s to those end-users.
When WhatsApp is the data processor, tyntec handles personal data as described in our data practices and our data processing terms.
Our Data Processing Terms align with GDPR requirements governing contracts between data controllers and data processors.
In addition, this is how tyntec and WhatsApp ensure all communications facilitated by WhatsApp Business is compliant with GDPR: