Facebook operates a global infrastructure and processes data in both EU and US-based servers. WhatsApp stores data in the United States and stores encrypted media worldwide to increase efficiency. This processing is supported by strict legal compliance for safeguarding any transfers of personal data outside of the EU.
WhatsApp is certified for cases in which it acts as a Data Processor under Privacy Shield, as explained further in its Privacy Shield Addendum and certification.
Regarding where an enterprise’s customer data (end-user contacts and messages) is stored, this is the sole responsibility of the Enterprise.
WhatsApp does not store this data for any longer than necessary, with the sole purpose to route and deliver messages. If a message cannot be delivered immediately, WhatsApp may keep it on our servers for up to 30 days—as WhatsApp continues trying to deliver it. If a message is still not delivered after 30 days, WhatsApp then deletes it. To
improve performance and deliver media messages more efficiently, WhatsApp may retain them on our servers for a more extended period.
In a nutshell, the Enterprise can use its corporate phone numbers, maintaining control of customer data and conversations: It is at the Enterprise’s discretion to create and sustain chat archives for audit trails and analysis according to industry requirements and standards.
ℹ️ The Enterprise is in charge of conversation tracking, sentiment analysis, chat evaluation, and message archiving. WhatsApp Business API provides delivery and read receipts (if enabled by end-user).