Whatsapp icon integrated with an authentication API, showcased on a green square.

Channel | WhatsApp Business

With more than 2 billion people using WhatsApp around the world to send 60 billion messages every day, the chat app has revolutionized the way we communicate. With an enterprise-grade API, companies can now send notifications and provide customer service through WhatsApp in a secure, reliable, and customer-friendly way.

GDPR with WhatsApp Business

WhatsApp takes data protection seriously, and so does tyntec. Both parties ensure that the WhatsApp Business API is fully compliant with the GDPR.

We appreciate that GDPR requires our business partners when acting as data controllers, to make sure WhatsApp (when acting as the data processor) has the appropriate safeguards in place. We are committed to those safeguards and therefore meet those requirements.


WhatsApp acts as a Data Controller and/or Data Processor, depending on the circumstances:


    • Data controller: Concerning consumer end-users of WhatsApp Messenger, WhatsApp acts as a data controller, as outlined in the privacy policy applicable to WhatsApp Messenger consumer end-users.


    • Data processor: Each Enterprise is a data controller of its consumer end-users. When the Enterprise provides its consumer end-users to WhatsApp via the WhatsApp Business API, WhatsApp is a data processor of those consumer end-users to deliver messages from the Enterprise Customer’s to those end-users.


When WhatsApp is the data processor, tyntec handles personal data as described in our data practices and our data processing terms.


Our Data Processing Terms align with GDPR requirements governing contracts between data controllers and data processors.


In addition, this is how tyntec and WhatsApp ensure all communications facilitated by WhatsApp Business is compliant with GDPR:





No access to user’s phone book

Differently from the consumer WhatsApp app, the Business API does NOT include access to the user’s phone book.

End-to-end encryption

WhatsApp messages are encrypted from tyntec to the device and secured over HTTPS from your application to tyntec.

Data protection

Media and messages are only stored for delivery and are deleted after 7/30 days, respectively. It’s at the discretion of the Enterprise to decide on customer data storage, chat message archiving, etc.

Data processing

The content sent from enterprises to tyntec is secure and within the EU (datacenter in Dortmund, Germany). The transmission of data between the involved networks is done via HTTPS.


Active opt-ins are required and can be collected with existing communication channels used by the enterprise.


Users can report or block the enterprise on WhatsApp.

Additional security measures by tyntec

Multiple security transmission options like VPN or TLS, regular penetration tests, automated vulnerability scans, and more.