With 15+ years of experience in enterprise messaging, tyntec has maintained strict adherence to enterprise-grade governance and security requirements. Also, tyntec's datacenters are based in Germany and fully comply with GDPR.
Messages between your servers and tyntec’s servers are end-to-end encrypted via HTTPs. This means, even WhatsApp cannot read or decrypt any conversations between you and your users.
We host our data centers and network infrastructure in-house in Germany, allowing us to monitor and control our own network without relying on a third party provider.
The phone numbers provided by your business are translated to a routing ID within tyntec’s data centers before being transmitted to WhatsApp's network for message delivery.
No messages or media assets are archived on tyntec's side, and the WhatsApp Business API doesn't access the users phones or their address books. This ensures compliance with strict data protection standards.
tyntec offers multiple secure transmission options, such as VPN tunnels or TLS. These safeguards protect messages throughout their transmission journey without the risk of exposure.
tyntec’s systems are regularly tested with routine penetration tests and automated vulnerability scans, performed by certified penetration testers.
Messages on the WhatsApp Business solution are encrypted from tyntec to the device, and secured over HTTPS from your application to tyntec. WhatsApp cannot read or decrypt any shared content.
In the WhatsApp Business API Security Guide, you’ll learn:
Facebook operates a global infrastructure and processes data in both EU and US-based servers. WhatsApp stores data in the United States and stores encrypted media worldwide to increase efficiency.
This processing is supported by strict legal compliance for safeguarding any transfers of personal data outside of the EU. WhatsApp has certified for cases in which it acts as a data Processor under Privacy Shield, as explained further in its Privacy Shield Addendum and certification.
Clients are responsible for storing their own customer contacts and messages. WhatsApp does not store this data for any longer than necessary to route and deliver messages. If a message cannot be delivered immediately, we may keep it on our servers for up to 30 days as we try to deliver it.
If a message is still undelivered after 30 days, we delete it. To improve performance and deliver media messages more efficiently, we may retain them on our servers for a longer period of time.
Security is a priority for both WhatsApp and tyntec. Data privacy, data storage, and secure transmission are meant to identify security flaws and adhere to GDPR and other regulations.
WhatsApp has provided full encryption to personal communications — and will also extend this feature to businesses. In addition, media and messages are only stored for delivery and deleted after 7/30 days respectively.
WhatsApp expects businesses to be upfront and transparent with their customers about how the platform will be used to deliver notifications and messages to them—and exactly what these messages will contain. Opt-in, therefore, plays a crucial role in setting up your service.
First, the customer can only give their consent via a 'third party channel', an opt-in form on one of the business's existing communications channels, such as email, website, SMS, app, dedicated landing page, etc. Opt-ins should be active, meaning that the customer must actively show their consent by entering/editing a phone number or by checking a box.
Secondly, businesses must be clear on what customers are signing up to—and what type of information they will receive once they have consented.
Both - depending on the circumstances. Below, we've outlined details about WhatsApp's role in each of these designations.
Our Data Processing Terms align with GDPR requirements governing contracts between data controllers and data processors.
