How WhatsApp Use handles data

• We process the data needed to run a hosted WhatsApp connection for your organization.
• Connected-account data may include messages, contacts, media, chat metadata, delivery status, and account state.
• We do not sell your personal information.
• We do not use WhatsApp message content for ads.
• We do not use WhatsApp message content to train our own AI models.
• Your API clients, MCP clients, webhooks, agents, and downstream tools can receive data when you authorize them.
• You can disconnect accounts, revoke access methods, cancel billing, and ask us for access or deletion help.

WhatsApp Use lets developers and technical teams connect an existing WhatsApp account to software agents, internal tools, and agent platforms. The service includes account login, organization management, billing, WhatsApp pairing, REST API access, remote MCP authorization, webhook delivery, usage tracking, and audit logs.

We are not the official WhatsApp Business API and are not affiliated with WhatsApp or Meta. Your use of WhatsApp itself is governed by the terms and policies that apply to your WhatsApp account.

For your WhatsApp messages, contacts, media, and other end-user data, your organization decides what account to connect, what clients to authorize, what scopes to grant, what webhooks to configure, and what workflows to run. For that data, we generally act as a service provider or processor for your organization.

For account signup, billing, security, abuse prevention, product analytics, support, and legal compliance, we decide how to use the data needed to run WhatsApp Use. For that data, we generally act as the business or controller.

When you create or use a WhatsApp Use account, we may process:

• your name, email address, login identifiers, and login timestamps;
• organization names, organization identifiers, team membership, roles, invitations, and permissions;
• billing status, plan, subscription dates, trial status, invoices, tax information, and payment status;
• support messages, onboarding requests, feedback, and any files or diagnostics you choose to send us;
• website and dashboard activity such as pages viewed, button clicks, device/browser information, IP address, cookies, and approximate location from IP address.

We do not store full payment card numbers. Payment details are collected and handled by our payment processor.

When you pair a WhatsApp account, WhatsApp Use may process data from that account so the service can work. Depending on your configuration and scopes, this may include:

• WhatsApp account identifiers, display names, phone numbers, profile information, and connection status;
• pairing state, device/session metadata, connection health, sync status, and disconnect events;
• messages, message text, reactions, edits, deletes, attachments, media, captions, timestamps, sender and recipient identifiers, chat identifiers, and delivery/read status;
• contacts, contact names, contact identifiers, phone numbers, chat lists, group metadata, and account status where available;
• webhook event payloads and delivery records for events you configure.

We process this data to route it to the dashboard, APIs, MCP clients, and webhook endpoints you configure. Write-enabled clients may also send messages or perform other actions through the connected account.

To operate developer access, we may process:

• API key names, prefixes, hashes, scopes, creators, creation dates, last-used times, and revocation status;
• MCP client names, authorization grants, scopes, access status, creation dates, last-used times, and revocation status;
• webhook endpoints, event subscriptions, signing-secret metadata, test delivery records, response status, and delivery attempts;
• request logs such as route, method, status code, duration, request size, response size, API key identifier, user agent, IP address, and error information;
• audit events such as account connection, key creation, MCP authorization, billing changes, team changes, and security-sensitive actions.

• We do not ask for or store your WhatsApp password.
• We do not store full card numbers.
• We do not sell personal information.
• We do not share personal information for cross-context behavioral advertising.
• We do not use WhatsApp message content for advertising.
• We do not use WhatsApp message content to train our own AI models.
• We do not knowingly collect data from children.

We use data to:

• create accounts and let users sign in;
• create and manage organizations, team roles, and invitations;
• start trials, manage subscriptions, process payments, and prevent billing fraud;
• pair, maintain, monitor, and disconnect WhatsApp accounts;
• provide REST API, MCP, dashboard, and webhook functionality;
• route messages and account events to clients and endpoints you authorize;
• store usage records, audit logs, and security logs;
• detect abuse, spam, unauthorized access, service misuse, or broken integrations;
• debug errors, answer support requests, and improve reliability;
• send service emails such as login, billing, security, onboarding, and product notices;
• comply with legal, tax, accounting, security, and platform obligations.

When you create an API key, authorize an MCP client, or configure a webhook endpoint, data can leave WhatsApp Use and go to that client, agent, endpoint, or downstream service. That may include WhatsApp messages, contact data, media, metadata, and account events.

You control which clients you authorize and what scopes they receive. You are responsible for those clients, their users, their model providers, their storage systems, and their privacy practices.

Use the smallest scope that works. Revoke clients and keys you no longer need.

We share data only as needed to run the service, including with:

We may also share information if required by law, to protect rights and safety, to enforce our terms, to prevent fraud or abuse, or as part of a merger, acquisition, financing, reorganization, or sale of assets.

We use cookies and similar technologies to keep you signed in, protect the service, remember preferences, measure basic product usage, and understand website performance.

You can control cookies through your browser settings. Blocking some cookies may prevent login, checkout, or dashboard features from working.

We keep data for as long as needed to provide WhatsApp Use, maintain security, comply with law, resolve disputes, enforce agreements, and run normal business operations.

• Account and organization data is usually kept while your account or organization exists.
• Billing and invoice records may be kept as required by tax, accounting, and financial rules.
• API, MCP, webhook, usage, audit, and security logs may be kept for security, debugging, abuse prevention, and compliance.
• Connected-account data is kept as needed to provide the connected-account runtime, dashboard, APIs, MCP, webhooks, support, and reliability features.
• Support messages are kept as needed to respond and maintain a record of the issue.
• Backups and logs may retain copies for a limited period before they expire through normal backup rotation.

Disconnecting a WhatsApp account stops future runtime access for that connection. Canceling billing stops paid access according to the plan terms. These actions do not always immediately delete historical records, logs, invoices, backups, or data we need for legal, security, or operational reasons.

We use reasonable technical and organizational safeguards designed to protect the service. These include access controls, encryption in transit, credential protections, logging, monitoring, and separation between customer organizations.

No hosted service is perfectly secure. You are responsible for protecting your own accounts, devices, API keys, MCP clients, webhook endpoints, agents, and team access.

WhatsApp Use is operated from the United States. We and our service providers may process data in the United States and other countries. These countries may have privacy laws different from where you live.

When required, we use legal safeguards for international transfers, such as contractual protections with service providers.

You can control much of your data from the dashboard:

• disconnect a WhatsApp account;
• revoke API keys;
• revoke MCP clients;
• delete or change webhook endpoints;
• remove team members or invitations if you have permission;
• cancel billing through the billing page;
• unsubscribe from non-essential emails where an unsubscribe option is provided.

You can also contact us to request access, correction, export, or deletion of personal data. We may need to verify your identity and may retain some data where required or allowed by law.

Depending on where you live, you may have rights to know, access, correct, delete, export, restrict, or object to certain processing of your personal data. You may also have the right to withdraw consent where processing is based on consent.

California residents may have rights under California privacy law, including the right to know, access, correct, delete, and opt out of certain sharing. We do not sell personal information or share it for cross-context behavioral advertising.

EEA and UK residents may have rights under GDPR or UK GDPR, including access, correction, deletion, restriction, portability, objection, and complaint rights with a data protection authority.

To make a request, email privacy@whatsapp-use.com.

WhatsApp Use is for developers, technical users, and organizations. It is not intended for children or anyone under 18. We do not knowingly collect personal data from children.

We may update this policy as the product, laws, or our operations change. If changes are material, we will take reasonable steps to notify you, such as posting the updated policy or sending notice by email or through the service.

Questions or privacy requests can be sent to privacy@whatsapp-use.com.

You can also review our Terms of Service.