Skip to main content

WhatsApp Integration: Data Protection, Security, and Compliance

Key security and compliance documents and information for the WhatsApp integration.

Written by Gareth Burroughes
Updated today

This article outlines how data is handled for the Dotdigital WhatsApp integration, including key security measures and compliance information.

Before you start

Things you need to know:

  • All documentation links are current as of the last review date.

  • For specific requests, contact your Dotdigital account representative.

Terms and conditions

Dotdigital terms

Meta terms

Meta's WhatsApp integration is governed by several interconnected terms of service:

The Meta Hosting Terms reference additional policies, including:

Data flow documentation

The data flow overview below explains how customer data moves between Dotdigital, client accounts, and Meta’s WhatsApp infrastructure.

Dotdigital to WhatsApp data flow

When you send a WhatsApp message through Dotdigital, the following data is transmitted to Meta:

  • Recipient phone number

  • Message text

  • Message template ID and fields

  • Message media (if applicable)

  • Message attachments

  • Originator phone number ID

When Meta sends message status updates to Dotdigital, the following data is received:

  • Message status, for example "read"

  • Message ID

  • Originator phone number ID

Technical and organisational measures

Dotdigital security measures

Technical and Organizational Security Measures

This document outlines Dotdigital's approach to:

  • Data protection and security controls

  • Infrastructure security

  • Access control and authentication

  • Incident response procedures

  • Data retention and deletion

Meta security measures

Data Security Terms

Meta's documentation covers:

  • Security controls for WhatsApp Business API

  • Encryption and data protection measures

  • Infrastructure and network security

  • Compliance certifications

Data retention and deletion

Dotdigital policies

Technical and Organizational Security Measures

Dotdigital's security measures document includes data retention and deletion policies.

Meta policies

WhatsApp Privacy Policy

Meta's privacy policy explains how WhatsApp handles:

  • Message retention periods

  • Account data storage

  • Data deletion procedures

  • User data requests

Security and encryption

WhatsApp encryption

Meta provides comprehensive encryption documentation:

End-to-end encryption limitations

WhatsApp defines end-to-end encryption as communications that remain encrypted from a sender's device to a recipient's device, where no third parties can access the content.

While end‑to‑end encryption applies to personal WhatsApp messages, business messaging via the WhatsApp Cloud API follows Meta’s enterprise security and encryption standards.

Dotdigital security controls

The WhatsApp channel uses all of Dotdigital's standard security controls. The WhatsApp channel follows Dotdigital’s standard security controls.

Details of Dotdigital's security controls are available on the Trust Centre.

Related Articles
Use WhatsApp with our API
WhatsApp reports
Get started with WhatsApp
The WhatsApp getting started checklist
WhatsApp messaging - troubleshooting
Did this answer your question?