DATA RETENTION POLICY

DATA RETENTION POLICY – THATSAPI(Messaging Solutions) Last Updated: 17/12/2025 This Data Retention Policy explains how thatsapi.com (“Company”, “We”, “Us”, “Our”) collects, stores, retains, and deletes user data in compliance with Indian laws, Meta WhatsApp policies, and international data protection standards. This Policy follows: • Digital Personal Data Protection (DPDP) Act 2023 • Information Technology Act (IT Act) 2000 • IT (Reasonable Security Practices and Procedures) Rules 2011 • CERT-IN Guidelines • Meta WhatsApp Business API Data Handling Rules By using THATSAPI services, you (“User”) agree to the retention practices described below. --------------------------------------------------------------------- 1. PURPOSE OF DATA RETENTION We retain data to: • Provide and maintain WhatsApp API services • Ensure platform security and fraud prevention • Improve operational performance • Comply with legal and regulatory requirements • Support billing and audit processes • Resolve disputes and enforce agreements We never retain more data than necessary. --------------------------------------------------------------------- 2. CATEGORIES OF DATA WE RETAIN A. Account Information • Name • Email • Phone number • Business details (KYC, GST, etc.) • Login credentials (encrypted) • User settings and preferences Retention: Until account deletion + legal retention period B. Contact Lists Uploaded by Users • Customer phone numbers • Customer names (if provided) Retention: Until user deletes them or account is closed C. WhatsApp Messaging Metadata We retain only metadata, not message content. Metadata includes: • Timestamp • Template name • Delivery status • Message type • Phone number (masked, when applicable) Retention: Up to 90 days D. API Logs • API calls • Request/response metadata • Error logs Retention: Up to 90 days E. Login & Security Logs • Login attempts • IP address • Device information • Security alerts Retention: Up to 180 days F. Billing & Transaction Data • Payment history • Invoices • Subscription details Retention: 7 years (mandatory under Indian taxation law) G. KYC Documents • Identity proofs • Business registration proofs Retention: Until account deletion + legal audit requirement (usually 3–7 years depending on regulation) --------------------------------------------------------------------- 3. DATA WE DO NOT RETAIN THATSAPI does NOT store: • WhatsApp chat content • Media shared through WhatsApp • Sensitive personal information (bank details, passwords, financial data) • Photos, videos, documents sent by users via WhatsApp API • Message body content beyond temporary Meta handling WhatsApp messages remain end-to-end encrypted and are not accessible to THATSAPI. --------------------------------------------------------------------- 4. RETENTION PERIOD SUMMARY • Account Information: Until deletion or deactivation • Contact Lists: Until user deletes manually • Messaging Metadata: 90 days • API Logs: 90 days • Security Logs: 180 days • Billing Data: 7 years • KYC Documents: Up to 7 years or until legal clearance --------------------------------------------------------------------- 5. DATA DELETION PROCESS User-initiated deletion: • Users may delete their contacts, uploaded lists, or account data anytime through support. • Deletion requests are completed within 7–30 days depending on the data type. System-driven deletion: • Logs are auto-deleted after their retention periods. • Dormant accounts may be archived and eventually deleted. Legal restrictions: • Some data cannot be deleted due to tax, audit, billing, or regulatory obligations. --------------------------------------------------------------------- 6. ACCOUNT TERMINATION AND DATA HANDLING Upon account closure: • User contact lists are deleted within 30 days • Messaging metadata is deleted after the retention period • API logs follow the 90-day rule • Billing data must be retained for 7 years • KYC documents may be retained until regulatory clearance Users will be notified of any retained data due to legal requirements. --------------------------------------------------------------------- 7. THIRD-PARTY DATA RETENTION Data may be retained by trusted service providers including: • Meta Platforms (WhatsApp Business API) • Payment gateways • Hosting and cloud infrastructure • Security monitoring tools Each third party follows its own retention policy. THATSAPI does not control third-party retention rules. --------------------------------------------------------------------- 8. USER RESPONSIBILITIES Users must: • Delete outdated or unnecessary data from their accounts • Not upload prohibited, sensitive, or unnecessary data • Follow DPDP Act guidelines for handling customer data • Protect API keys and credentials to prevent unauthorized uploads --------------------------------------------------------------------- 9. DATA RETENTION COMPLIANCE MONITORING THATSAPI conducts: • Periodic audits • Automatic log purges • Compliance checks • Cleanup of unused or expired data --------------------------------------------------------------------- 10. POLICY UPDATES THATSAPI may update this Data Retention Policy at any time. Continued use of our services indicates acceptance of updated terms. --------------------------------------------------------------------- 11. CONTACT INFORMATION For questions or data deletion requests: Support Email: info@invotechlabs.com Website: https://www.thatsapi.com Phone: +91 9658896488 --------------------------------------------------------------------- By using THATSAPI services, you acknowledge that you have read, understood, and agreed to this Data Retention Policy.