SECURITY POLICY

SECURITY POLICY – THATSAPI(Messaging Solutions) Last Updated: 17/12/2025 This Security Policy outlines the technical, administrative, and operational measures used by thatsapi.com (“Company”, “We”, “Us”, “Our”) to protect user data, communications, account access, and system integrity. By using THATSAPI services, users (“You”, “Your”) agree to the practices described below. This Policy complies with: • Information Technology Act (IT Act) 2000 • DPDP Act 2023 • IT Security Rules 2011 (Reasonable Security Practices) • CERT-IN Cybersecurity Guidelines • Meta WhatsApp Business API Security Requirements • International best practices --------------------------------------------------------------------- 1. OUR SECURITY COMMITMENT THATSAPI is committed to: • Protecting user data • Maintaining system integrity • Ensuring secure and encrypted communication • Preventing unauthorized access • Following all regulatory and platform-based security standards --------------------------------------------------------------------- 2. DATA ENCRYPTION We use encryption to secure data at multiple stages: • Data in Transit: Protected using SSL/TLS (HTTPS) • Data at Rest: Sensitive fields encrypted using industry-grade 256-bit encryption • API Token Encryption: Keys stored securely using hashing and encryption layers No unauthorized party can view data during processing. --------------------------------------------------------------------- 3. ACCOUNT SECURITY MEASURES THATSAPI uses advanced security systems to protect user accounts: • Strong password enforcement • Multi-layer authentication checks • Session monitoring • Brute-force login protection • Suspicious activity detection • Automatic session expiration • Secure API key generation Users are responsible for keeping their login credentials confidential. --------------------------------------------------------------------- 4. API SECURITY Our API infrastructure uses: • Encrypted communication channels • Authentication tokens • IP monitoring • API rate limits • Abuse and attack detection • Request validation • Logging and anomaly detection API keys must be protected by users at all times. --------------------------------------------------------------------- 5. INFRASTRUCTURE & SERVER SECURITY THATSAPI servers are protected with: • Firewalls • Intrusion Detection Systems (IDS) • Load balancers • DDoS mitigation • Continuous monitoring • Automated backups • Redundant server architecture Servers are hosted in secure, Tier-3 or higher data centers. --------------------------------------------------------------------- 6. USER DATA PROTECTION We ensure: • No sharing, selling, or renting of user data • Limited data retention based on compliance rules • Encrypted storage for sensitive fields • Strict access control for internal operations • Only authorized personnel can access necessary information We do NOT store: • WhatsApp message content • Sensitive communication data • Personal identification documents beyond KYC requirements --------------------------------------------------------------------- 7. ACCESS CONTROL MANAGEMENT • Employee access is strictly role-based • Internal systems require multiple authentication layers • All employees undergo compliance and security training • All access is logged and monitored • Unauthorized internal access is prohibited --------------------------------------------------------------------- 8. FRAUD DETECTION & PREVENTION We actively monitor: • Suspicious user activity • Automated bot behavior • Message sending anomalies • Abnormal login patterns • Excessive API calls • Potential account compromise High-risk accounts may be temporarily suspended for verification. --------------------------------------------------------------------- 9. INCIDENT RESPONSE & REPORTING In case of a suspected or confirmed security incident: • Our security team investigates immediately • Affected systems are isolated if needed • Vulnerabilities are patched without delay • Impacted users are notified where applicable • A full audit report may be created Users must quickly report suspicious activity to info@invotechlabs.com. --------------------------------------------------------------------- 10. DATA BREACH HANDLING If a data breach occurs: • THATSAPI will take immediate remedial measures • Users will be informed if their data is affected • Authorities will be notified if legally required • Additional security protocols may be enforced THATSAPI is not responsible for breaches caused by: • User negligence • Compromised API keys • Insecure third-party integrations • User-side device vulnerabilities --------------------------------------------------------------------- 11. USER RESPONSIBILITIES Users MUST: • Use strong passwords • Keep API keys secure • Avoid sharing login details • Follow consent-based messaging practices • Use secure networks for access • Update their account details when required • Report suspicious login attempts Violation of these responsibilities may affect platform access. --------------------------------------------------------------------- 12. THIRD-PARTY SECURITY We work only with trusted third-party providers such as: • Meta Platforms (WhatsApp API) • Payment gateways (Razorpay, Stripe) • Cloud hosting providers • Domain and DNS providers All third parties follow stringent security and privacy protocols. --------------------------------------------------------------------- 13. REGULAR SECURITY UPDATES THATSAPI conducts: • Continuous security audits • Vulnerability scanning • Regular patching of servers and systems • Code reviews • Infrastructure upgrades • Internal compliance checks Security practices evolve as new threats emerge. --------------------------------------------------------------------- 14. POLICY MODIFICATIONS We may update this Security Policy at any time. Updated versions will be posted with a new “Last Updated” date. Continued use of THATSAPI indicates acceptance of updated terms. --------------------------------------------------------------------- 15. CONTACT INFORMATION For security issues, incident reporting, or questions: Support Email: info@invotechlabs.com Website: https://www.thatsapi.com Phone: +91 9658896488 --------------------------------------------------------------------- By using THATSAPI services, you acknowledge and agree to this Security Policy.