Every WhatsApp message, including messages between people and businesses, is protected by the same industry-leading, Signal encryption protocol, that protects messages from before they’re sent until they’re delivered to the intended recipient.
The WhatsApp Business Platform is protected by a combination of people, processes, and technology security systems that keeps customer data private and secure. The Cloud API is hosted by Meta. Meta uses Defense in Depth, meaning we layer a number of protections to make sure we prevent and address vulnerabilities in our code from multiple angles. We care deeply about protecting customer data and we are building the Cloud API with security in mind.
The Cloud API is certified under SOC 2 and maintains strict governance to ensure data is handled appropriately. We also conduct regular penetration testing and document our controls through the Cloud Security Alliance Consensus Assessments Initiative Questionnaire.
Meta takes data protection and people's privacy very seriously, and we are committed to continuing to comply with data protection laws. The WhatsApp Business Platform allows our customers to continue to meet their obligations under General Data Protection Regulation (GDPR). Meta complies with applicable legal, industry, and regulatory requirements as well as industry best practices. See more.