Encryption, granular access control, full audit trails, and the opt-out tooling regulators expect. The data layer that lets you operate WhatsApp at scale, responsibly.
Meta access tokens and webhook secrets are stored with AES-256-GCM. Passwords and API keys are bcrypt-hashed — full secrets are never persisted.
Every outbound event is HMAC-SHA256 signed so your backend can verify authenticity, delivered via an outbox with automatic retry.
org_admin, waba_admin, agent and viewer roles enforced at API and UI. Agents are scoped to specific WABAs.
Tokens are issued per device with device, user-agent and IP tracking. List active sessions and revoke any device. Brute-force lockout on failed logins.
Typed suppression reasons (hard_bounce, user_opt_out, spam_complaint, system_block) block messaging before dispatch. Opt-out status is enforced at send time.
Every create/update/delete writes to an organisation-wide audit log with source (UI, API key, automation, system), actor, resource and IP.
Suppression lists, contact-level opt-in/opt-out enforcement and a complete audit trail together provide the data-governance layer required for GDPR and similar regulations. End-user data deletion is supported — see our data deletion instructions.
PostgreSQL with timezone-aware timestamps and indexed hot paths; a Redis-backed queue system with isolated worker types; and a Socket.IO real-time layer bridged over Redis pub/sub so the messaging layer scales independently of the API.
Connect your WhatsApp number in minutes. Get your first API key, or have us walk you through it.
14-day trial · no credit card · no per-message markup