Data Retention Policy

Data Retention Policy

Last updated: 2026-07-16

This data retention policy applies to the website, products and services offered under the brand WAAPI, operated by WAAPI (“we”, “us”, “our”), acting as the business. By accessing or using our services you agree to this data retention policy. If you do not agree, please discontinue use of the services.

1. Principle

Data is kept only as long as it is needed for the purpose it was collected for, or as long as the law requires — whichever is longer — and is then deleted or irreversibly anonymised.

2. Retention windows

DataRetained forThen
Account & profileLife of the accountDeleted within 30 days of confirmed account deletion
Messages & conversations90 days (rolling)Automatically deleted
Contacts, templates, flows, campaignsLife of the accountDeleted on account deletion
Media & filesLife of the accountDeleted on account deletion
Webhook events7 daysAutomatically deleted
Security & audit logs90 daysAutomatically deleted
Invoices, payments & tax records8 yearsRetained — statutory requirement, survives account deletion
Encrypted backupsRolling backup cyclePurged on rotation after active-system deletion

3. Why some data survives deletion

Tax and accounting law requires us to keep records of what you paid and what we invoiced. We also retain the minimum needed to resolve a live dispute, enforce our agreement, or comply with a legal hold. Retained data stays protected and is deleted once the retention purpose ends.

4. Data at third parties

Data held by a connected platform — your message history inside WhatsApp, your listing on Google, your campaign records at an ad platform — is retained under that platform’s policy, not ours. Deleting your account with us does not delete it there.

5. Early deletion

You can delete most data yourself at any time from the panel, and can request full account deletion under our Account & Data Deletion Policy.

Governing law & jurisdiction

This document is governed by the laws of India. For operators in India this includes the Information Technology Act, 2000, the Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 and the Consumer Protection Act, 2019. Where we serve customers in other jurisdictions we honour applicable local requirements, including the EU/UK General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), to the extent they apply. Courts at India have exclusive jurisdiction, subject to any non-waivable consumer rights in your country of residence.

Contact us

WAAPI is operated by WAAPI. For any question about this document, contact us: