Third-Party Services & Sub-processors

Third-Party Services & Sub-processors

Last updated: 2026-07-16

This sub-processor disclosure applies to the website, products and services offered under the brand WAAPI, operated by WAAPI (“we”, “us”, “our”), acting as the business. By accessing or using our services you agree to this sub-processor disclosure. If you do not agree, please discontinue use of the services.

Delivering the service requires sending some data to the platforms below. Every one is named here with what it receives and why — nothing is processed by a party not on this list, other than as described in our Data Sharing & Disclosure Policy. Each is bound by data-processing terms and may use the data only to perform its service for us. We give 30 days’ notice before adding or replacing a sub-processor.

Messaging channel

Service & entityWhy we use itData it receivesWhereTheir policies
WhatsApp Business Platform (Cloud API)
Meta Platforms Ireland Ltd. (EEA/UK) / Meta Platforms, Inc. (rest of world)
Sending and receiving WhatsApp business messages, registering and managing business phone numbers, submitting and managing message templates, and receiving delivery, read and inbound-message webhooks.Business phone number and WhatsApp Business Account ID, recipient phone numbers, message content and attached media, template content, delivery/read status and error codes.Ireland, United States and other Meta data centresWhatsApp Business Terms of Service
WhatsApp Business Messaging Policy
WhatsApp Business Solution Terms
Meta Privacy Policy

Social platform

Service & entityWhy we use itData it receivesWhereTheir policies
Facebook Login, Pages & Business Manager
Meta Platforms Ireland Ltd. / Meta Platforms, Inc.
Optional social sign-in, WhatsApp Embedded Signup (connecting your WhatsApp Business Account), and reading the Pages and business assets you explicitly grant access to.Your Facebook user ID, name and email address (only if you choose social sign-in), Business Manager and Page IDs, and the access tokens you grant. We never post to your timeline.Ireland, United StatesMeta Platform Terms
Meta Developer Policies
Meta Privacy Policy
Instagram Professional Platform
Meta Platforms Ireland Ltd. / Meta Platforms, Inc.
Reading and replying to Instagram messages and comments on the professional accounts you connect, and publishing content you schedule through the platform.Instagram professional account ID and username, message and comment content you send or receive, media you publish, and basic engagement metrics.Ireland, United StatesInstagram Platform Policy
Instagram Terms of Use
Meta Privacy Policy

Advertising

Service & entityWhy we use itData it receivesWhereTheir policies
Meta Ads (Marketing API, Pixel & Conversions API)
Meta Platforms Ireland Ltd. / Meta Platforms, Inc.
Creating, managing and reporting on advertising campaigns for the ad accounts you connect, and — where you enable it — sending website/conversion events so campaign performance can be measured.Ad account IDs, campaign, ad set and creative configuration and performance metrics, and (for Pixel/Conversions API) website events with hashed identifiers such as an email address or phone number where you have a lawful basis to send them.Ireland, United StatesMeta Business Tools Terms
Meta Advertising Standards
Meta Privacy Policy
Google Ads API
Google LLC / Google Ireland Ltd.
Creating, managing and reporting on Google Ads campaigns for the ad accounts you explicitly link to the platform.Google Ads customer IDs and OAuth tokens, campaign, ad group, keyword and creative configuration, conversion and performance metrics.United States and other Google data centresGoogle Ads API Terms of Service
Google Ads policies
Google Privacy Policy

Business listing

Service & entityWhy we use itData it receivesWhereTheir policies
Google Business Profile API (Google Business Messages)
Google LLC / Google Ireland Ltd.
Managing the Google Business Profile locations you connect: reading and publishing posts and media, reading and replying to reviews, and reading performance insights.Google account identifier and OAuth tokens for the locations you authorise, business location and listing data, review content and your replies, post and media content you publish, and listing performance metrics.United States and other Google data centresGoogle API Services User Data Policy
Google Business Profile API policies
Google Privacy Policy

Authentication

Service & entityWhy we use itData it receivesWhereTheir policies
Sign in with Google (Google Identity Services)
Google LLC / Google Ireland Ltd.
Optional social sign-in to the panel.Your Google account ID, name, email address and profile picture — only when you choose to sign in with Google.United StatesGoogle API Services User Data Policy
Google Privacy Policy

Analytics

Service & entityWhy we use itData it receivesWhereTheir policies
Google Analytics / Google Tag Manager
Google LLC / Google Ireland Ltd.
Aggregate measurement of website and panel usage, where the site owner has enabled it.Pseudonymous device and usage identifiers, page views, IP address (truncated where supported), referrer.United States, European UnionHow Google uses data from partner sites
Google Privacy Policy

Mobile infrastructure

Service & entityWhy we use itData it receivesWhereTheir policies
Firebase (Cloud Messaging, Crashlytics, Analytics)
Google LLC
Delivering push notifications to the mobile apps, crash reporting and aggregate app analytics.Device push token, device model and OS version, crash stack traces, pseudonymous app-usage events.United StatesFirebase Privacy and Security
Google Privacy Policy

AI provider

Service & entityWhy we use itData it receivesWhereTheir policies
Google Gemini API
Google LLC
Generating AI assistance you explicitly request — drafting replies, composing posts, summarising conversations and answering business questions.The prompt content you submit, which may include message text, business context and the reply history you choose to include. Paid Gemini API content is not used by Google to train its models.United StatesGemini API Additional Terms
Google Privacy Policy
OpenAI API
OpenAI, L.L.C. / OpenAI Ireland Ltd.
Generating AI assistance you explicitly request, where the platform routes your request to this provider.The prompt content you submit. OpenAI does not use data submitted through its API to train its models by default, and retains it only for a limited abuse-monitoring window.United StatesOpenAI API data usage policies
OpenAI Privacy Policy

Payment gateway

Service & entityWhy we use itData it receivesWhereTheir policies
Razorpay
Razorpay Software Private Limited (India)
Collecting subscription, wallet top-up and usage payments, and — where you authorise a mandate — charging recurring subscription renewals.Your name, email address, phone number, billing address, order amount and reference, and the payment-mandate token. Card numbers and CVV are captured by Razorpay on its own PCI-DSS certified infrastructure and are never received or stored by us.IndiaRazorpay Terms of Use
Razorpay Privacy Policy
PhonePe Payment Gateway
PhonePe Private Limited (India)
Collecting UPI and card payments for subscriptions and wallet top-ups.Your name, contact details, transaction amount and merchant transaction reference. Payment credentials are captured by PhonePe and are never received or stored by us.IndiaPhonePe Terms & Conditions
PhonePe Privacy Policy

Hosting & storage

Service & entityWhy we use itData it receivesWhereTheir policies
MongoDB Atlas
MongoDB, Inc.
Managed database hosting for all platform data.All account and service data stored by the platform, encrypted in transit and at rest.Contracted cloud regionMongoDB Privacy Policy

Communications

Service & entityWhy we use itData it receivesWhereTheir policies
Transactional email (SMTP provider)
The SMTP provider configured for the account
Delivering transactional email — sign-up verification, one-time passwords, invoices and service notices.Recipient email address, message subject and body.Provider-dependent

Your own integrations

If you connect a service of your own through our API, webhooks or an outbound integration, that provider is your sub-processor, not ours, and its handling of the data you send it is governed by your agreement with it.

Governing law & jurisdiction

This document is governed by the laws of India. For operators in India this includes the Information Technology Act, 2000, the Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 and the Consumer Protection Act, 2019. Where we serve customers in other jurisdictions we honour applicable local requirements, including the EU/UK General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), to the extent they apply. Courts at India have exclusive jurisdiction, subject to any non-waivable consumer rights in your country of residence.

Contact us

WAAPI is operated by WAAPI. For any question about this document, contact us: