WappSync
A

Data Processing Agreement – WappSync

Last updated: 2026-01-10

This Data Processing Agreement (“DPA”) forms part of the Terms of Service between the Customer and WappSync (“Processor”) and governs the processing of personal data by WappSync on behalf of the Customer (“Controller”) in connection with the Services.

 

1. Roles and Responsibilities

  • Controller: The Customer determines the purposes and means of processing personal data, including sending messages via WhatsApp, Telegram, or other Messaging Platforms.
  • Processor: WappSync provides technical services to transmit messages, manage messaging instances, and operate the infrastructure but does not determine message content, recipients, or purpose.

 

2. Subject-Matter, Nature, and Duration of Processing

  • Subject-Matter: Personal data contained in messages, metadata, and related technical data transmitted through the Services.
  • Nature: Collection, storage (including encrypted storage), routing, and delivery of messages via WhatsApp, Telegram, email, and API integration.
  • Duration: As long as necessary to provide the Services and as required by law, contract, or for operational/diagnostic purposes.

 

3. Types of Personal Data

Personal data processed may include, but is not limited to:

  • Names, phone numbers, and usernames of message recipients
  • Message content, metadata, timestamps, and delivery status
  • Customer account information, Assigned Email Addresses, and API Tokens

 

4. Obligations of the Processor

WappSync shall:

  • Process personal data only on documented instructions from the Customer (Controller).
  • Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including encrypted storage of message content and access control to Assigned Email Addresses and API Tokens.
  • Ensure that personnel authorized to process personal data are committed to confidentiality.
  • Assist the Customer in fulfilling obligations regarding data subjects’ rights, data security, data breach notifications, and privacy impact assessments.
  • Notify the Customer without undue delay in the event of a personal data breach affecting the Services.

 

5. Customer Obligations

The Customer (Controller) shall:

  • Ensure that all personal data transmitted via WappSync is lawful and that a valid legal basis exists for processing.
  • Maintain the confidentiality of Assigned Email Addresses and API Tokens and prevent unauthorized access or misuse.
  • Be solely responsible for the content of messages and compliance with applicable laws and Messaging Platform rules.
  • Notify WappSync immediately in case of suspected compromise, unauthorized access, or misuse of credentials.

 

6. Subprocessors

WappSync may engage subprocessors to assist with the delivery and operation of Services, including hosting providers and third-party vendors. WappSync remains responsible for compliance with this DPA and ensures that subprocessors provide sufficient guarantees regarding data protection obligations.

 

7. Data Transfers

Personal data may be transferred to subprocessors or systems outside the European Economic Area (EEA) as necessary to provide the Services. WappSync ensures appropriate safeguards are in place, such as standard contractual clauses, where required by applicable data protection law.

 

8. Security Measures

Processor implements appropriate security measures, including:

  • Encrypted storage of message content
  • Access control for infrastructure, Assigned Email Addresses, and API Tokens
  • Monitoring for security incidents, abuse, and fraud
  • Regular testing, assessment, and maintenance of technical and organizational measures

 

9. Data Retention and Deletion

Processor retains personal data only for as long as necessary to provide the Services, comply with legal obligations, or resolve operational issues. Upon request or at the end of service, Processor shall securely delete or return personal data, unless otherwise required by law.

 

10. Liability

Each party is responsible for its own compliance with applicable data protection laws. WappSync shall not be liable for any unlawful processing caused by Customer instructions or misuse of Assigned Email Addresses/API Tokens. Total liability shall not exceed fees paid for Services in the preceding 12 months.

 

11. Cooperation

Processor shall assist the Customer in responding to data subject requests and cooperating with supervisory authorities, to the extent reasonably possible, at the Customer’s cost.

 

12. Governing Law and Jurisdiction

This DPA is governed by the laws of Romania. Any disputes shall be resolved exclusively by the competent courts of Romania.

 

13. Contact Information

For questions regarding this DPA, please contact: