Privacy Policy

How MessageAPI collects, uses, and protects your data.

1. Data we collect

When you use MessageAPI, we may process:

  • Account data: email, name, and a hashed password.
  • API keys: stored as hashes — we never keep your full key after creation.
  • WhatsApp connection data: linked phone number, session status, and session files needed to keep your number connected.
  • Message metadata: recipient, message type, delivery status, and timestamps. We do not store message body content long-term.
  • Webhook settings you configure (URL and optional secret).
  • Billing data handled by PayPal — we do not store card numbers on our servers.

2. How we use your data

We use this data to operate the service: authenticate you, send messages through your WhatsApp number, enforce plan limits, deliver webhooks, process subscriptions, and provide support. We do not sell your personal data.

3. How we protect your data

We apply standard security measures appropriate for an API platform:

  • In transit: all traffic to MessageAPI is served over HTTPS (TLS). API requests and the web panel are encrypted between your client and our servers.
  • At rest: account passwords and API keys are stored as one-way hashes. Database and session files reside on secured server infrastructure with restricted access.
  • WhatsApp sessions: connection credentials are stored in isolated session directories on the server, required to maintain your linked device.
  • Access control: each account can only access its own data. API keys are scoped to the account that created them.
  • Minimization: we collect only what is needed to run the service and do not retain full message content beyond operational logs.

4. Data retention

Account data is kept while your account is active. Message logs and health-check records may be retained for a limited period for billing, debugging, and uptime reporting, then deleted or aggregated. You may request account deletion by contacting us.

5. Third-party services

MessageAPI relies on external providers to operate:

  • WhatsApp / Meta: messages are delivered through WhatsApp's network when you connect your number.
  • PayPal: subscription payment processing.
  • Hosting infrastructure: servers and database where the application runs.
  • Google Analytics: privacy-friendly site usage and conversion analytics, enabled only after cookie consent.

These providers process data under their own privacy policies when you interact with them directly.

6. Your rights

Depending on your jurisdiction, you may have the right to access, correct, or delete your personal data. To exercise these rights or ask questions about this policy, contact us at welcome@msgapi.cloud.

7. Changes & contact

We may update this policy from time to time. Continued use of the service after changes means you accept the updated policy.

Questions: welcome@msgapi.cloud