LandinChat — WhatsApp marketing softwareLandinChat

Security at LandinChat

How we keep your WhatsApp conversations, customer data and team accounts safe.

Last updated: June 2026

Our approach

LandinChat is built on the official WhatsApp Business API as an Official Meta Tech Partner. Security is part of every layer — from how we host customer data, to how engineers ship code, to how we respond to incidents.

Data encryption

  • In transit: All traffic between your browser, the LandinChat dashboard, our APIs and Meta's WhatsApp Cloud API is encrypted with TLS 1.2+.
  • At rest: Customer data, message history and media files are encrypted at rest using AES-256.
  • Secrets: API keys, OAuth tokens and webhook secrets are stored in a managed secrets vault, never in source control.

Access control

  • Role-based access control (Admin, Manager, Agent) on every workspace.
  • Single sign-on with Google for all customer accounts.
  • Strict least-privilege access for LandinChat employees; production access is logged.
  • Mandatory 2FA on all internal admin systems.

Infrastructure

LandinChat runs on hardened cloud infrastructure with continuous monitoring, automated backups, DDoS protection and isolated production environments. We deploy multiple times per day with automated tests, code review and dependency scanning on every change.

Compliance & data residency

  • GDPR-aligned data handling — see our GDPR policy.
  • DPDP Act (India) compliant data processing.
  • WhatsApp Business Policy and Commerce Policy compliant by design.
  • SOC 2-aligned internal controls; audit roadmap in progress.

Privacy

We process customer data only to operate the service you contracted us for. We do not sell data, do not train models on customer messages, and provide full data export and deletion on request. Full details in our Privacy Policy.

Responsible disclosure

If you discover a security vulnerability, please email security@landinchat.com with reproduction steps. We acknowledge reports within 2 business days and aim to patch critical issues within 7 days. Please do not publicly disclose until we've had a reasonable chance to fix the issue.

Incident response

We maintain a documented incident response plan with named on-call engineers. Customers affected by any incident are notified within 72 hours, in line with GDPR Article 33.

Questions?

For security questionnaires, DPAs or compliance documentation, contact security@landinchat.com.