WiSHOP

Products

Solutions

Portfolio

Use Cases

About

Contact Us
Back to Home
India Compliance & Intermediary Policy

Privacy Policy & Terms of Processing

Last Updated: May 28, 2026 | Governing Jurisdiction: New Delhi, India

1. Scope and Intermediary Status

WiSHOP ("we", "us", or "our") provides high-performance API integration, routing interfaces, and developer tools ("Services") that enable business clients ("Clients") to connect with their customers ("End Users") via the WhatsApp Business Platform operated by Meta Platforms, Inc.

Safe Harbor Protection under Section 79 of the IT Act, 2000

WiSHOP operates strictly as an **Intermediary** under Section 2(1)(w) of the (Indian) Information Technology Act, 2000. WiSHOP does not initiate, modify, or select the receiver of any transmission. As an intermediary, WiSHOP is entitled to full safe harbor protection under Section 79 of the Information Technology Act, 2000, and is not liable for any third-party information, data, or communication links transmitted or routed through our Services.

2. Roles under Digital Personal Data Protection (DPDP) Act, 2023

In compliance with the Digital Personal Data Protection Act, 2023 ("DPDP Act") of India, the roles and responsibilities are allocated as follows:

Client as the Data Fiduciary

The Client is the **Data Fiduciary** under the DPDP Act. The Client determines the purpose and means of processing personal data. The Client warrants and represents that they have a lawful basis for processing the personal data of the Data Principals (End Users) and have obtained valid, free, specific, informed, unconditional, and unambiguous consent accompanied by a statutory notice in English and appropriate scheduled languages.

WiSHOP as the Data Processor

WiSHOP acts strictly as the **Data Processor** on behalf of the Data Fiduciary. WiSHOP processes personal data (such as recipient mobile numbers and message contents) solely to execute the data routing instructions provided by the Client. WiSHOP does not use this data for any independent purposes.

3. Information We Collect and Process

We collect and process personal data in a highly restricted manner, conforming to the principle of data minimization under Indian privacy regulations:

  • Client Account Information: Registration details, billing address, contact numbers, tax identifiers (GSTIN/PAN), and API credentials.
  • Transit Messaging Data: Recipient phone numbers, message texts, template names, and transit metadata. Message contents are not persistently archived on our servers and are deleted immediately after routing or within a transient buffer window (not exceeding seven (7) days) solely for error resolution and logging.
  • Technical Logs: IP address, routing latency, and API error codes, processed solely to monitor system health and security.

4. Client Consent & Legal Compliance Obligations

The Client is solely responsible for compliance with the DPDP Act, 2023, the Information Technology Act, 2000, and Meta's WhatsApp Business Policies. The Client warrants and represents that:

Valid DPDP Notice and Consent: You have obtained valid, verifiable opt-in consent from each Data Principal (End User) prior to initiating any message. You must provide clear notice explaining the data category and processing purposes as per Section 5 of the DPDP Act.

Consent Withdrawal (Opt-out):You must provide an easy, immediate option for the Data Principal to withdraw consent (e.g., by replying "STOP"). Upon withdrawal, you must immediately cease sending messages to that individual and ensure their data is removed.

Prohibited Use Cases: You will not use the Service to transmit spam, unsolicited commercial communications, fraudulent alerts, or content violating Section 66A of the IT Act (or any subsequent equivalents under Indian law).

5. Complete Exclusion & Limitation of Liability

"As Is" and "As Available" Service:The Services are provided on an "AS IS" and "AS AVAILABLE" basis, without warranties of any kind, either express or implied. WiSHOP does not warrant that the API routing, transmission, or integration will be uninterrupted, error-free, or entirely secure.

Platform Outages and Third-Party Dependencies: The Service depends entirely on the WhatsApp Business Platform and Cloud API systems operated by Meta Platforms, Inc. WiSHOP is not liable for any service degradation, rate-limiting, API changes, message delivery delays, data loss, or server outages caused by Meta. If Meta suspends or terminates your WhatsApp Business Account (WABA), WiSHOP shall bear no liability whatsoever.

Limitation of Liability Cap: TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE INDIAN LAW, WISHOP’S MAXIMUM AGGREGATE LIABILITY FOR ALL CLAIMS, LOSSES, ACTIONS, SUITS, PENALTIES, OR DAMAGES IN CONNECTION WITH THE SERVICES OR THIS POLICY, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, SHALL BE STRICTLY LIMITED TO INR 5,000 (INDIAN RUPEES FIVE THOUSAND ONLY) OR THE ACTUAL NET FEES PAID BY THE CLIENT TO WISHOP IN THE ONE (1) MONTH PRECEDING THE CLAIM EVENT, WHICHEVER IS LOWER.

Consequential Damages: In no event shall WiSHOP be liable for any indirect, incidental, special, consequential, or punitive damages, including loss of profits, revenue, data, or business goodwill.

6. Client Indemnification

The Client agrees to fully defend, indemnify, and hold harmless WiSHOP, its promoters, directors, employees, and agents from and against any and all claims, regulatory penalties (including those imposed by the Data Protection Board of India, CERT-In, or any other government authority), liabilities, losses, damages, costs, and expenses (including attorney fees) arising from:

  • Client's failure to secure valid legal consent or opt-in from Data Principals.
  • Violation of the DPDP Act, 2023, Information Technology Act, 2000, SPDI Rules, 2011, or other applicable Indian laws.
  • Transmission of spam, unsolicited promotional messages, or restricted content.
  • Any unauthorized use or leakage of Client API keys or WhatsApp configuration settings.

7. Security Practices & Breach Disclosures

We maintain "reasonable security practices and procedures" as mandated under Section 43A of the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. This includes encryption of data in transit (TLS 1.3) and secure server environments.

In the event of a security breach or incident, WiSHOP will notify the Client (as Data Fiduciary) to allow them to comply with breach reporting guidelines under Section 8(6) of the DPDP Act, 2023, and directives of the Indian Computer Emergency Response Team (CERT-In).

8. Governing Law and Dispute Jurisdiction

This Policy, the Services, and all legal relations between WiSHOP and the Client shall be governed, interpreted, and construed solely in accordance with the laws of the Republic of India, without regard to conflict of law principles.

Any dispute, claim, or legal action arising out of or in connection with these terms or the Services shall be subject to the exclusive jurisdiction of the competent courts located in New Delhi, India.

9. Grievance Officer & Redressal

In accordance with the Information Technology Act, 2000, the SPDI Rules, 2011, and the DPDP Act, 2023, the contact details of the designated Grievance Officer for WiSHOP are provided below. Grievances will be addressed within the timelines prescribed by law.

WiSHOP Grievance Officer

Officer Name: Baibhav Kumar

Designation: Grievance & Compliance Officer

Email: support@wishop.xyz

Wishop is the leading creative partner to startups and new ventures

  • Work
  • Clients
  • About
  • Careers
  • Contact
  • Team

WI SHOP

WiSHOP 2026

Privacy Policy

Instagram

LinkedIn