Is WhatsApp marketing legal in the EU?

Yes, when customers have opted in and messaging follows Meta's WhatsApp Business policy and GDPR. Hapee is template-first and requires you to warrant opt-in; it does not message customers who have not consented.

Where is my data stored?

In the EU. Processing and storage run on an EU region, and your customers' data does not leave the bloc.

Who can see my WhatsApp access token?

No one through the product. Tokens are encrypted per tenant and are never returned to the browser or in any API response.

Is Hapee GDPR compliant?

Hapee is built to support GDPR: a lawful basis via merchant opt-in, EU residency, encryption, data-subject request handling, and a data processing agreement on request.

What happens to my data if I leave?

Outreach stops immediately and records are retained only as needed for billing and legal obligations, then deleted or anonymised.

Security & trust

Built for merchants who take customer data seriously.

EU data residency, per-tenant encryption, and strict isolation. Plain-language commitments, not just badges.

EU data residency GDPR-ready Per-tenant encryption Meta policy compliant

EU data residency

Data is processed and stored in the EU. Infrastructure runs on an EU region, your customers' information doesn't leave the bloc.

Encryption at rest, per tenant

WhatsApp access tokens are encrypted per tenant and never exposed to the browser. Settings APIs omit secrets entirely.

Shopify Protected Customer Data

We follow Shopify's Protected Customer Data requirements: minimum necessary access, a documented purpose for every field, and Level 2 data-handling controls. Hapee reads carts and orders, never payment details.

Tenant isolation

Every request is scoped to your shop by a signed bearer token, the server derives your identity, never the client. One tenant can never reach another's data.

WhatsApp & Meta compliance

Outreach is template-first and policy-compliant. You warrant opt-in for your customers; Hapee enforces Meta's messaging and template rules.

Server-side secrets only

The Go API base URL and merchant bearer token live server-side only. The browser talks to our app server; it never holds a credential or calls the core directly.

Data boundaries

How your data is protected, end to end

The browser never touches the core or your WhatsApp token. Every request is brokered server-side and scoped to your shop.

Browser

Session cookie only, httpOnly and Secure

Session

Hapee app server

Holds the bearer token and adds it server-side

Encrypted

Go core

Per-tenant data, token encrypted at rest

Browser talks only to the Hapee app server. The Go core and the WhatsApp token are never exposed to the client.

Two boundaries do the real work. Between the browser and our app server, only a httpOnly, Secure, SameSite session cookie travels, so no credential ever reaches client-side JavaScript and there is nothing for a malicious script to steal.

Between our app server and the Go core, a short-lived HMAC-signed bearer identifies your shop, derived from the token alone, never from anything the client sends. Your WhatsApp access token sits encrypted at rest and is decrypted only in memory, for the moment a message is sent. It is never written to a log, returned by an API, or rendered in the dashboard.

Data lifecycle

What we process, and for how long

The minimum needed to recover carts, kept only as long as it is useful, then removed.

What we collect

Abandoned cart contents and value, the customer first name and WhatsApp number for opted-in shoppers, message bodies and delivery states, and order completion for attribution. No payment data.

Why we process it

Solely to deliver the recovery messaging you configure, on the legal basis you rely on and warrant. We classify carts to avoid messaging bots, which protects shoppers and your sender reputation.

How long we keep it

As long as needed to run the service and substantiate attribution and billing, then deleted or anonymised. You can request earlier deletion subject to legal retention.

Commitments

What Hapee never does

Never messages customers who have not opted in. Outreach is template-first and you warrant consent. Hapee does not contact non-consenting shoppers.

Never exposes your WhatsApp token. It is encrypted per tenant and is never returned to the browser or any API response.

Never sells personal data. Data is shared only with the sub-processors needed to run the service, listed in the DPA.

Never moves your data out of the EU. Processing and storage stay in an EU region.

Architecture posture

How the boundaries are drawn.

A quick, honest map of where data lives and who can touch it.

Data flow

Browser ⇄ Hapee app server (session cookie) ⇄ Go core (bearer). Never browser ⇄ core directly.

Auth

HMAC-signed bearer token; the shop is derived from the token only. Client-supplied shop identifiers are treated as untrusted.

Secrets

WhatsApp access_token encrypted at rest, per tenant. DTOs omit it, it's never returned to or accepted from the client.

Transport

HTTPS everywhere, HSTS, nosniff, strict referrer policy, and a nonce-based CSP that only allows the Meta Embedded Signup origin in a frame.

Session

httpOnly, Secure, SameSite=Strict session cookie between the browser and our app server.

GDPR

Your data rights, supported

Data-subject requests are handled promptly. For shopper data, requests route to you as controller and Hapee assists as processor.

Access

Get a copy of the personal data held about a data subject.

Rectification

Correct inaccurate or incomplete personal data.

Erasure

Request deletion, subject to legal retention obligations.

Restriction

Limit how personal data is processed in defined cases.

Portability

Receive data in a structured, portable format.

Objection

Object to certain processing of personal data.

Transparency

Sub-processors

Data is shared only with the providers needed to run the service. The current list is maintained in the DPA.

Provider	Purpose	Region
Cloud hosting	Runs the Hapee app and core	EU
Platform connector	Reads abandoned carts and completed orders (e.g. Shopify)	Per platform
WhatsApp via Meta	Delivers messages on your own number	Per Meta

Request the full, current sub-processor list with the DPA.

Security & compliance questions

: Yes, when customers have opted in and messaging follows Meta's WhatsApp Business policy and GDPR. Hapee is template-first and requires you to warrant opt-in; it does not message customers who have not consented.
: In the EU. Processing and storage run on an EU region, and your customers' data does not leave the bloc.
: No one through the product. Tokens are encrypted per tenant and are never returned to the browser or in any API response.
: Hapee is built to support GDPR: a lawful basis via merchant opt-in, EU residency, encryption, data-subject request handling, and a data processing agreement on request.
: Outreach stops immediately and records are retained only as needed for billing and legal obligations, then deleted or anonymised.

Read the fine print.

Our policies are written to be read, not skimmed past.