Trust

Compliance overview for buyers

Plain-language guide for security and procurement reviews: what WAPing (Secuno LLC) publishes, what we do not represent, and how to engage our team. Use this with the Security page, Privacy Policy, Terms, and DPA.

Last updated:

Purpose of this page

Teams evaluating WAPing often need a single place to orient diligence. This page summarizes how we talk about data protection and security: where the binding language lives, what questions we can answer directly, and what we will not invent for a checklist.

This is not legal advice for your organization. Your counsel and risk owners remain responsible for deciding whether the Service fits your regulatory context.

What we do not claim

  • No SOC 2, ISO 27001, or similar third-party attestation. We do not publish certification reports or auditor opinions. If a questionnaire asks for a SOC 2 Type II report, the honest answer is that we do not have one today.
  • No "GDPR certified" or government seal. We describe processing in our Privacy Policy and, for business customers acting as controllers, in the Data Processing Addendum. That is contractual and policy language—not a regulator endorsement.
  • No HIPAA BAA or regulated-healthcare packaging as a standard offering unless expressly agreed in writing for your account. Do not infer coverage from marketing pages.
  • No uptime or security SLA in the public Terms unless a separate signed order form says otherwise. Availability depends on our stack, your configuration, and third parties including WhatsApp.

Contractual and policy map

Use these in order during review:

  • Terms of Service — relationship, acceptable use cross-reference, fees, disclaimers, liability caps.
  • Privacy Policy — controller vs processor roles, categories of data, retention, rights, international transfers.
  • Data Processing Addendum — Article 28-style processor commitments when we process personal data on your instructions.
  • Acceptable Use Policy — messaging and technical rules; ties to enforcement and refunds.
  • Refund Policy — seven-day rule for eligible new paid charges; exclusions.
  • Cookie Policy — site and app cookies where applicable.

Commercial terms and plan limits: Pricing. Product mechanics and API: Developer documentation and How it works.

Security and operational practices

High-level technical and organizational measures (encryption in transit, access control, logging, incident handling) are described on the Security page. That page is descriptive—it does not replace the DPA or a formal penetration-test report.

Shared responsibility: you configure API keys, webhooks, connected WhatsApp sessions, and recipient consent. We cannot secure choices made in your account or code.

How procurement reviews usually work

  1. Send your standard questionnaire or redlines to [email protected] or use the contact form with subject "Procurement".
  2. We answer factually against current product behavior. If we cannot support a requirement, we say so rather than implying a roadmap commitment.
  3. Enterprise or volume customers may request a countersigned DPA or order-form terms—see the execution section of the DPA.

We are a small team; complex reviews may take several business days. Urgent production incidents should follow support channels referenced in your account or Terms.

Contact

Legal and procurement: [email protected]

Privacy rights requests: [email protected]

Security-sensitive reports: use Contact and choose Security, or follow instructions on the Security page—do not send secrets by email.

Questions about this document?

Privacy requests, procurement questions, and billing topics go to the right inbox—we answer from published terms, not invented guarantees.

Contact usSecurity & trustPricing

Other policies: Compliance overview · Privacy · Terms · Cookies · Acceptable use · Refunds · DPA