H
HelpKit
Account & Security

Data Privacy and GDPR Compliance

2 min readMar 19, 2026

Data Privacy and GDPR Compliance



HelpKit is committed to protecting user privacy and helping businesses comply with data protection regulations including GDPR, CCPA, and other privacy laws.

Data We Collect



From Your Business:
  • Account information (email, business name, billing details)
  • Team member accounts
  • API usage and login logs
  • Billing and payment information


    • From Your Customers:
  • WhatsApp phone numbers and display names
  • Message content and media
  • Conversation metadata (timestamps, status)
  • Custom fields you add to contacts


    • How We Protect Data



  • Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Control: Role-based permissions, 2FA support
  • Infrastructure: Hosted on SOC 2 compliant servers
  • Backups: Automated encrypted backups with point-in-time recovery
  • Monitoring: 24/7 security monitoring and intrusion detection


    • GDPR Compliance Features



    #### Right to Access Contacts can request their data:
  • 1.Go to Settings → Privacy → Data Requests
  • 2.Enable Self-Service Portal
  • 3.Contacts can visit your-domain.com/privacy to request their data


    • Alternatively, manually export via Contacts → Contact Profile → Export Personal Data

    #### Right to Erasure (Right to be Forgotten) Delete a contact and all their data:
  • 1.Open contact profile
  • 2.Click ⋮ → Delete Contact
  • 3.Choose Delete all data (includes messages)
  • 4.Confirm deletion


    • #### Data Portability Export customer data in machine-readable format:
  • JSON export for full data
  • CSV export for contact lists
  • PDF export for conversation history


    • #### Consent Management
  • Track opt-in source for each contact
  • Automatic opt-out handling (responds to STOP)
  • Consent timestamp logging


    • Data Processing Agreement (DPA)



    Business and Agency plan customers can sign our DPA:
  • 1.Go to Settings → Legal → DPA
  • 2.Review and digitally sign
  • 3.Download signed copy


    • Data Retention



    Default retention periods:
  • Messages: 2 years (configurable)
  • Contact data: Until manually deleted
  • Analytics: 13 months
  • Backups: 30 days
  • Deleted data: Purged after 30 days


    • Configure retention in Settings → Privacy → Data Retention

    Third-Party Data Sharing



    We share data only with:
  • Meta/WhatsApp: Required for message delivery
  • Payment processors: Stripe/Razorpay for billing
  • Infrastructure: AWS for hosting
  • Your authorized integrations: Only what you explicitly connect


    • We never sell customer data.

    Compliance Checklist



  • ✅ Obtain explicit consent before messaging
  • ✅ Provide clear opt-out in every marketing message
  • ✅ Document consent source and timestamp
  • ✅ Honor data requests within 30 days
  • ✅ Sign DPA if required by your jurisdiction
  • ✅ Configure appropriate data retention periods
    • Was this article helpful?
    Let us know so we can improve our documentation

    Related Articles

    Account & Security
    Enabling Two-Factor Authentication
    2 min read
    Contacts & CRM
    Exporting Your Contact Data
    1 min read
    Still need help?
    Our support team is here for you
    Submit a ticket →