it IT en EN
Get started
Trust & compliance

Certifications, security and regulatory compliance

How Chat API by Roxpay processes data, secures infrastructure and connects to RoxPay for card payments and billing.

Privacy Policy Terms of Service Service status API documentation

GDPR & personal data

Roles, privacy notices and data subject rights under applicable law.

API security

TLS, credentials, monitoring and webhook best practices.

WhatsApp policy

Official Business Platform use and Meta terms.

RoxPay payments

Card billing handled by the RoxPay payment platform.

Personal data protection and GDPR

Messaging APIs process personal data (phone numbers, message content, technical metadata). Rox Pay S.R.L. acts as controller or processor as defined in applicable agreements and legal documentation.

For full details on processing, data subject rights and privacy contacts, see the Privacy Policy and Terms of Service published on Roxpay.

GDPR roles and customer responsibility

When you message your end users you are often the controller for data collected in your commercial relationship. You must define appropriate lawful bases (consent, contract, legitimate interest where applicable), notices and contact preferences.

Chat API provides technical tooling and contractual documentation to support compliance; it does not replace your own legal counsel for specific scenarios.

Infrastructure and API security

API traffic uses encrypted transport (TLS). Credentials must be stored securely, rotated regularly and never exposed in client-side code.

Availability and monitoring

The Roxpay ecosystem includes operational monitoring and public status channels. See status.roxpay.eu.

Webhooks and integrations

Use HTTPS endpoints, verify event authenticity where supported and implement idempotent handlers to cope with platform retries.

WhatsApp Business Platform and Meta policies

Chat API enables access to official WhatsApp Business APIs subject to Meta guidelines and terms. Customers are responsible for compliant use: message quality, approved templates, user opt-in where required and conversation categories.

Number quality and reputation

Misuse can trigger limits or suspensions from Meta. We provide tooling and documentation; policy compliance remains a shared obligation between platform, partners and the end customer.

Card payments (RoxPay)

Card charges for Roxpay/Chat API services are processed through the RoxPay payment platform. Chat API is not designed to store primary account numbers (PANs); payment data is handled under RoxPay's applicable notices and certifications.

What this means for your compliance team

For PCI-DSS scope, payment log retention or banking agreements, refer to RoxPay documentation and your account representative.

Questions on certifications or DPAs?

We can help with subprocessors, procurement questionnaires and public-sector requirements.

Contact us