Compliance & Security

Our Commitment to Compliance

At iSend, we are committed to maintaining the highest standards of compliance and security. As a WhatsApp Business API provider serving businesses across Africa and globally, we adhere to strict regulatory requirements and industry best practices.

Data Protection Compliance

GDPR Compliance

We fully comply with the General Data Protection Regulation (GDPR) for all our European customers and global operations:

• Lawful basis for all data processing activities
• Comprehensive data protection impact assessments
• Data breach notification within 72 hours
• Privacy by design and by default principles
• Data Protection Officer oversight
• Regular staff training on data protection

POPIA Compliance

For our South African customers, we comply with the Protection of Personal Information Act (POPIA):

• Information officer appointed
• Secure processing of personal information
• Data subject rights implementation
• Cross-border data transfer safeguards
• Regular compliance audits

Other Regional Regulations

We also comply with various African data protection regulations including Nigeria's NDPR, Kenya's Data Protection Act, and other emerging frameworks across the continent.

WhatsApp Business API Compliance

As an official WhatsApp Business API provider, we ensure full compliance with WhatsApp's policies:

Commerce Policy

• Prohibited goods and services screening
• Regulated industries compliance
• Age verification requirements
• Geographic restrictions adherence

Business Messaging Policy

• User consent verification
• Opt-out mechanism implementation
• Message quality standards
• Response time requirements
• Template message guidelines

Security Standards

ISO 27001

We are working towards ISO 27001 certification for our Information Security Management System:

• Information security risk management
• Security controls implementation
• Continuous monitoring and improvement
• Third-party security assessments

SOC 2 Type II

Our systems undergo regular SOC 2 Type II audits to ensure:

• Security controls effectiveness
• Availability commitments
• Processing integrity verification
• Confidentiality safeguards
• Privacy controls validation

Technical Security Measures

Encryption

• 256-bit SSL/TLS encryption for all data in transit
• AES-256 encryption for data at rest
• End-to-end encryption for WhatsApp messages
• Database encryption with regular key rotation

Access Control

• Multi-factor authentication (MFA)
• Role-based access control (RBAC)
• Least privilege principle enforcement
• Regular access reviews and audits

Monitoring & Detection

• 24/7 security monitoring
• Intrusion detection systems
• Security information and event management (SIEM)
• Automated threat response

Industry-Specific Compliance

Financial Services

For financial institutions, we support compliance with:

• PCI DSS for payment card data
• Central bank regulations
• Anti-money laundering (AML) requirements
• Know your customer (KYC) procedures

Healthcare

Healthcare organizations can rely on our HIPAA-compliant features:

• Protected health information (PHI) safeguards
• Business associate agreements (BAA)
• Healthcare data encryption standards
• Audit trails and access logs

Education

Educational institutions benefit from our compliance with:

• FERPA compliance features
• Student data protection
• Parental consent management
• Educational record security

Compliance Training

All iSend employees undergo regular compliance training covering:

• Data protection principles
• Security best practices
• Regulatory requirements
• Incident response procedures
• Ethical business conduct

Third-Party Audits

We engage independent third-party auditors to validate our compliance:

• Annual security assessments
• Penetration testing
• Vulnerability scanning
• Compliance gap analysis
• Remediation verification

Incident Response

Our comprehensive incident response program includes:

• 24/7 incident response team
• Breach notification procedures
• Root cause analysis
• Remediation and prevention
• Regulatory reporting

Contact for Compliance

For compliance-related inquiries or to report concerns:

Certifications & Badges