WhatsApp Data Policy

last updated 2026-05-17 · required by Meta's Platform Terms and WhatsApp Business Solution Terms

In short. When you message our WhatsApp business number, the message (audio, video, or text), your WhatsApp number, and your profile name are forwarded to our server by Meta's WhatsApp Cloud API. We process the audio to remove the music background and send back the cleaned result via the same WhatsApp thread. We don't share your data with anyone outside what's required to deliver that result.

1. Why this page exists

Meta's WhatsApp Business Solution Terms and the Meta Platform Terms require any business that uses the WhatsApp Business Platform to publish a prominent, plain-language statement covering the data flows enabled by that platform. This page satisfies that requirement.

2. What WhatsApp sends to us

When you send a message to our WhatsApp business number, the WhatsApp Cloud API delivers a webhook to our server. That webhook contains:

Field	Example	Why
`from` — your WhatsApp number in E.164 form	`+9665XXXXXXXX`	So we can send the result back to you
`profile.name` — your display name	`Ahmed`	Used in admin dashboards for support visibility
`type` — message kind	`audio \| video \| text \| image \| document`	Routes the message to the correct handler
Media reference	`media_id` + signed download URL	We use the URL to fetch the source media from Meta
Message id + timestamp	`wamid.xxx`, ISO-8601	Deduplication and audit trail

The actual media bytes (your audio or video) are downloaded by our server via the temporary signed URL Meta provides; the download is over TLS and authenticated with our business access token. No third party sees that traffic.

3. What we do with it

Download the media from Meta's CDN to our server.
Re-encode it to a canonical WAV (44.1 kHz, stereo) for processing.
Run the open-source Demucs speech-separation model on our GPU. The audio never leaves our server — we don't call OpenAI, Anthropic, Google, or any external AI provider.
Encode the separated speech back to your original format (MP3 / AAC inside MP4).
Upload the result to WhatsApp's media endpoint and send the resulting media id back to your thread, so it appears as a reply in the same conversation.
Delete the source audio and intermediate files. Cache the result for 24 hours so a re-send of the same input returns instantly; after 24 hours the cached result is permanently deleted.

4. What we send to WhatsApp

The processed (music-removed) media as a reply to your message.
Status text messages while a job is in progress ("got your clip, give me X seconds…" and the equivalent in your locale).
Error notifications when a clip is rejected (too long, unreadable, queue full).

5. What we don't do

No marketing. We will not send promotional messages, broadcasts, or template messages outside the 24-hour customer-service window allowed by Meta.
No automated outreach. The bot only responds to messages you initiate.
No transcription, no content analysis. We run music/voice separation on the acoustic signal. We do not transcribe your speech, identify speakers, detect sentiment, or run any other content-aware AI over the audio.
No data brokering. Your phone number, profile name, and audio are never sold, rented, or licensed to anyone.

6. Third parties involved

Party	What they see	Why
Meta Platforms, Inc. (WhatsApp)	Everything — they operate the transport.	WhatsApp Cloud API is the messaging channel itself.
Cloudflare, Inc.	TLS-encrypted webhook payloads in transit; IP addresses; request metadata. They cannot read the audio bytes — those are encrypted to our origin.	Edge proxy + DDoS protection in front of our webhook endpoint.
GPU host provider	Runs the physical machine; no application-level access to messages or audio.	Hardware operator.

No other parties.

7. Retention

Source audio: deleted within seconds of processing completing.
Processed audio: kept for 24 hours, then permanently deleted by an automated job. Stored only on the processing server's encrypted disk.
Webhook events log (phone, timestamp, message kind, success/error): up to 7 days at hourly resolution for capacity planning and abuse prevention.
WhatsApp-side data: we have no control over Meta's retention; see the WhatsApp Privacy Policy.

8. Your controls

Stop using the bot. Block the number in WhatsApp and we'll stop receiving anything from you.
Request deletion. Email [email protected] with the subject line [DELETE] and your WhatsApp number. We'll purge all cached outputs, counters, and event logs tied to that number within 7 days.
Request a copy. Same address, subject [ACCESS]. We'll return whatever we currently hold (typically very little: recent message metadata within the 7-day retention window).

9. Security

All inbound and outbound traffic is over TLS 1.3 (Cloudflare edge → our origin).
WhatsApp webhooks are signature-verified using the App Secret issued by Meta; unsigned or wrongly-signed requests are rejected with HTTP 403.
Tokens and secrets are stored in environment files with chmod 600; not in source control.
The admin dashboard for our operations team is behind HTTP basic auth on a non-default subdomain (admin.removemusic.io), rate-limited at the Cloudflare edge.

10. Children

This service is not directed at children under 16. The minimum age for using the WhatsApp Business Platform is set by Meta. If you believe a child has interacted with our bot, email [email protected] and we'll purge their data.

11. Contact

General[email protected]

Data / Privacy / DPO[email protected]

Abuse[email protected]

12. Updates

Material changes will be re-published here with a new "last updated" date. When the change affects how we process your data, we'll also notify active users via WhatsApp from the same business number.

See also: Privacy Policy (master document) · Data Protection (GDPR) — your EU rights · Terms of Service.