WBM
Security
Last updated: November 4, 2025

Security at WBM

We design WBM with layered controls across people, process, and technology to help protect your data and maintain reliable service.

Encryption in transit & at rest
TLS for data in transit and provider-backed encryption at rest where supported.
Least privilege access
Role-based controls and auditability for administrative actions.
Monitoring & response
Health checks, alerting, and defined procedures for incidents.

1) Overview

Security at WBM focuses on confidentiality, integrity, and availability. We apply controls proportional to the data we process and the services we provide.

2) Encryption

  • TLS for data in transit between clients, our services, and approved providers.
  • Encryption at rest supported by cloud services for databases, files, and backups where applicable.
  • Key management aligned with provider capabilities and industry practices.

3) Access Control

  • Role-based access for owners and agents within your workspace.
  • Least-privilege access for internal staff with periodic reviews.
  • Auditability of sensitive administrative actions where available.

4) Infrastructure & Network

  • Use of reputable cloud providers for compute, storage, and networking.
  • Segregation of environments and principle of minimal exposure.
  • Vulnerability management and dependency updates as part of routine operations.

5) Monitoring & Logging

  • Health checks, metrics, and logs for availability and performance.
  • Alerts for anomalous behavior and error rates to aid timely response.
  • Retention of operational logs for troubleshooting and security review.

6) Incident Response

  • Defined procedures for triage, containment, remediation, and post-incident review.
  • Notification to customers without undue delay if a breach affecting their data is confirmed.
  • Root-cause analysis and action tracking for material incidents.

7) Business Continuity & DR

  • Backups and restoration tests on a cadence proportionate to risk.
  • Redundancy across provider availability zones where feasible.
  • Runbooks for major service disruptions and recovery priorities.

8) Responsible Disclosure

  • We welcome vulnerability reports from researchers acting in good faith.
  • Do not access data that isn’t yours or disrupt the service.
  • Report findings to support@gravbox.com.

9) Compliance Notes

  • We align controls to common industry practices for SaaS security.
  • We do not claim formal certifications on this page unless explicitly stated in the app or documentation.
  • Data Processing terms are available in our DPA.

10) Data Handling & Retention

  • Message history and media are retained within your plan’s storage and retention settings.
  • We store the minimum data necessary to operate the service and meet legal obligations.
  • Deletion follows normal backup and retention cycles.

11) Customer Responsibilities

  • Maintain strong passwords and control agent access in your workspace.
  • Obtain and manage end-user consent and comply with WhatsApp/Meta policies.
  • Avoid sending sensitive data unless strictly necessary and permitted by law.

12) Related Resources

13) Contact

Security questions can be sent to support@gravbox.com.

This page summarizes our current controls and may evolve as we improve the service. It does not constitute a warranty or legal advice.