Official WhatsApp Business API
Customers message the business number they already trust.
Trust
Trust matters when AI speaks to your customers
Sawabot helps businesses automate WhatsApp conversations while keeping customer data, human escalation, and admin controls in place. This page explains the safeguards available today, what we can share under NDA, and what we are building next.
Official WhatsApp Business API 
Meta Tech Partner Infrastructure
Built on official WhatsApp infrastructure.
Sawabot is a Meta Tech Partner with direct integration to Meta's WhatsApp Business API. That means your customer conversations run through the official channel, not an unofficial relay.
Conversation logs
Read what the agent did, what it answered, what it escalated, and when a human stepped in.
Meta Tech Partner
Sawabot's status as a Meta Tech Partner means the WhatsApp integration is supported and recognized by Meta.
Anatomy of an agent
Four properties chatbots do not have
Every Agent in Sawabot carries these four properties. They are the line between a chatbot that replies and an Agent that takes action.
No training on your data
Customer conversations and internal documents are never used to train AI models. Sawabot uses LLM providers (Anthropic, OpenAI) with zero-data-retention agreements in place.
Workspace isolation
Your documents, your customer threads, your audit logs, your team — all scoped to your workspace. No other Sawabot account can see your data.
Encryption in transit
All traffic between your customer, Sawabot, and your team is encrypted with TLS. Standard, not optional.
Reliability
Grounded answers, not generic ones.
Hallucinations — AI giving plausible-sounding but wrong answers — are a known risk. Sawabot manages it the only way that actually works: by grounding every reply in a source you uploaded.
Every customer-facing answer comes from your documents — your brochure, your policy, your SOP — not from the public internet. The agent retrieves the right passage, answers from it, and shows the citation. If it can't find a good source, it escalates to your team rather than guessing.
Humans in control
Your team can step in any time.
Trust isn't about handing everything to AI and hoping. It's about giving your team the controls to step in, take over, and see exactly what happened.
Role-based access
Owner, Admin, Operator, and Reader roles keep setup, billing, day-to-day operation, and review separate. Decide who can change what.
Takeover and pause
Any operator can step into a conversation, pause the agent, leave internal notes, and hand the thread back when the human part is done.
Audit trail
Every conversation is logged. See what the agent answered, what it escalated, and when a human stepped in. Exportable for compliance review.
FAQ
What your security and legal teams ask
Short, honest answers to the questions that come up during procurement.
Where does our customer data go?
Customer conversations stay within Sawabot's infrastructure and run on the WhatsApp Business Platform. We use LLM providers under zero-data-retention agreements, so your conversations are not stored by the model providers beyond the duration of each request.
Documents you upload are stored in your workspace and used only to answer your customers.
Are our conversations used to train AI models?
No. Sawabot does not train models on your customer conversations or your internal documents. Our LLM providers have zero-data-retention agreements in place.
Who on our side can access the workspace?
Whoever your admin grants access to. Sawabot has four built-in roles - Owner, Admin, Operator, and Reader - so setup, billing, day-to-day operation, and review can be separated.
For internal-use deployments, only approved employees and collaborators can interact with the agent. Unknown numbers see an unauthorized message and can request access.
How do you prevent the AI from giving wrong information?
Every customer-facing answer is grounded in a source you uploaded. The agent retrieves the right passage, answers from it, and shows the citation. If it cannot find a good source, it escalates rather than guessing.
For regulated work where step order matters, a Process locks the sequence, enforces required fields, and delivers compliance disclosures verbatim.
Are you SOC 2, GDPR, or HIPAA compliant today?
SOC 2, GDPR, and HIPAA readiness depend on the product scope, hosting region, and customer contract. We can share our current posture, data handling details, and roadmap under NDA during procurement.
What's your data retention policy?
Conversations and documents are retained while your workspace is active. On account closure or deletion request, data is purged from production within 30 days and from backups within 90 days. Specific retention windows can be tightened by contract.
Talk to us
Need to share this with your security team?
We can send a one-pager covering data handling, retention, roles, the LLM provider posture, and the WhatsApp Business Platform channel — written for a CISO or compliance lead, not a marketing audience.