[Free Guide]
From Paper to Pixels: Driving Digital Transformation for Frontline Teams
« Back to Blog

Why It Could Be Illegal to Use WhatsApp for Your Internal Communications

Data Security Checklist

Does your company use WhatsApp for internal communications? WhatsApp might work for social occasions, but it does not suffice for business needs. It’s time to find a better way, because there are actually several reasons it is potentially illegal to do so!

Terms of Service:

We all know that no one actually reads the terms of service on anything they use, but in this case not reading the terms of service could land your company in hot water. While many people believe it is fine to use WhatsApp for corporate use, the Terms of Service explicitly say “Your use of the Service as permitted is solely for your personal use”. You can find the full Terms of Service on the WhatsApp website, but before you decide to use it as an internal communication solution for your company you should definitely read them thoroughly.

Third-Party Access:

If you use WhatsApp you are giving them access to all contacts stored in your address book. Specifically, by using WhatsApp you are giving “Your express consent to WhatsApp to access your contact list and/or address book for mobile phone numbers in order to provide and use the Service.” If you use WhatsApp for personal use this would likely give you pause – if you use it company wide you should be especially critical.

Data Storage:

Another thing to keep in mind, especially for global companies, is that WhatsApp is strictly a US company. They expressly say on their website that the “WhatsApp Site and Service are hosted in the United States and are intended for and directed to users in the United States.”

This is especially problematic for companies based in the EU, in light of the new EU data protection rules. For most global companies, it’s better to have the option to choose where your data is stored. If you’re based in the EU, you’re likely going to want your data stored in the EU as well! That doesn’t mean you shouldn’t choose a US based company, but you should make sure you have a choice about where your data is stored.


WhatsApp just implemented a groundbreaking end-to-end encryption program, which according TechCrunch will make WhatsApp “Unable to be compelled to hand over messaging data – even if served with a warrant by authorities demanding access.” While it may seem like this encryption program is a reaction to the Apple/FBI issue that’s come up recently, it has actually been in the works for years.

For some the news of end-to-end encryption may be welcome. It seems to imply that WhatsApp would be ideal for internal communications. But many countries actually ban this type of encryption, and many more are actively considering banning it. So before you get too excited about the encryption news and how it might solve third-party access issues, do some research on what’s allowed in your country.

At Beekeeper, we’ve been mindful of issues like encryption, storage, and third-party access when designing our product. For example, Beekeeper doesn’t scrape our user’s third-party contacts from their address book, staying clear of data privacy issues. In fact, you don’t even need a phone number or email address to login to our application. Instead, companies can onboard employees simply by assigning them an employee ID.

Additionally, we give our customers the option to choose where to store their data: the US, Switzerland, Germany, or Ireland. So if you’re an EU-based company we can guarantee that your users’ data is stored in the EU.

For all of the above reasons, it may not be wise at this point to use WhatsApp for internal corporate communications. There’s nothing wrong with using the app personally, but it may be time to find a new method to communicate with your employees.

To learn more about why consumer-grade platforms like WhatsApp could threaten your business data, download our Security and Support checklist.