Compliance
How NeuraFlow aligns with WhatsApp Business Messaging Policy and Meta platform requirements.
Overview
NeuraFlow is a business messaging platform designed for customer-initiated support interactions. It is not a general-purpose conversational assistant, chatbot builder, or bulk messaging tool.
NeuraFlow connects to existing business knowledge sources and resolves customer requests across multiple channels, including voice, chat, web, Microsoft Teams, Slack, and WhatsApp. All messaging is policy-aligned and operates through official platform APIs.
Meta AI Policy Alignment
The following table describes how NeuraFlow complies with WhatsApp Business Messaging Policy requirements:
| Requirement | How NeuraFlow Complies |
|---|---|
| User opt-in | Businesses must collect explicit end-user opt-in before initiating any WhatsApp communication through NeuraFlow. |
| Template approval | All outbound message templates are submitted through Meta's official approval process before use. |
| 24-hour session rule | NeuraFlow enforces WhatsApp's 24-hour customer service window. Outside-session messages use approved templates only. |
| No bulk messaging | NeuraFlow does not support unsolicited bulk messaging, purchased contact lists, or number rotation. |
| Data isolation | Customer data is isolated within tenant-level boundaries. No cross-tenant data sharing. |
| No model training on user data | Conversation data is never used to train public or shared AI models. Client data remains client-owned. |
| Human handoff | All conversations can escalate to a human agent with full context, including intent, history, and completed steps. |
| Permitted use cases only | NeuraFlow is used exclusively for customer-initiated support interactions aligned with Meta's permitted business categories. |
Permitted Use Cases
NeuraFlow is designed for customer-initiated business support interactions, including:
- Customer support triage and ticket resolution
- Billing inquiries and refund processing
- Account access and verification
- Booking changes and cancellations
- Policy explanations and documentation lookups
- Order status queries with escalation
- Appointment scheduling and service coordination
NeuraFlow is not used for unsolicited outreach, marketing broadcasts, scraping, or any general-purpose conversational services unrelated to business operations.
Data Handling
NeuraFlow applies enterprise-grade data handling practices:
- Encryption in transit (TLS 1.2+)
- Encrypted credential storage (AES-256-CBC)
- Role-Based Access Control (RBAC) with organization-level permissions
- Tenant-level data isolation via organization boundaries
- No resale of customer data
- No training on client conversations or WhatsApp message data
- Client data ownership — your data remains yours
Human Oversight
NeuraFlow is designed for human oversight at every stage. Conversations escalate to human agents when:
- Confidence in the response drops below a configurable threshold
- Policy boundaries are reached that require human judgment
- The customer explicitly requests a human agent
- Actions require human approval (e.g., high-value refunds, account changes)
When escalation occurs, the receiving agent gets full context: customer intent, conversation history, completed steps, and any relevant customer records. The customer does not need to repeat themselves.
References
External policy references:
- WhatsApp Business Messaging Policy
- WhatsApp Business Terms of Service
- WhatsApp Business Platform Documentation
Internal NeuraFlow policies:
Contact
For compliance or security inquiries, contact neuraflow@brainstation-23.com.