All articles
Guide

WhatsApp BSP Contract Red Flags: 12 Clauses to Check (2026)

The 12-clause red-flag checklist for WhatsApp BSP contracts in India - lock-in mechanics, movable markups, WABA ownership, data-export rights, SLA credits and exit cooperation - each with the exact question to ask the vendor instead. Plus the 60-second five-question pre-signature test.

RichAutomate Team
9 min read 0 views
WhatsApp BSP Contract Red Flags: 12 Clauses to Check (2026)

The short answer. Most WhatsApp BSP contracts are signed after a demo and a pricing PDF — and the expensive terms hide in neither. This is the 12-clause red-flag checklist Indian buyers should run before signing any BSP agreement: lock-in mechanics, markup escalators, data-export rights, WABA ownership, SLA teeth and exit maths. Print it, take it into the negotiation, and ask every vendor the "what to ask instead" question under each flag. General guidance, not legal advice — have counsel read the final paper.

Context that makes this urgent: switching BSPs later is possible (the number migrates), but templates re-approve, integrations rebuild and campaigns pause. The cheapest exit is the clause you negotiated before signing. Companion reads: the full RFP scorecard and 23 hidden BSP costs.

Commercial red flags

1. Annual-only billing with no monthly option

Why it hurts: you discover product-fit problems in month 2 and pay for 12. Ask instead: "Give me quarterly billing for the first year, annual after." A vendor confident in retention will take that trade.

2. Per-message markup that can change without consent

The clause: "rates subject to revision in line with Meta pricing changes." Sounds fair — but check whether the vendor's own margin can move under the same sentence. Ask instead: markup expressed as a fixed ₹/message or fixed %, changeable only with 30-day notice + exit right.

3. Per-seat fees with silent escalation

Why it hurts: agent seats added mid-cycle at list price turn a ₹2,499 plan into ₹8k+ real spend (the pattern buyers report across review sites). Ask instead: seat price locked for the term, in writing, including added seats.

4. "Free" onboarding with a clawback

The clause: onboarding/setup fee waived, billed back if you exit before N months. Legitimate if disclosed — a lock-in if buried. Ask instead: the clawback amount and trigger, in a named line item.

Control red flags

5. WABA created under the vendor's Business Manager

The single most expensive mistake in this market. If your WhatsApp Business Account lives in the BSP's Business Manager, "your" number, quality rating and green-tick history are theirs to hold in a dispute. Ask instead: WABA created under your Business Manager (Embedded Signup does this by default on clean setups); confirm in writing you hold admin.

6. Template library ownership ambiguity

Why it hurts: months of approved templates and their performance history don't export; a hostile exit means rebuilding from screenshots. Ask instead: contractual right to a full template export (name, category, language, body, status) on request.

Stop overpaying on WhatsApp

Get a 1-minute BSP audit on WhatsApp

Drop your WhatsApp number — we line-item your current invoice against Meta India rates in under 60 seconds. India-hosted, DPDP-compliant.

DPDP-compliant · India-hosted · 1-min reply

7. No contact/consent-ledger export right

Why it hurts: your opt-in records are your DPDP evidence and your remarketing asset. Some platforms export contacts but not consent timestamps. Ask instead: full export of contacts + opt-in source + timestamp in CSV, self-serve, no fee.

8. API keys and webhooks locked to "enterprise" tiers

Why it hurts: the day you need to integrate a CRM, you learn integration is a paid unlock. Ask instead: webhook + API access confirmed on your tier before signing — see the glossary on webhooks.

Legal & data red flags

9. Processor obligations missing (DPDP)

Why it hurts: under DPDP you remain the data fiduciary; if the contract has no processing terms, breach-notification duties, sub-processor list or deletion commitments, the regulatory exposure is yours alone. Ask instead: a data-processing addendum covering purpose limitation, breach notice timelines, deletion on exit. Checklist: DPDP compliance guide.

10. SLA without credits

The clause: "99.9% uptime target" with no remedy defined. A target without credits is a poster, not an SLA. Ask instead: service credits per breach band, and a termination right after repeated breaches.

11. Unilateral suspension without cure period

Why it hurts: vague "policy violation" clauses let a vendor freeze your number mid-festival-season with no warning. Meta enforcement is real and nobody can shield you from it — but the vendor's own suspension powers should require notice + a cure window except for clear illegality.

Exit red flags

12. Migration non-cooperation

Why it hurts: WABA migration needs the losing vendor to not obstruct (releasing the number, confirming ownership). Silence in the contract = leverage for them at exit. Ask instead: an explicit exit-cooperation clause: vendor completes migration steps within N business days of notice, data exports delivered before final invoice. Full process: the BSP migration guide.

The 60-second pre-signature test

Ask the vendor these five, in writing: 1. "Is the WABA under my Business Manager?" 2. "What exactly can I export, and when?" 3. "Can your margin change during my term?" 4. "What credits do I get when your SLA breaks?" 5. "Describe your role in my exit migration." A good vendor answers all five in one email. Evasion on any one is your answer.

Where RichAutomate stands on each

Fair disclosure since we are a vendor in this market: ₹0 platform fee (no annual lock-in to escape), WABA under your Business Manager, INR + GST billing, flat per-message pricing (Client Pay ~₹0.10/msg + Meta direct), contact/consent export self-serve, and no exit clawbacks. Judge us by the same five questions — start the 14-day trial (100 credits, no card) or compare everyone's structure in the 18-BSP pricing index.

Negotiating a BSP contract this quarter? Bring the checklist to a free 30-min call — we will go clause by clause, even if you sign elsewhere. Or WhatsApp us at +91 74349 01027. See pricing.

Ready to ship this?

Get the full migration playbook on WhatsApp

A founder-led 1-minute reply with the migration steps, template approval timeline, and a 14-day pilot offer. DPDP-compliant. India-hosted. No spam.

DPDP-compliant · India-hosted · 1-min reply
Tagged
WhatsApp Business APIBSP ContractRed FlagsProcurementVendor Lock-inWABA OwnershipDPDPSLANegotiationIndia2026
Written by
RichAutomate Team
Editorial team at RichAutomate. We build the WhatsApp Business automation platform Indian D2C brands, fintechs, and agencies use to ship campaigns and flows on the official Meta Cloud API.
FAQ

Frequently asked questions

What is the biggest red flag in a WhatsApp BSP contract?
The WABA being created under the vendor's Meta Business Manager instead of yours. If the BSP holds the WhatsApp Business Account, your number, quality rating and green-tick history are effectively theirs in any dispute. Insist on the WABA living under your own Business Manager with your admin access confirmed in writing.
Can I switch WhatsApp BSP providers after signing?
Yes - the number migrates between BSPs on the official API - but templates must be re-approved, integrations rebuilt, and campaigns pause during the move. Annual lock-ins, onboarding clawbacks and missing exit-cooperation clauses make it expensive. Negotiate quarterly billing, data-export rights and an explicit migration-cooperation clause before signing.
What data should a BSP contract let me export?
Three things at minimum: your full contact list, your consent ledger (opt-in source and timestamps - your DPDP evidence), and your template library with names, categories, languages, bodies and statuses. Self-serve CSV export with no exit fee is the standard worth demanding; contacts-without-consent-timestamps is a common gap.
What should a WhatsApp BSP SLA include?
An uptime target is meaningless without remedies. A real SLA defines service credits per breach band and a termination right after repeated breaches. Also check the vendor's own suspension powers - they should require notice and a cure window except for clear illegality, so your number cannot be frozen mid-campaign on a vague policy clause.
Do DPDP rules apply to my BSP contract?
Yes - under the DPDP Act you remain the data fiduciary for your customer data, with the BSP as processor. The contract needs a data-processing addendum covering purpose limitation, breach-notification timelines, sub-processor disclosure and deletion on exit. Without it, the regulatory exposure sits with you alone. This is general guidance, not legal advice.
RichAutomate · WhatsApp BSP for India 2026

Ship WhatsApp campaigns + flows on a transparent, compliance-ready BSP.

₹0 platform fee. DPDP audit log included. Visual flow builder. Multi-tenant from day one.

Start free trial
Want this for your brand?

Get a free 24-hour BSP audit

Send us your last invoice. We line-item it against Meta's published rates and benchmark against three alternatives.

Limited Spots Available

Get a Free
Automation Audit

Stop leaving revenue on the table. Get a custom roadmap to automate your growth.

Secure & Confidential

Continue reading

All articles
Guide

WhatsApp BSP Procurement 2026: RFP Scorecard & Exit Clauses

Buyer-side methodology for enterprise WhatsApp BSP procurement in India 2026 — because most BSP regret is manufactured at signing time, not discovered later. Includes an 8-criteria weighted RFP scorecard (pricing transparency 20%, exit rights 15%, DPDP posture 15%, SLA, throughput, onboarding, roadmap, stability), the four pricing-forensics questions that expose hidden per-message markup (illustrative: ₹0.15–0.40/msg buried in a bundled rate is ₹90k–₹2.4L a year at 50k msgs/mo), a DPDP processor-clause checklist (purpose limitation, sub-processors, breach SLA, deletion on exit, audit rights), a two-week instrumented PoC design, a contract red-flag vs safe-clause table (auto-renew traps, volume commits, fair-use asterisks, IP grabs, consent-ledger hostage-taking), exit-clause drafting for data/template/number portability, and a 5-stage lifecycle for running the whole procurement on WhatsApp itself. Plus how RichAutomate answers the same scorecard — ₹0 platform fee, Client Pay ₹0.10/msg with Meta billed direct and zero markup, SaaS Pay ₹1.20/₹0.30 all-in, exportable data, no lock-in — and when an enterprise should honestly pick a global CPaaS instead.

Read article
Guide

WhatsApp Business API Cost India 2026: 10 Questions Answered

The 10 questions Indian buyers ask before going live on WhatsApp Business API: cost, is it free, green tick, setup time, DPDP and the cheapest option.

Read article
Guide

WhatsApp for Facility Management & Security India 2026

A practical guide to running the facility-management, housekeeping and security-services lifecycle on WhatsApp for Indian FM businesses in 2026 — client onboarding and site setup, daily attendance and shift roster, guard and housekeeping check-in with geo-tagged photo proof, complaint and ticket logging with SLA escalation, supervisor rounds and incident reporting, the monthly client report, invoice and payment reminder, and contract renewal plus manpower-request campaigns. Explains why FM is people-heavy, SLA-driven and multi-site so WhatsApp geo-tagged check-ins, photo-proof rounds and SLA-tracked tickets are a natural fit in a fragmented unorganised market. Covers the carve-out that staff Aadhaar and attendance data plus client-site security data over WhatsApp are sensitive personal data, so DPDP minimisation, consent, access control and retention limits apply. All PSARA licensing, ESI/PF, minimum-wage, contract-labour and GST specifics are hedged "verify as of 2026". RichAutomate pricing exact: Rs 0 platform/setup/monthly, Client Pay Rs 0.10 per message with Meta billed direct, SaaS Pay Rs 1.20 marketing / Rs 0.30 utility, 14-day free trial plus 100 credits. Numbers illustrative.

Read article
Guide

WhatsApp for Pest Control Operators India 2026: CIB&RC Ready

Pest control is a licence-and-proof business — CIB&RC-registered chemicals under the Insecticides Act, state operator licences, and restaurant clients who need your service records for their own FSSAI audits — yet most operators still run bookings on a personal number with no service trail. This India 2026 playbook for pest-control operators covers the regulator stack (Insecticides Act 1968 and CIB&RC registration, state licensing for commercial operations, FSSAI record requirements, label-claim discipline — all hedged, verify current rules), market direction (hygiene awareness, compliance pull, AMC economics), the 5-stage WhatsApp lifecycle — enquiry and inspection booking, quote with chemical disclosure, service-day coordination with prep instructions, post-service photo proof and service-card PDFs, AMC renewals and seasonal campaigns (monsoon termites, winter rodents) — the FSSAI-audit evidence angle that wins B2B contracts, DPDP handling of household data and society/RWA lists, the RichAutomate automation stack, illustrative cost math for a 300-AMC portfolio, honest limits (chemical advice never automated), and safety copy rules: never claim a treatment is 100% safe.

Read article
Guide

WhatsApp for Audiology & Hearing Care Clinics India 2026

Hearing care has India's longest patient journey — screening camp to audiometry to device trial to lifelong service — and most clinics lose the patient between every step. This India 2026 playbook for audiology clinics, hearing-aid dispensing chains and ENT-attached hearing centres covers the regulator stack (RCI registration, CDSCO medical-device rules for hearing aids, state Clinical Establishments Acts, GST device-vs-service split, ADIP subsidy scheme — all hedged, verify current rules), the market direction (ageing India, noise-induced hearing loss, low aid penetration), the 5-stage WhatsApp lifecycle — camp booking and lead capture, audiometry plus report PDF delivery, trial-to-purchase nudge sequences with EMI/insurance info, post-fitting battery/filter/AMC reminders, annual re-test and family-screening referrals — the audiometry-to-trial drop-off funnel with structured utility follow-ups, DPDP health-data consent and family-member data, the RichAutomate stack (flows, quick replies, recall campaigns, multi-branch routing), illustrative cost math for a 500-patient base, honest limits (clinical advice never automated), and ASCI-safe marketing with zero cure claims.

Read article
Guide

WhatsApp Conversation Design System & Microcopy India 2026

Brands have design systems for pixels but not for sentences — yet on WhatsApp the sentence is the interface. This methodology guide for marketing/CX leads and agencies running WhatsApp at scale (10+ templates, multiple bots, multiple writers) builds the conversation design system: why copy breaks at scale (voice drift, factual contradictions, claim risk, orphan error copy), the six core artefacts — tone-of-voice charter with do/don't pairs, Hinglish/vernacular style guide (script per segment, aap/tum policy, locked transliteration glossary), message-length and verb-first ≤20-char button standards, emoji policy, single fact sheet — the five error/fallback messages everyone forgets to design (didn't-understand, agent-offline, window-expired, payment-failed, opt-out confirm) with example copy, ASCI-safe claim rules (superlative substantiation, banned-words list, offer disclosure pattern), DPDP-safe variable governance with green/mask-only/red lists and last-4 masking, localisation QA via glossary + back-translation + native-speaker gates, a risk-tiered review-gate matrix with template change log and rollback rule, copy KPIs (reply rate and opt-out rate per template family), and a one-page style-guide starter skeleton you can copy today.

Read article