The short answer. Most WhatsApp BSP contracts are signed after a demo and a pricing PDF — and the expensive terms hide in neither. This is the 12-clause red-flag checklist Indian buyers should run before signing any BSP agreement: lock-in mechanics, markup escalators, data-export rights, WABA ownership, SLA teeth and exit maths. Print it, take it into the negotiation, and ask every vendor the "what to ask instead" question under each flag. General guidance, not legal advice — have counsel read the final paper.
Context that makes this urgent: switching BSPs later is possible (the number migrates), but templates re-approve, integrations rebuild and campaigns pause. The cheapest exit is the clause you negotiated before signing. Companion reads: the full RFP scorecard and 23 hidden BSP costs.
Commercial red flags
1. Annual-only billing with no monthly option
Why it hurts: you discover product-fit problems in month 2 and pay for 12. Ask instead: "Give me quarterly billing for the first year, annual after." A vendor confident in retention will take that trade.
2. Per-message markup that can change without consent
The clause: "rates subject to revision in line with Meta pricing changes." Sounds fair — but check whether the vendor's own margin can move under the same sentence. Ask instead: markup expressed as a fixed ₹/message or fixed %, changeable only with 30-day notice + exit right.
3. Per-seat fees with silent escalation
Why it hurts: agent seats added mid-cycle at list price turn a ₹2,499 plan into ₹8k+ real spend (the pattern buyers report across review sites). Ask instead: seat price locked for the term, in writing, including added seats.
4. "Free" onboarding with a clawback
The clause: onboarding/setup fee waived, billed back if you exit before N months. Legitimate if disclosed — a lock-in if buried. Ask instead: the clawback amount and trigger, in a named line item.
Control red flags
5. WABA created under the vendor's Business Manager
The single most expensive mistake in this market. If your WhatsApp Business Account lives in the BSP's Business Manager, "your" number, quality rating and green-tick history are theirs to hold in a dispute. Ask instead: WABA created under your Business Manager (Embedded Signup does this by default on clean setups); confirm in writing you hold admin.
6. Template library ownership ambiguity
Why it hurts: months of approved templates and their performance history don't export; a hostile exit means rebuilding from screenshots. Ask instead: contractual right to a full template export (name, category, language, body, status) on request.
Get a 1-minute BSP audit on WhatsApp
Drop your WhatsApp number — we line-item your current invoice against Meta India rates in under 60 seconds. India-hosted, DPDP-compliant.
7. No contact/consent-ledger export right
Why it hurts: your opt-in records are your DPDP evidence and your remarketing asset. Some platforms export contacts but not consent timestamps. Ask instead: full export of contacts + opt-in source + timestamp in CSV, self-serve, no fee.
8. API keys and webhooks locked to "enterprise" tiers
Why it hurts: the day you need to integrate a CRM, you learn integration is a paid unlock. Ask instead: webhook + API access confirmed on your tier before signing — see the glossary on webhooks.
Legal & data red flags
9. Processor obligations missing (DPDP)
Why it hurts: under DPDP you remain the data fiduciary; if the contract has no processing terms, breach-notification duties, sub-processor list or deletion commitments, the regulatory exposure is yours alone. Ask instead: a data-processing addendum covering purpose limitation, breach notice timelines, deletion on exit. Checklist: DPDP compliance guide.
10. SLA without credits
The clause: "99.9% uptime target" with no remedy defined. A target without credits is a poster, not an SLA. Ask instead: service credits per breach band, and a termination right after repeated breaches.
11. Unilateral suspension without cure period
Why it hurts: vague "policy violation" clauses let a vendor freeze your number mid-festival-season with no warning. Meta enforcement is real and nobody can shield you from it — but the vendor's own suspension powers should require notice + a cure window except for clear illegality.
Exit red flags
12. Migration non-cooperation
Why it hurts: WABA migration needs the losing vendor to not obstruct (releasing the number, confirming ownership). Silence in the contract = leverage for them at exit. Ask instead: an explicit exit-cooperation clause: vendor completes migration steps within N business days of notice, data exports delivered before final invoice. Full process: the BSP migration guide.
The 60-second pre-signature test
Ask the vendor these five, in writing: 1. "Is the WABA under my Business Manager?" 2. "What exactly can I export, and when?" 3. "Can your margin change during my term?" 4. "What credits do I get when your SLA breaks?" 5. "Describe your role in my exit migration." A good vendor answers all five in one email. Evasion on any one is your answer.
Where RichAutomate stands on each
Fair disclosure since we are a vendor in this market: ₹0 platform fee (no annual lock-in to escape), WABA under your Business Manager, INR + GST billing, flat per-message pricing (Client Pay ~₹0.10/msg + Meta direct), contact/consent export self-serve, and no exit clawbacks. Judge us by the same five questions — start the 14-day trial (100 credits, no card) or compare everyone's structure in the 18-BSP pricing index.
Negotiating a BSP contract this quarter? Bring the checklist to a free 30-min call — we will go clause by clause, even if you sign elsewhere. Or WhatsApp us at +91 74349 01027. See pricing.