Platform
Chatbot Builder Bulk Messaging Team Inbox Mini CRM API & Webhooks AI Integration WhatsApp Flows
Industries
E-commerce & D2C Real Estate Education Healthcare Finance & BFSI Logistics Hospitality Retail
Integrations Compare Pricing About Contact Start Free Trial →
HomeLearn › WhatsApp Opt-In Compliance for India
WhatsApp Business API · Compliance

WhatsApp Opt-In Compliance for India
Consent Rules & Best Practices 2025

Sending WhatsApp messages to anyone without explicit opt-in consent violates WhatsApp's Business Policy, India's DPDP Act 2023, and TRAI regulations simultaneously. This guide explains exactly what consent you need, how to collect it correctly, and how to manage opt-outs — for every type of WhatsApp communication.

Get Started on WA.Expert → ← All Guides
Legal framework

Opt-in rules for WhatsApp in India — 2025

Three frameworks govern WhatsApp opt-in consent for Indian businesses. You must comply with all three simultaneously.

FrameworkKey requirementApplies to
WhatsApp Business PolicyExplicit opt-in before sending any business-initiated message. Opt-in must mention WhatsApp specifically (not just "digital communication").All businesses using WhatsApp API
DPDP Act 2023Explicit, informed, specific consent for each purpose. Right to withdraw consent at any time. Must state: what data is collected, why, and by whom.All businesses processing Indian citizens' personal data
TRAI RegulationsTelemarketing registrations required. NDNC (Do Not Disturb) database compliance. Cannot send commercial communications to DND-registered numbers.Commercial/marketing communications via any digital channel

⚠️ WhatsApp opt-in alone is not sufficient for marketing messages. Under DPDP Act 2023, you must also have documented consent for the specific marketing purpose, not just a general "receive messages" opt-in. Best practice: separate checkboxes for transactional and marketing communications.

How to collect opt-in

6 approved opt-in methods for Indian businesses

✅ Website checkout checkbox

At checkout: "☐ I agree to receive order updates and offers on WhatsApp." Two separate checkboxes for transactional vs marketing is best practice. Pre-ticked checkboxes are not valid consent under DPDP.

✅ Click-to-WhatsApp ad

When a user clicks a Meta WhatsApp ad and sends a message — this constitutes implied consent for transactional communication. For marketing, collect explicit opt-in during the first conversation via a WhatsApp Flow.

✅ In-store / physical form

"I consent to receive WhatsApp updates from [Brand]" with mobile number field. Date and location recorded. Most compliant method — signed physical evidence of consent.

✅ WhatsApp keyword opt-in

Customer messages "JOIN" or "YES" to your number. WA.Expert records the opt-in with timestamp. Used widely in retail: "Send 'DEALS' to 9XXXXXXXXX to get our weekly WhatsApp offers."

✅ WhatsApp Flow opt-in

During first WhatsApp interaction: Flow screen with clear "Yes, I'd like to receive [types of messages] from [brand]" toggle. Separate toggles for transactional and promotional. Data saved to WA.Expert CRM.

✅ Post-registration SMS/email

"Reply YES to receive WhatsApp updates from [Brand]" — sent after account creation. Double opt-in method. Higher quality consent, lower volume — used for premium / financial services.

Opt-out requirements

Unsubscribe — what you must do when someone opts out

WhatsApp's Business Policy and DPDP Act both require you to honour opt-out requests promptly. Here's what that means in practice:

What counts as an opt-out request

  • Replying "STOP", "Unsubscribe", "Remove me"
  • Blocking your number on WhatsApp
  • Reporting your messages as spam
  • Verbally requesting removal in any message

What you must do within 24 hours

  • Remove from all marketing broadcast lists
  • Stop all automated message sequences
  • Record unsubscribe with timestamp in CRM
  • You may still send transactional messages (order updates) unless they explicitly say "no all messages"

💡 WA.Expert automatically detects STOP and common opt-out keywords in any language, marks the contact as unsubscribed, and excludes them from future broadcasts. No manual intervention needed.

FAQ

Common questions

Is a pre-ticked WhatsApp opt-in checkbox on a website valid in India?
No — under DPDP Act 2023, consent must be 'freely given, specific, informed, and unambiguous.' A pre-ticked checkbox does not meet this standard because the customer didn't actively choose it. Use unchecked checkboxes with clear labels. Courts in India have aligned with EU GDPR standards on this point.
Do I need separate consent for transactional and marketing WhatsApp messages?
Best practice under DPDP Act: separate consent for each purpose. Transactional (order updates, appointment reminders): one checkbox. Marketing (offers, new products): separate checkbox. A customer may consent to transactional but opt out of marketing. Mixing them under a single consent creates compliance risk.
What records must I keep of WhatsApp opt-in consent?
For each opted-in contact: mobile number, consent timestamp, consent source (website/app/in-store/keyword), specific consent given (transactional/marketing), and any opt-out timestamp. WA.Expert CRM stores this automatically for every contact. Export quarterly for your records. DPDP Act does not specify a minimum retention period, but 3 years is standard practice.
Can I send WhatsApp messages to a customer who gave me their number but didn't opt in to WhatsApp specifically?
No — under WhatsApp's Business Policy, opt-in must specifically mention WhatsApp. 'I agree to receive communications digitally' is not sufficient. If you have phone numbers without WhatsApp-specific consent, collect fresh consent via an SMS or email opt-in campaign before messaging them on WhatsApp.

WhatsApp Marketing Opt-In Guide

Build a compliant opted-in list — templates, methods, best practices.

Read →

WhatsApp Account Banned Recovery

Account restricted for sending without consent — recovery guide.

Read →

WhatsApp for India

India-specific WhatsApp strategy — DPDP, TRAI, RBI compliance.

Read →

Manage opt-in and opt-out compliance automatically on WA.Expert

WA.Expert records every consent, detects STOP keywords, and auto-excludes unsubscribed contacts from broadcasts.

Start Free Trial → Talk to an Expert