Yes. Governed conversations and groups run on WhatsApp's official business service, on a number we operate for your organisation under our own Meta Business account, branded in your organisation's name. Members know the channel is governed and are told so in wording we supply. That is fully within WhatsApp's terms and meets GDPR transparency requirements. We do not tap, scrape or covertly join anyone's existing personal groups, which is neither possible nor permitted.

In a governed conversation, your organisation's own WhatsApp number is a legitimate participant, so messages are delivered to it by WhatsApp itself rather than intercepted off anyone's device. From there each message is archived into your own Microsoft 365, under your retention, legal holds and access rules. We do not run a modified version of WhatsApp and we do not claim "zero knowledge", because governance and zero knowledge are mutually exclusive. Any vendor promising both is misrepresenting how this works.

Same day, once your Global Admin runs the one-click install – that is what starts the clock. From that moment the build provisions your client-branded number, your archive in your own Microsoft 365 and the message routing automatically, and capture starts within minutes. Your message templates are already approved, and relay groups and one-to-one bridges work from day one – no Official Business badge, no waiting. The one Meta step, a quick check of your branded display name, does not hold up capture. Your certified compliance evidence pack – Purview retention and an eDiscovery hold – settles within about a week as Microsoft applies it in the background. Your side of it is the one-click admin install and approving the member wording.

You talk, mostly. Bring the scenario that worries you – the group nobody admits to, the leaver with two years of messages on their phone, the SAR you'd dread. We map your exposure against the rules that apply to you, show you the product only where it's relevant, and send you a one-page summary written for trustees. There is nothing to prepare and nothing to pass, and if we're not the fit we'll say so on the call.

There is no hard size cap, because group conversations run as relay groups: members message your organisation's branded number, and every message is passed on to everyone else, labelled with the sender's name. A committee of six, a board of fifteen or a whole home runs as one governed relay group, from day one – no Official Business badge, no waiting. One-to-one conversations run instead as a private bridge: a family messages your number and reaches your office in Microsoft Teams, never broadcast to anyone else – the safeguarding default. Anyone promising fifty-person ordinary WhatsApp groups on a business number is describing something Meta does not offer, which is exactly why we relay.

Yes, and we provide the templates. Transparency is a GDPR requirement and an ethical one. We supply notification copy for staff, for relatives joining governed groups, and for your trustee board. In practice, almost everyone is reassured rather than alarmed.

No, and any tool that claims to is either misleading you or breaking WhatsApp's terms. WhatsApp only allows governance of groups created on your business number, so the model is to migrate activity into governed groups going forward and make that the way your organisation uses WhatsApp. We give you the rollout plan, the member invites, and the staff and trustee policy templates to make the switch stick.

That is a policy and culture problem, and we treat it as one. Governed groups become the only approved channel, backed by a safeguarding-grounded policy your trustees can stand behind. On charity-issued phones, your IT settings can enforce it – though, as the Intune question below explains, those settings enforce the policy without capturing the messages. The lever is making the governed channel the easy, expected default, not pretending we can secretly read private phones.

Not for the record, no. Mobile device management secures the handset – it can enforce a passcode, separate work from personal, push or remove the app, and wipe a lost or returned phone. What it cannot do is see inside the conversation: WhatsApp's messages stay in its end-to-end-encrypted store, which MDM has no way to read, export or retain. So a managed phone still leaves the actual messages unsearchable and unproducible – and a remote wipe, the very thing MDM is for, destroys the record rather than preserving it. The only sanctioned way to capture WhatsApp content for retention, Subject Access Requests and eDiscovery is the official WhatsApp Business API – exactly what we run, archiving every message into your own Microsoft 365. The two are complementary: use MDM to make the governed channel the default on issued phones, and let the Business API keep the record.

We do, on your behalf. We run a dedicated WhatsApp Business number for you under our own Meta Business account, branded in your organisation's name – the name your contacts see – and the set-up is done for you, included on every annual plan. What you own is the part that matters for compliance: the record. Every message lands in your own Microsoft 365, and we never hold a copy. Because the traffic is conversation rather than marketing, most messages are free at Meta's end, and the occasional chargeable one is included in your plan – there is no per-message billing, from us or passed through. If you ever leave, your archive was always yours; we will help you re-establish your branded number on your own WhatsApp Business account where Meta and your telephony provider allow, or release it.

Yes. Anywhere WhatsApp has become operationally important, governance becomes operationally important. Fundraising teams, volunteer coordinators, safeguarding leads and trustee chats are all in scope. You pay a flat price per tier regardless of how many staff use it, and participants are always free, so widening the use case never widens the bill.

You take everything that matters with you – and the archive itself already lives in your own Microsoft 365, so the records were never ours to withhold. To be equally clear about what stops: capture, relays, the Teams Inbox and the admin portal end with the subscription. Every message archived to that day stays yours, in your own Microsoft 365. The branded number we run for you: we will either help you re-establish it on your own WhatsApp Business account, where Meta and your telephony provider allow, or release and deregister it. The little we do hold – account records, configuration – is exported to you in open formats within fourteen days, its deletion confirmed in writing, and we help you rotate any credentials we ever handled. There are no exit fees. Founding terms are exactly as the offer states: half price for two years, then today's list price locked for life – never the price we charge new customers later. On Governance that's £2,990 a year for two years, £5,990 a year from year three, while the list price for everyone else moves on without you. We intend to earn the renewal, not enforce it.

Less than you'd fear, because we arranged it that way. Your archive is captured into your own Microsoft 365, where the lasting record rests, with no lasting copy on our side – we cannot read your messages, so neither can anyone who breaks into us. What our systems do hold is the unglamorous layer: account records, configuration, billing. We guard that to the standards in the security section, and if it were ever compromised we would tell you within the timescales UK GDPR sets, in plain English. In May 2025, an archiving vendor that kept readable copies of clients' WhatsApp and Signal messages on its own servers was breached, the messages reportedly extracted in well under half an hour. We keep no such copy, so we have no such morning ahead of us. When you compare vendors, put this exact question to each of them – and ask where the copy lives.