Security

Security & Compliance

We keep Zana safe by protecting your data, limiting abuse, and helping businesses use connected messaging accounts responsibly.

WhatsApp — Safe Account Usage

Zana is built for customer-initiated conversations and helpful replies. It must not be used for unsolicited outreach or spam.

Connecting a WhatsApp account through Zana works best when you follow these guidelines. They reflect how WhatsApp monitors automated usage and what keeps your number safe.

📱
Use accounts with real history

Avoid connecting brand-new WhatsApp numbers created solely for automation. Numbers with existing conversation history from real usage are significantly less likely to be flagged. If you must use a newer number, start with low activity and build up gradually over several days with only a few active chats. Fresh accounts used aggressively can be restricted after only a small number of new conversations.

💬
Design for conversation, not broadcast

Zana's AI responses are designed to encourage replies. Messages that feel like a real back-and-forth — asking a follow-up question, offering to help further — are treated differently by WhatsApp than one-way broadcast messages. This is the right way to use Zana and how it protects your number.

⏱️
Realistic reply timing

Zana introduces natural delays between messages to avoid instant robotic-looking responses. We recommend not pushing AI settings toward instant bulk replies. Messages sent with intervals shorter than 10–20 seconds in rapid succession can be flagged as automated behaviour by WhatsApp's detection systems. Our minimum is 15 seconds.

🚫
New chat limits

WhatsApp monitors how many new conversations are initiated — especially outbound ones with no response. Zana is designed to reply to inbound messages, not initiate cold outreach. If your account starts many new conversations that receive no reply or are marked as spam, WhatsApp may temporarily restrict it. Stay within inbound-only usage for the best protection.

🔄
Reconnection and message history

When you reconnect a WhatsApp account after a disconnection, Zana will receive messages that arrived during the offline period and can catch up on those conversations. New connections will not receive old message history from before the initial connection.

Instagram — Safe Account Usage

Instagram DM automation is available on Growth and Agency plans via a secure connection provider. The following guidelines apply to keep your account in good standing with Instagram's systems.

📊
Stay within safe daily limits

To avoid detection of unusual activity, keep each Instagram account to a maximum of 100 automation-assisted actions per day and no more than 10 actions per hour, especially for outreach, follows, likes, and comments. Replying to inbound messages from customers is treated differently and is generally safe at higher volumes, similar to normal use of the Instagram app.

🌱
Warm up new or inactive accounts

For accounts that are new or have been inactive for a significant period, begin with lower activity levels and gradually increase them over time. This gradual build-up mimics natural behaviour and reduces the likelihood of Instagram flagging your account for review.

🎲
Space out actions naturally

To emulate human behaviour, Zana spaces out automated responses rather than executing them at exactly regular intervals. Distributing activity across different time slots during working hours creates a more natural usage pattern that is harder for Instagram's systems to classify as automated.

⚠️
If you see an Instagram warning

Instagram may occasionally display a message such as: "We suspect automated behaviour on your account" or prompt you to confirm you are following their Terms of Use. Based on observed patterns, accounts that receive this warning and continue using our connection as normal have not experienced additional restrictions. However, you should always ensure you are using Zana only for the permitted use cases described in our Terms of Service.

🔄
Reconnection and message history

You will not receive webhooks for old messages upon first connecting an Instagram account. However, if you reconnect after a disconnection, Zana will receive messages that arrived during the disconnection period so you don't miss any customer enquiries.

Connected Account Safety

When you connect a business messaging account, Zana helps you reply faster, recommend the right products or services, capture sales opportunities, and hand off to a human when a conversation needs personal attention.

  • You connect accounts from your dashboard without sharing passwords with our team
  • Account access data is stored securely and isolated per connected account
  • If an account needs attention, Zana notifies you and shows a reconnect action
  • Platform rules and availability can change, so responsible usage is required

Data Security

  • Data is protected in transit using HTTPS/TLS
  • Production infrastructure uses cloud servers, private object storage, and managed service providers selected for reliability and security
  • Connected account credentials are isolated per account — no cross-account access is possible
  • Uploaded documents, images, KYC files, and exports are stored privately and access-controlled
  • KYC documents are restricted to authorised verification staff only
  • We do not share or sell your data to third parties

Business Verification

Every Zana user must complete KYC verification before connecting any account. This protects the platform from being used for spam and protects legitimate businesses from being associated with bad actors.

  • Government-issued ID required for all users
  • CAC document required for registered businesses
  • Manual review within 24 hours
  • Accounts found to be violating terms are suspended and reported

Anti-Spam Controls

Zana has built-in controls to prevent abuse:

  • AI only responds to messages where the customer sent the first message
  • Rate limiting prevents abnormally high outbound message volume
  • Accounts showing mass outbound activity patterns are automatically suspended and reviewed
  • Suspended provider accounts may be blocked from reconnecting to prevent repeated abuse

AI and Data Boundaries

Zana uses AI to help businesses respond to customers, recommend products or services, summarise conversations, capture leads, and identify sales opportunities. AI output can be imperfect, so business owners remain responsible for reviewing their AI settings, business profile, prices, payment instructions, and customer commitments.

  • AI uses only the account's business profile, FAQs, knowledge base, and conversation context needed to reply
  • Knowledge documents are transformed into private searchable indexes for that account only
  • When attachment content is not available, the AI is instructed not to pretend it can see or read the file

Reporting a Security Issue

If you discover a security vulnerability, please report it responsibly to [email protected]. We will respond within 48 hours and credit responsible disclosures.

Quick summary

  • Private uploads and access controls
  • HTTPS/TLS in transit
  • KYC verification required for all users
  • Anti-spam rate limiting
  • Account access isolated per business
  • Inbound customer messages only
  • Use accounts with real history
  • Instagram: max 100 actions/day

WhatsApp guidelines

  • Use accounts with existing history
  • Reply to inbound messages only
  • Natural reply delays applied
  • Avoid high new chat creation rates

Questions?

Not sure if Zana is right for your use case? Ask us directly.

Contact us