send via .chat
Sign in Sign up
Back to home

GDPR

GDPR Information

Last updated May 22, 2026

This page summarizes how send via .chat approaches GDPR roles, rights, security, processors, and data transfers for customers, recipients, and website visitors.

1. Roles

send via .chat generally acts as an independent controller for its own website, contact, account, billing, security, analytics, and support activity. For recipient and message data that customers send through the API or dashboard, send via .chat generally acts as processor and the customer acts as controller.

2. Processing Instructions

Customers instruct send via .chat to receive message requests, process recipient destinations, render transactional message content, send delivery work to configured providers, retry or fail delivery attempts, record logs, and make status information available in the dashboard.

3. Categories of Data Subjects

  • Customer users and team members.
  • Recipients who receive authentication or contact-alert messages.
  • Developers using send via .chat API keys and webhooks.
  • Website visitors and people who submit the contact form.

4. Categories of Personal Data

  • Identity and contact data, including names, email addresses, phone numbers, and submitted contact messages.
  • Messaging data, including recipient phone numbers or chat identifiers, message content, template variables, delivery status, provider responses, and logs.
  • Authentication, session, API key, security, support, and audit data.
  • Billing, quota, subscription, and payment-provider reference data.
  • Cookie consent and optional Google Analytics data for public pages.

5. Subprocessors

send via .chat uses subprocessors and third-party providers to operate the service. These may include hosting, database, storage, email, monitoring, security, captcha, payment, analytics, WhatsApp, Telegram, and SMS providers. We require providers to protect personal data in a way that fits their role and the nature of the processing.

6. Security Measures

  • Signed sessions, CSRF protection, rate limiting, and secure browser headers.
  • Scoped API keys and account access controls for dashboard areas.
  • Captcha protection for public contact flows.
  • Operational logging, retry controls, and monitored work queues.
  • Delivery logs and provider responses designed for audit and troubleshooting.
  • Credential rotation expectations for customers and internal operational controls.

7. International Transfers

If personal data is transferred outside the EEA, we rely on appropriate transfer safeguards such as adequacy decisions, Standard Contractual Clauses, or equivalent mechanisms offered by the relevant provider.

8. Assistance With Rights Requests

When send via .chat acts as processor, we help customers respond to valid data subject requests where reasonably possible and where the request relates to data processed through send via .chat . Recipients should usually contact the customer who sent the message first.

9. Deletion and Return

On account closure or written request, we delete or return personal data where technically and legally possible. Some billing, security, dispute, delivery, abuse-prevention, and audit records may need to be retained for legally required or legitimate operational periods.

10. Contact

GDPR questions can be sent through our contact form .