Privacy Policy & GDPR

Privacy Policy

 

Last Updated April 1st, 2020

1. Introduction

This Privacy Policy is designed to help you understand what information we collect at Respond.io (a product of Rocketbots Limited), how we use it, and what choices you have.

Some key terms are defined as follows, and throughout this document:

  1. Rocketbots Limited (“Respond.io”, “Rocketbots”, “we”, “us”, or “our”) is the company that collects and processes Personal Data for the purposes described in this Policy
  2. Personal Data is any information relating to an identified or identifiable natural person (“Data Subject”)
  3. Customer is a legal entity with whom Rocketbots has an agreement to provide the Services

2. About Rocketbots

Rocketbots provides a “Conversation Cloud” that allows our Customers to store, manipulate, analyze and transfer messages between their business systems and their customers on a variety of Rocketbots-provided and third party messaging channels (the “Service”).

Rocketbots is committed to the protection of Personal Data, including data that we use for our own purposes, and that we maintain on behalf of our Customers.

3. Collection and Use of Personal Data

Rocketbots collects information, including Personal Data, for the following purposes:

  1. Providing and managing the Service
  2. Internal business purposes
    1. Communicating with you and marketing
    2. Recruiting and managing personnel
  • Collecting payment for the Service
  1. To understand and improve our Service and Website

This Policy is not intended to place any limits on what we do with data that is aggregated and/or de-identified so it is no longer associated with an identifiable individual (Data Subject) or Customer of the Services.

Rocketbots Services are not directed to children under 16. If you learn that a child under 16 has provided us with Personal Data without consent, please contact us.

Providing and managing the Service

In the course of providing the Service, Rocketbots may receive, access, analyze, process and maintain Personal Data on behalf of our Customers.

Our Customers determine the types of Personal Data that will be collected and used within the Service, how it will be used and disclosed, and how long it will be stored. For any questions related to how your Personal Data is used by our Customers, please contact them directly.

  1. Service Datais the information that is processed on behalf of our Customers during provision of the Service.
    1. Rocketbots’s privacy practices related to Service Data are not covered by this Privacy Policy. They are detailed in the Rocketbots Service Data Privacy Statement, or the applicable agreement relating to your access to and use of the Service.
  2. Account Information, including contact information, user profile information, and information about your payment method, is collected from you when you register or authenticate into our Service and is used to manage payment for the Service, enable us to provide support, and facilitate communication.
    1. Rocketbots’s privacy practices related to Account Information are detailed below and throughout this Privacy Policy.
  3. Service Usage Informationis collected, including information about how you are accessing and using the Service. We use this information to understand and improve our Services, and to investigate and prevent security issues, abuse, fraud.
    1. Rocketbots’s privacy practices related to Service Usage Information are detailed below and throughout this Privacy Policy.

Internal Business Purposes

Rocketbots collects the following information from you through our Website, social media, and other channels for the following purposes:

Communicating with you and marketing

  1. Responding to your request for a product demo:When you request a free demo, we may collect your first and last name, job title, business email address, and information about your company. We use this information to contact you and otherwise facilitate your free demo.
  2. Responding to your inquiries:When you contact us with a comment, question or complaint, you may be asked for information that identifies you, such as your name, address and a telephone number, along with additional information we need to help us promptly answer your question or respond to your comment. We may retain this information to assist you in the future and to improve our customer service and service offerings (including the Service and Website).
  3. Informing you about products and services.We may use your contact information for our own marketing or advertising purposes. We do not sell or rent your Personal Data to third parties. You can opt out of these at any time by following the steps outlined below.

Recruiting and managing personnel

  1. Processing your job application.If you apply for a job at Rocketbots, you may provide us with certain Personal Data about yourself, such as information contained in a resume, cover letter, or similar employment-related materials. We use this information for the purpose of processing and responding to your application for current and future career opportunities.
  2. Managing employees and contractors.If you join the Rocketbots team as an employee or contractor, we will use the information you provided, as well as information we create about you, for human resources purposes including verifying your eligibility and qualifications, performance management, to provide compensation and benefits, investigate incidents, and otherwise facilitate the relationship.

Collecting payment for the Service

  1. Collecting payment.For Customers that purchase a paid version of our Service, we collect and process information about how you use the Service, and your Account Information (including contact information, user profile information, and information about your payment method) for the purpose of billing you.

To Understand and Improve our Services and Website

  1. Understanding how you use the Service.Service Usage Information is collected, including information about how you are accessing and using the Service. We use this information to understand and improve our Services, and to investigate and prevent security issues, abuse, fraud.
  2. Visiting our Website.We collect the IP (Internet protocol) addresses of all visitors to our Website and other related information such as page requests, browser type, operating system and average time spent on our Website. We use this information to help us understand our Website activity, and to monitor and improve our Website. In addition to the information described above, our Website uses Cookies. Please refer to the Cookie Policy below for additional details.
  3. Third Party Links.Our Website may contain links to other websites that Rocketbots does not own or operate. We provide links to third party websites as a convenience to the user. These links are not intended as an endorsement of or referral to the linked websites. The linked websites have separate and independent privacy policies, notices and terms of use. We do not have any control over such websites, and therefore we have no responsibility or liability for the manner in which the organizations that operate such linked websites may collect, use or disclose, secure and otherwise treat Personal Data. We encourage you to read the privacy policy of every website you visit.

4. Disclosure of your Personal Data

As a matter of practice, Rocketbots does not disclose, trade, rent, sell or otherwise transfer Personal Data, except as set out in this policy.

We may transfer or disclose Personal Data as follows:

  1. Service Provider Arrangements.We may transfer (or otherwise make available) Personal Data to third parties who process it on our behalf for the purposes noted above. These third parties may access, process or store personal data in the course of providing these services, but based on our instructions only.
    1. As of the date hereof, these third party providers include technical operations such as database monitoring, data storage and hosting services and customer support software tools.
  2. Changes to our Business Structure.Rocketbots may share or disclose data if we engage in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of Rocketbots’s assets, financing, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence).
  3. Compliance with Laws.Rocketbots and our Canadian, US, and other Service Providers may share or disclose Personal Data to comply with legal or regulatory requirements and to respond to lawful requests, court orders and legal process.
  4. Enforcing Our Rights, Preventing Fraud, and Safety.Rocketbots may share or disclose data to protect and defend the rights, property, or safety of us or third parties, including enforcing contracts or policies, or in connection with investigation and preventing fraud.

5. Your Rights

Access and Correction of Personal Data

If we receive a request from an individual to access or update Personal Data we have collected on behalf of a particular Customer, we will direct that individual to the relevant Customer. We will assist our Customers wherever possible in responding to individual access requests.

If you submit Personal Data via our Website or otherwise provide us with your Personal Data, you may request access, updating or correction of your Personal Data by submitting a written request to us. We may request certain Personal Data for the purposes of verifying your identity.

6. How We Protect Personal Data

Rocketbots takes security seriously. We take various steps to protect information you provide to us from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the information we collect, process and store, and the current state of technology.

To learn more about current practices and policies regarding security and confidentiality of Personal Data and other information, please see our Security Practices; we keep that document updated as these practices evolve over time.

7. Cookie Policy

Rocketbots uses cookies and similar technologies like single-pixel gifs and web beacons, to record log data. We use both session-based and persistent cookies.

Cookies are small text files sent by us to your computer and from your computer or mobile device to us each time you visit our website or use our desktop application. They are unique to your account or your browser. Session-based cookies last only while your browser is open and are automatically deleted when you close your browser. Persistent cookies last until you or your browser delete them or until they expire.

Some cookies are associated with your account and Personal Data in order to remember that you are logged in and which parts of the Service or Website you are logged into. Other cookies are not tied to your account but are unique and allow us to carry out site analytics and customization, among other similar things. If you access the Services through your browser, you can manage your cookie settings there but if you disable some or all cookies you may not be able to use the Services.

Rocketbots sets and accesses our own cookies on the domains operated by Rocketbots and its affiliates. In addition, we use third parties like Google Analytics for website analytics. You may opt-out of third party cookies from Google Analytics on its website. We do not currently recognize or respond to browser-initiated Do Not Track signals as there is no consistent industry standard for compliance.

8. Changes to this Privacy Policy

This Privacy Policy may be updated periodically to reflect changes to our Personal Data handling practices. The revised Privacy Policy will be posted on the Website. If you continue to use the Service or the Website after the changes are in effect, you agree to the revised Notice.

We strongly encourage you to please refer to this Privacy Policy often for the latest information about our Personal Data handling practices.

9. Contact Us

Please contact Rocketbots if:

  1. you have any questions or comments about this Privacy Policy;
  2. you wish to access, update, and/or correct inaccuracies in your Personal Data; or
  3. you otherwise have a question or complaint about the manner in which we or our service providers treat your Personal Data.

You can reach the Chief Privacy Officer by emailing [email protected] or at our mailing address below:

Rocketbots Limited
Level 25, Ginza Plaza, 2A-2H, Sai Yeung Choi Street South, Mongkok, Hong Kong

If after contacting us you do not feel that we have adequately addressed your concerns, European individuals may exercise their rights as described in the following section.

10. European Union / Swiss Individuals

Rocketbots and its subsidiaries complies with the international framework regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. If there is any conflict between the terms in this privacy policy and the international legal framework, the international legal framework shall govern.

Complaints

In compliance with the International legal framework, Rocketbots commits to resolve complaints about our collection or use of your Personal Data.

European Union / Swiss individuals with inquiries or complaints regarding our International legal framework policy should first contact Rocketbots at [email protected] or at our mailing address below:

Rocketbots Limited
Level 25, Ginza Plaza, 2A-2H, Sai Yeung Choi Street South, Mongkok, Hong Kong

Rocketbots has further committed to refer unresolved International legal framework complaints to, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit JAMS for more information or to file a complaint. The services of JAMS are provided at no cost to you.

Third Parties

We use a limited number of third party providers to assist us in providing the Services to our Customers. As of the date hereof, these third party providers perform technical operations such as database monitoring, data storage and hosting services and customer support software tools. These third parties may access, process or store personal data in the course of providing these services, but based on our instructions only.

Liabilities in cases of onward transfer

If we receive personal data subject to our certification under the International legal framework  and then transfer it to a third-party service provider acting as an agent on our behalf, we have certain liability under the International legal framework  if both (i) the agent processes the personal data in a manner inconsistent with the International legal framework  and (ii) we are responsible for the event giving rise to the damage.

Arbitration

You may also be able to invoke binding arbitration for unresolved complaints but prior to initiating such arbitration, a resident of Switzerland or a European country participating in the International legal framework  must first: (1) contact us and afford us the opportunity to resolve the issue; (2) seek assistance from JAMS; and (3) contact the U.S. Department of Commerce (either directly or through a European Data Protection Authority or the Swiss Federal Data Protection and Information Commissioner) and afford the Department of Commerce time to attempt to resolve the issue. If such a resident invokes binding arbitration, each party shall be responsible for its own attorney’s fees. Please be advised that, pursuant to the International legal framework , the arbitrator(s) may only impose individual-specific, non-monetary, equitable relief necessary to remedy any violation of the International legal framework  Principles with respect to the resident.

 

Service Data Privacy Statement

 

Last Updated June 28, 2018

1. Introduction

Rocketbots Limited (“Rocketbots”, “we”, “us”, or “our”) provides a Software as a Service (SaaS) based “Conversation Cloud” that allows our customers to store, manipulate, analyze and transfer messages between their business systems and their customers on a variety of Rocketbots-provided and third party messaging channels (the “Service“).

This document is intended to supplement and clarify the Rocketbots Privacy Policy with regard to Personal Data processed on behalf of our Customers during provision of the Service (“Service Data“). This Privacy Statement for Service Data represents an Agreement between Rocketbots and the Customer and governs the use of Service Data. If there is any inconsistency between this Agreement and any negotiated Agreement between Rocketbots and the Customer, the terms of the negotiated agreement will prevail.

2. Definitions

  1. Agent:an individual who communicates within the Conversation Cloud on behalf of the Customer
    1. For example, a member of the Customer’s web support team, or a representative of a third party to whom support has been outsourced
  2. Chat Participants:Agents and Users who communicate within the Conversation Cloud
  3. Customer:a legal entity with whom Rocketbots has an agreement to provide the Services
    1. For clarity, a Customer may be a Controller or a Processor of Personal Data. Where a Customer is a Processor of Personal Data, Rocketbots shall process Personal Data as sub-processor on behalf of the Controller. Instructions from the Controller regarding the processing Personal Data shall be given through the Processor.
  4. User:an individual who communicates with a Customer or Agent within the Conversation Cloud
    1. For example, a member of the public on Facebook Messenger, a visitor to the Customer’s Website, the holder of an SMS number, or the user of a mobile app

The following terms are used as defined in the EU General Data Protection Regulation (GDPR):

  1. Controller:the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data
  2. Personal Data:any information relating to an identified or identifiable natural person (“Data Subject“)
  3. Processor:a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller
  4. Third Party:a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data

3. Data We Process

This document is intended to supplement and clarify the Rocketbots Privacy Policy with regard to Personal Data processed on behalf of our Customers during provision of the Service (“Data Subject“)

Rocketbots may collect and process Personal Data about individuals for the purposes of account creation, billing, usage tracking, recruiting, and marketing. These data types and processing activities are governed instead by the Rocketbots Privacy Policy. Data that is not related to an identified or identifiable natural person, including aggregated or de-identified data, is not Personal Data and is not addressed by this document.

Rocketbots Services are not directed to children under 16. If you learn that a child under 16 has provided us with Personal Data without consent, please contact us.

4. Types of Service Data

Rocketbots may process the following types of Service Data on behalf of Customers:

User Profile Information

The Rocketbots API enables Agents to communicate with Users via multiple platforms such as social media (e.g., Facebook Messenger), email, SMS, and web apps (“Messaging Channels“). Each Channel transmits certain data about the User. Some examples include: First Name, Last Name, Email Address, Phone Number, IP Address, Location, Avatar/Image, Username/Handle, Linked IDs, and others.

The types of Personal Data transmitted in the User profile depend on the data collected by the Controller, and the User’s privacy settings and preferences. The Controller may be the Messaging Channel (e.g. Facebook, WeChat); or the Customer, when messages are received via [technology platform] (e.g. SMS, email), or web apps created using Rocketbots’s Software Development Kit.

Agent Profile Information

Customers may enable the configuration of profiles for their Agents, including details such as Name and Image.

Message Content

Message content may be structured or unstructured, and may or may not contain Personal Data. Rocketbots handles all messages in the Conversation Cloud as Personal Data.

Metadata

Rocketbots servers automatically record some information when Services are used, including information sent by browsers or mobile apps.

Rocketbots may collect information about the devices Services are being used on, including what type of device it is, operating system, device settings, application IDs, unique device identifiers, and crash data.

5. Purposes for Processing

Rocketbots processes the Personal Data types outlined above for the following purposes:

  1. To provide and enhance our product and service offerings
  2. To provide insights and statistics on an aggregated basis to help our Customers measure their performance, better understand their customers and improve their product and service offerings
  3. To respond to Customer requests for support or assistance

This policy is not intended to place any limits on what we do with data that is aggregated and/or de-identified. It is no longer associated with an identifiable user or Customer of the Services and is therefore not Personal Data.

6. How We Protect Data

With regard to the Service and Service Data, Rocketbots acts as a Processor on behalf of Customers. Customers have primary responsibility for interacting with Data Subjects, and the role of Rocketbots is generally limited to assisting Customers as needed. Rocketbots processes Service Data only upon a Customer’s instruction and shall have a duty to respect the security and confidentiality of Personal Data, pursuant to the measures outlined in agreements with Customers and as required by applicable law.

Privacy Program

Rocketbots maintains a managed privacy program to identify risks and implement preventative measures. Our Chief Privacy Officer, supported by a network of senior professionals throughout the business and development teams, is responsible for managing the privacy program. The privacy program is and will be reviewed on a regular basis to provide for continued effectiveness.

Personal Data collected and processed by Rocketbots is governed by the Rocketbots Data Privacy Policy. Employees with access to Personal Data are trained on the Policy and their responsibility to protect the data, and they are bound by confidentiality agreements. Rocketbots has implemented a Privacy by Design (PbD) approach, and our development team receives specific training related to their job responsibilities.

Information Security

Rocketbots takes security seriously. We take various steps to protect information you provide to us from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the information we collect, process and store, and the current state of technology.

To learn more about current practices and policies regarding security and confidentiality of Customer Data and other information, please see our Security Notice, we keep that document updated as these practices evolve over time.

7. Transparency and Cooperation with Customers

Rocketbots undertakes to be transparent regarding its Personal Data processing activities and to provide Customers with reasonable cooperation to help facilitate their respective data protection obligations regarding Personal Data.

Data Breach Notification

In the event that Rocketbots becomes aware of any unauthorized access to or disclosure of Personal Data, Rocketbots will promptly notify affected Customers to the extent such notification is permitted by applicable law.

Customer Audits

Upon a Customer’s request, and subject to appropriate confidentiality obligations, Rocketbots shall make available to the Customer (or such Customer’s independent, third-party auditor) information regarding Rocketbots and third-party sub-processors’ compliance with the data protection requirements set forth in our agreements.

Certifications

Rocketbots made the acquisition of relevant compliance certifications a priority in 2017, obtaining International legal framework  certification and working towards SOC 2 certification. If you require a particular certification for your business, please let us know your specific needs so we can include it in our certification prioritization and roadmap.

Obligations Upon Termination

Upon termination of the Services, Rocketbots shall, at the request of the Customer, delete, render un-identifiable, or return all Personal Data to the Customer. Rocketbots will certify that it has done so, unless legislation prevents it from returning or destroying the data. In that case, Rocketbots will protect the data in accordance with its commitments and will not actively process the personal data transferred anymore.

8. Sharing and Disclosure

There are times when information described in this privacy statement may be shared by Rocketbots. This section discusses how Rocketbots may share such information. Customers determine their own policies for the sharing and disclosure.

Rocketbots reserves the right to disclose or use aggregate or de-identified information for any purpose. For example, we may share aggregated or de-identified information with our partners or others for business or research purposes like telling a prospective Rocketbots Customer the average number of messages sent within a day.

Sub-processing by Third Parties

Rocketbots may retain third party sub-processors, and depending on the location of the third-party sub-processor, processing of Personal Data by such sub-processors may involve transfers of Personal Data. Such third-party sub-processors shall process Personal Data only in accordance with the Customer’s instructions.

As of the date hereof, these third party providers include technical operations such as database monitoring, data storage and hosting services and customer support software tools.

Such third-party sub-processors have entered into written agreements with Rocketbots in accordance with the applicable requirements.

Compliance with Laws

Rocketbots may share or disclosed data to comply with legal or regulatory requirements and to respond to lawful requests, court orders and legal process.

Enforcing Our Rights, Preventing Fraud, and Safety

Rocketbots may share or disclose data to protect and defend the rights, property, or safety of us or third parties, including enforcing contracts or policies, or in connection with investigation and preventing fraud.

Changes to our Business Structure

Rocketbots may share or disclose data if we engage in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of Rocketbots’s assets, financing, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence).

9. Data Subject Rights

Rocketbots acts as a data Processor on behalf of Customers. Customers have primary responsibility for interacting with Data Subjects, and the role of Rocketbots is generally limited to assisting Customers as needed.

Access, Correction, Amendment or Deletion Requests

Rocketbots shall promptly notify a Customer if Rocketbots receives a request from a Data Subject for access to, correction, amendment or deletion of that person’s Personal Data. Rocketbots shall not respond to any such Data Subject request without the Customer’s prior written consent except to confirm that the request relates to that Customer.

Rocketbots shall provide Customers with cooperation and assistance in a reasonable period of time and to the extent reasonably possible in relation to any request regarding Personal Data to the extent Customers do not have access to such Personal Data through their respective uses of the Services.

Handling of Complaints

Data Subjects may lodge a complaint about processing of their respective Personal Data by contacting the relevant Customer or the Rocketbots Privacy department at the email address [email protected] Rocketbots shall promptly communicate the complaint to the Customer to whom the Personal Data relates.

Customers shall be responsible for responding to all Data Subject complaints forwarded by Rocketbots, except in cases where a Customer has disappeared factually or has ceased to exist in law or become insolvent. Where Rocketbots is aware of such a case, it undertakes to respond directly to Data Subjects’ complaints within thirty (30) days, including the consequences of the complaint and further actions Data Subjects may take if they are unsatisfied by the reply.

Regulatory Inquiries and Complaints

Rocketbots shall, to the extent legally permitted, promptly notify a Customer if it receives an inquiry or complaint from a data protection authority in which that Customer is specifically named. Upon a Customer’s request, Rocketbots shall provide the Customer with cooperation and assistance in relation to any regulatory inquiry or complaint involving Rocketbots’s processing of Personal Data.

10. Changes to this Statement

We may change this statement from time to time, and if we do we will post any changes on this page. If you continue to use the Services after those changes are in effect, you agree to the revised policy.

This document was last updated in June 2018.

11. Contacting Rocketbots

Please feel free to contact us if you have any questions about Rocketbots’s Privacy commitments or practices. You may contact us at [email protected] or at our mailing address below:

Rocketbots Limited
Level 25, Ginza Plaza, 2A-2H, Sai Yeung Choi Street South, Mongkok, Hong Kong

The GDPR (General Data Protection Regulation) is an important piece of legislation that is designed to strengthen and unify data protection laws for all individuals within the European Union. The regulation became effective and enforceable on the 25th May 2018.

Respond.io’s commitment to data protection and the GDPR

As a provider of messaging services, data privacy is vital to Respond.io, which is why we built our platform to the highest standards of privacy and security.
We’ve designed our platform, as well as our internal Privacy Program, to meet the requirements of European, Canadian and US privacy laws. Our customers are located around the world, so we design for a global standard.
We also recognize that protecting your data requires an enterprise-grade security program. Whether it’s granular access restriction or encrypting data in motion and at rest, you can have full confidence in how your company data, as well as the personal data of your users, is being processed, transferred and stored.
Respond.io began to dedicate internal resources to the GDPR in February 2018 right after we launched our first public version of our software. We did this because we value our customers (and their customers) rights to privacy. Compliance with and to international law and regulations are very important to us.

Here’s a condensed version of the GDPR requirements and where we are on our journey:

– Conduct an information audit to determine what information you process and who has access to it. COMPLETED
– Have a legal justification for your data processing activities. COMPLETED
– Appoint a Data Protection Officer. COMPLETED
– Rewrite our Data Protection Addendum (DPA). COMPLETED
– Perform the necessary changes/improvements to our product based on the requirements:
Suppression Controls. COMPLETED
Contact Lookup. COMPLETED
– Provide clear information about your data processing and legal justification in your privacy policy. COMPLETED
– Take data protection into account at all times, from the moment you begin developing a product to each time you process data. COMPLETED
– Encrypt, pseudonymize, or anonymize personal data wherever possible. COMPLETED
– Create an internal security policy for your team members, and build awareness about data protection. COMPLETED
– Have a process in place to notify the authorities and your data subjects in the event of a data breach. COMPLETED
– Implement the required changes to our internal processes and procedures to maintain the latest privacy and security requirements. COMPLETED

Your Responsibility as a Data Controller

People who communicate using the platform have rights under the GDPR. It is your responsibility to communicate these rights to them and be prepared for their requests to exercise those rights. We have built features that make it simple and fast to do so.
The first thing you need to do when a user submits a request is to identify the data you have about them. The Respond.io platform makes that easy by using unified customer profiles where channel identities, channel supplied metadata, application, and other custom metadata, and conversation history is stored.
You can respond to the request to access, correct, or delete personal data through our Contacts Module. User message content can be extracted and provided to the individual, or you can Delete Messages and Profile Information.
Make sure your Terms of Service or Privacy Policy properly communicate to your users how you are using Respond.io (and any other similar services) on your website or app. We recommend you ensure your policies are up to date and clear to your readers.
If you are in the European Union you’ll likely want to sign a Data Processing Addendum (DPA) with Respond.io. We’re happy to do so. Working with outside counsels, we’ve updated this document to be in compliance with the GDPR and other generally acceptable privacy laws. You can request this document at [email protected]
Some of Respond.io’s services (like the website chat widget) use cookies to authenticate and store the conversation with your contacts, your visitors should accept your cookies and privacy policy to make use of these services.
It’s your responsibility to comply with terms of use of the channels and third-parties you decide to integrate with Respond.io.

Data Processing Addendum

In the course of providing our service, Respond.io may process personal data on your behalf. In order to outline specifics of how we will perform this processing and what our obligations are as well as the obligations of our users/customers, we’ve developed a Data Processing Addendum (DPA) that we enter into free of charge with anyone that uses our service and requests it. This document forms part of a contract of service with Respond.io (as the Data Processor) and our users/customers (as the Controllers). The DPA reflects the parties’ agreement with regard to the processing of personal data performed using our service.
As a Controller, in order to sign this agreement, you must review and digitally sign a copy of the Data Processing Addendum. Once you sign the agreement, you need to email to our Data Compliance Department at [email protected] . Our team will review and sign your submission within 7 working days and send you back digital copy.  With the receipt of the validly completed and digitally signed Agreement, this Agreement shall be in full force and effect.
You can request this document at [email protected].
We understand your concerns about the Data Privacy — we’ve been there! Keeping your data safe and secure is our top priority, and we’re committed to maintaining the highest standards.
Please feel free to contact us if you have any questions about Respond.io’ Privacy and Security commitments or practices. You may contact us at [email protected]