GDPR & Privacy Compliance
Data privacy standards and compliance with global regulations.
We respect user privacy and operate in compliance with the General Data Protection Regulation (GDPR) and the Nigeria Data Protection Regulation (NDPR).
1. Data Processor vs. Data Controller
- You (The Business) are the Data Controller: You collect your customers' contact information and decide what messages to send them.
- AutomateIt is the Data Processor: We process and store the messages and contact profiles solely on your instructions and in accordance with our Data Processing Agreement (DPA).
2. Customer Privacy Rights
Under GDPR and NDPR, your customers have rights regarding their data:
- Right to Access: A customer can request a copy of their contact profile and conversation transcript. You can export their profile data as a JSON or CSV file from the Contacts tab at any time.
- Right to Erasure (Right to be Forgotten): If a customer requests that their data be deleted, you can click the Delete Contact button in their profile. This action permanently deletes their phone number, metadata, and message logs from our active servers.
3. Data Auditing & Deletion Logs
For regulatory compliance:
- We maintain audit logs of all user actions (e.g. who exported a contact list, who updated a schema).
- Logs are retained for 90 days before being purged.
- We sign standard Data Processing Agreements (DPA) with all Pro, Agency, and Enterprise tier customers.
Was this page helpful?