← dmtolead.com
Legal

PRIVACY NOTICE

Last updated: July 3, 2026 · Version 1.0

This Privacy Notice explains how DMtoLead processes personal data when you use our websites, dashboard, mobile apps, AI automation, integrations, and messaging tools.

For additional detail, see our Privacy Policy. If a business uses DMtoLead to communicate with its own customers, that business is normally the controller of the conversation data, and DMtoLead processes that data on the business's instructions.

01

Who Processes Data

DMtoLead as Controller

We act as controller for account registration, billing, product analytics, support, security, service communications, and our own website operations.

DMtoLead as Processor

We act as processor when a business connects channels, uploads knowledge sources, syncs ecommerce data, or uses AI employees to reply to its customers.
02

Data Categories

Account data

Name, email, login identifiers, role, workspace.

Integration data

Platform ids, OAuth tokens, page/account ids, webhook metadata.

Message data

Conversation text, sender ids, timestamps, media metadata.

Customer/lead data

Name, phone, email, preferences, lead notes, order context.

Commerce data

Shopify/Ikas catalog, inventory, orders, customer and shipping details where connected.

Usage data

IP, browser/device data, logs, token usage, product events.

Billing data

Stripe customer/subscription ids, invoices, plan, payment status.

03

Purposes and Legal Bases

Provide the serviceContract and legitimate interest.
Authenticate and manage accountsContract and security obligations.
Operate integrations and AI repliesContract; processor activity under customer instructions.
Process payments and invoicesContract and legal obligation.
Prevent abuse, fraud, and security incidentsLegitimate interest and legal obligation.
Improve product qualityLegitimate interest, using aggregated or minimized data where possible.
Send service noticesContract and legitimate interest.
Marketing communicationsConsent or legitimate interest where permitted; opt-out is available.
04

Recipients

Infrastructure and Service Providers

We use vendors such as AWS, MongoDB Atlas, Stripe, email providers, analytics/security tools, and customer-authorized integration providers to operate DMtoLead.

Connected Platforms

When you connect Meta, WhatsApp, Instagram, Messenger, Telegram, Shopify, Ikas, Google, Calendly, HubSpot, Pipedrive, Zendesk, or similar services, relevant data is exchanged with those platforms to perform the action you requested.

AI Providers

Depending on your configuration, message context and business data may be sent to AI providers only to generate responses or actions. We do not sell customer conversation data.
05

Transfers and Retention

International Transfers

Data may be processed in Turkey, the EU, the United States, and other regions where our vendors operate. Where required, we use appropriate safeguards such as data processing agreements and standard contractual clauses.

Retention

Account data is kept for the account lifetime. Conversation history is kept for 12 months by default unless configured otherwise. Billing records may be kept for legal accounting periods. Logs and analytics are kept only as long as needed for security, debugging, product operation, and legal obligations.
06

Your Rights

Access

Request information about the personal data processed about you.

Correction

Request correction of incomplete or inaccurate data.

Deletion

Request deletion where legally available.

Restriction

Request restriction of processing in certain cases.

Objection

Object to processing based on legitimate interest or marketing.

Portability

Request a machine-readable copy where applicable.

Withdraw consent

Withdraw consent for consent-based processing.

Complaint

Contact your data protection authority where applicable.

Contact

Privacy requests

To exercise your rights or ask a privacy question, contact us at:

privacy@dmtolead.com