White Label
Affiliate
Blog
WordPress
Old Login
English Spanish (Española) French (Francesa) Mandarin (Mandarín) Portugues (Portuguesa) German (Alemana)
Book A Demo

Trust Center

Your data security and privacy are our top priorities. Discover how we protect your information.

Trust & Privacy

Data Processing Agreement (DPA)

This Data Processing Agreement ("DPA") is an addendum to the Terms of Service between Robofy.ai ("Data Processor", "we", "us") and you, the customer or entity ("Data Controller", "you"). This agreement dictates the terms, requirements, and conditions on how we process your personal data on your behalf when you use our services to ensure compliance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

1. Scope and Applicability

This DPA applies wherever Robofy processes personal data on behalf of the customer while providing our conversational and AI chatbot services. It establishes the rights and obligations of both parties regarding the safeguarding, processing, and transferring of personal data.

2. Roles of the Parties

  • Data Controller: As the customer using Robofy, you remain the Data Controller. You determine the purposes and means of processing personal data (such as the content of the messages sent to your chatbot).
  • Data Processor: Robofy acts as the Data Processor. We process personal data solely on your documented instructions and in accordance with this DPA and our Terms of Service.

3. Details of Processing

The processing of Personal Data by Robofy.ai shall be carried out under the following conditions:

  • Subject Matter: The provision of AI chatbot services, message delivery over the WhatsApp API or Web chat widgets, and related analytics.
  • Nature and Purpose: To facilitate automated customer interactions, sync communication data, evaluate conversational analytics, and to maintain and improve the platform.
  • Types of Personal Data: Phone numbers, WhatsApp IDs, message content, customer names (if collected), and metadata related to the processing of the messages.
  • Categories of Data Subjects: Your end-users, website visitors, customers, and prospects who interact with the Robofy chatbot.

4. Security Measures

We implement strict, industry-standard technical and organizational measures to ensure the security, confidentiality, and integrity of your personal data:

  • Encryption of data in transit using TLS 1.2+ for all API interactions and webhooks.
  • Encryption of data at rest using AWS KMS (Key Management Service).
  • Strict logical separation of customer data within our databases (AWS RDS and DynamoDB).
  • Principle of least privilege access, meaning only authorized personnel can access infrastructure containing personal data for maintenance and support.

For more details on our security architecture, please visit our Security & PII page.

5. Sub-processors

To provide our service, we engage third-party infrastructure and service providers (Sub-processors). You grant Robofy general authorization to engage these Sub-processors.

We ensure that all our Sub-processors are bound by written agreements that impose the same data protection obligations as set out in this DPA. For an up-to-date and transparent list of our sub-processors, visit our Sub-Processors page. We will notify you of any new sub-processors before they are authorized to process your data.

6. Data Subject Rights

We will assist you, by appropriate technical and organizational measures, insofar as this is possible, in fulfilling your obligation to respond to requests from end-users exercising their rights under the GDPR (such as the right to access, rectification, erasure, or portability of personal data). Since Robofy purely acts as a processor, all such requests received directly by us will be promptly redirected to you.

7. International Data Transfers

Our primary infrastructure is hosted on AWS. For customers in the European Union, we guarantee that all conversational data is stored and processed exclusively in our EU region (eu-west-1, Ireland) unless explicitly configured otherwise by you.

In the event that data must be transferred outside the European Economic Area (EEA), we will ensure that such transfers are governed by the Standard Contractual Clauses (SCCs) approved by the European Commission, or another valid transfer mechanism under GDPR.

8. Deletion and Return of Data

Upon termination of your Robofy account, or upon your written request, we will delete or anonymize all personal data processed on your behalf, unless we are legally required to retain it. Backups are automatically purged according to our retention cycle and are heavily encrypted in the meantime.

9. Audits and Compliance

We will make available to you all information necessary to demonstrate compliance with the obligations laid down in this DPA. Furthermore, we commit to actively cooperating with any data protection impact assessments or audits required by the supervisory authorities.

Contact Us

If you have any specific questions about this Data Processing Agreement, require a signed PDF version for your compliance team, or need further details about our privacy practices, please contact our Data Protection Officer at hi@robofy.ai.

Growby Logo By Robofy | Last Updated: February 21, 2026