Our Biggest Year-End Sale EVER! 85% OFF on all plans & packages - Make the move today!
Use code85OFFat checkout
HomeGDPR Compliance

GDPR COMPLIANCE

Last Updated: December 14, 2025

INTRODUCTION

This page provides information about how DMText complies with the General Data Protection Regulation (GDPR), the European Union's comprehensive data protection law.

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, this policy outlines your rights under GDPR and how we protect your personal data.

This GDPR Compliance page supplements our Privacy Policy and should be read together with it.

DATA CONTROLLER

For the purposes of GDPR, DMText acts as the data controller for personal data we collect directly from you when you use our platform.

Data Controller: DMText
Location: San Francisco, CA, United States
Contact: support@DMText.com

When you use DMText to send messages to your contacts, you act as the data controller for your contacts' personal data. DMText acts as a data processor, processing data on your behalf according to your instructions.

LEGAL BASIS FOR PROCESSING

Under GDPR, we must have a legal basis to process your personal data. We rely on the following legal bases:

1. Contract Performance

We process your personal data to fulfill our contract with you (our Terms of Service), including:

  • Creating and managing your account
  • Providing the SMS marketing platform services
  • Processing payments and billing
  • Delivering customer support
  • Registering your business for 10DLC messaging

2. Legitimate Interests

We process certain data based on our legitimate business interests, which include:

  • Improving and developing our platform
  • Analyzing usage patterns and platform performance
  • Preventing fraud and ensuring security
  • Understanding customer needs and preferences
  • Internal business analytics and reporting

We balance our legitimate interests against your rights and freedoms. You have the right to object to processing based on legitimate interests.

3. Consent

For certain processing activities, we rely on your explicit consent:

  • Marketing communications from DMText
  • Non-essential cookies (see our Cookie Policy)
  • Participation in surveys or research studies

You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

4. Legal Obligations

We process your data when required to comply with legal obligations, such as:

  • Tax and accounting requirements
  • Responding to lawful requests from authorities
  • Compliance with telecommunications regulations
  • Anti-money laundering and fraud prevention laws

YOUR RIGHTS UNDER GDPR

As a data subject under GDPR, you have the following rights regarding your personal data:

1. Right to Access

You have the right to request a copy of the personal data we hold about you. This includes:

  • What personal data we process
  • Why we process it
  • Who we share it with
  • How long we keep it
  • Where it came from

How to exercise: Email support@DMText.com with subject line "GDPR Data Access Request"

Response time: Within 30 days (may be extended to 60 days for complex requests)

2. Right to Rectification

You have the right to correct inaccurate or incomplete personal data we hold about you.

How to exercise: Update your account information through your dashboard settings, or email us for data you cannot modify directly

Response time: Within 30 days

3. Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data in certain circumstances:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent and there's no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • Deletion is required for compliance with a legal obligation

Exceptions: We may refuse deletion if we need to keep the data for:

  • Legal compliance (e.g., tax records, audit trails)
  • Establishment, exercise, or defense of legal claims
  • Compliance with legal obligations

How to exercise: Email support@DMText.com with subject line "GDPR Deletion Request" or delete your account through dashboard settings

Response time: Within 30 days

4. Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format. You can also request that we transfer this data to another service provider where technically feasible.

This right applies to data:

  • That you provided to us
  • Processed based on consent or contract
  • Processed by automated means

How to exercise: Export your data through dashboard export features, or email us for a complete data export

Response time: Within 30 days

5. Right to Restriction of Processing

You have the right to request that we limit how we use your personal data in certain situations:

  • You contest the accuracy of the data (restriction during verification)
  • Processing is unlawful but you don't want deletion
  • We no longer need the data but you need it for legal claims
  • You've objected to processing (restriction pending verification of legitimate grounds)

When processing is restricted, we can store the data but not use it without your consent (except for legal claims or protecting others' rights).

How to exercise: Email support@DMText.com with subject line "GDPR Restriction Request"

6. Right to Object

You have the right to object to processing of your personal data:

  • Direct Marketing: You can object to processing for direct marketing purposes at any time (absolute right)
  • Legitimate Interests: You can object to processing based on our legitimate interests; we must stop unless we demonstrate compelling legitimate grounds that override your interests

How to exercise: Click unsubscribe in marketing emails, or email support@DMText.com with subject line "GDPR Objection"

7. Rights Related to Automated Decision-Making and Profiling

You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects.

DMText's practices: We do not make automated decisions that significantly affect you without human involvement. We may use automated systems for:

  • Fraud detection (with human review)
  • Account risk assessment (with human review)
  • Spam filtering (does not create legal effects)

DATA PROCESSING AND STORAGE

Where We Store Your Data

DMText is based in the United States, and our servers are located in the U.S. When you use our services, your personal data is transferred to and processed in the United States.

The United States has not been subject to an adequacy decision by the European Commission, meaning it is not considered to provide an equivalent level of data protection as the EEA.

Data Transfer Safeguards

To protect your data during international transfers, we implement the following safeguards:

1. Standard Contractual Clauses (SCCs)

We use the European Commission's Standard Contractual Clauses (also known as Model Clauses) for transfers of personal data to countries outside the EEA. These are legally binding agreements that require us to protect your data according to EU standards.

2. Technical and Organizational Measures

  • Encryption in transit (TLS/SSL) and at rest
  • Access controls and authentication
  • Regular security audits and assessments
  • Data minimization practices
  • Staff training on data protection

3. Third-Party Processor Agreements

We require all third-party processors to implement appropriate safeguards for data protection and to comply with GDPR requirements.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in our Privacy Policy and to comply with legal obligations.

Data TypeRetention Period
Account informationDuration of account + 90 days after closure
Message content and contact listsDuration of account + 90 days (unless earlier deletion requested)
Financial records7 years (legal requirement)
Usage logs and analytics12-24 months
Support tickets and communications3 years

DATA BREACH NOTIFICATION

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
  • Notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms
  • Document the breach, including facts, effects, and remedial action taken

Our notification to you will include:

  • Description of the nature of the breach
  • Categories and approximate number of data subjects affected
  • Likely consequences of the breach
  • Measures taken or proposed to address the breach and mitigate harm
  • Contact information for further inquiries

THIRD-PARTY DATA PROCESSORS

We work with carefully selected third-party processors to provide our services. All processors are required to:

  • Comply with GDPR requirements
  • Implement appropriate technical and organizational measures
  • Process data only according to our instructions
  • Assist with data subject rights requests
  • Notify us of any data breaches

Key Data Processors:

  • Cloud Infrastructure: AWS or similar (for hosting and data storage)
  • Payment Processing: Stripe (for billing and payment processing)
  • SMS Carriers: Various mobile network operators (for message delivery)
  • Analytics: Google Analytics (for platform usage analytics)
  • Customer Support: Support ticketing and communication tools

We maintain Data Processing Agreements with all processors to ensure GDPR compliance.

CHILDREN'S DATA

DMText does not knowingly process personal data of children under 16 years of age. Our service is intended for business use by adults.

If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete that information as quickly as possible.

HOW TO EXERCISE YOUR RIGHTS

To exercise any of your GDPR rights, please contact us:

Contact Information for GDPR Requests:

  • Email: support@DMText.com
  • Subject Line: "GDPR Data Request" (specify the type: Access, Deletion, Rectification, etc.)
  • Required Information: Your name, email address associated with your account, and description of your request

Identity Verification

To protect your privacy and security, we will verify your identity before processing GDPR requests. We may ask you to:

  • Confirm account details known only to you
  • Provide additional identifying information
  • Respond from the email address associated with your account

Response Timeline

  • Standard requests: Within 30 days (1 month)
  • Complex requests: May be extended to 60 days (2 months) with explanation
  • Urgent requests: We will prioritize requests involving potential harm

Free of Charge

We will respond to your GDPR requests free of charge. However, if your requests are manifestly unfounded or excessive (particularly if repetitive), we may:

  • Charge a reasonable administrative fee, or
  • Refuse to act on the request

We will explain our reasoning if we charge a fee or refuse a request.

SUPERVISORY AUTHORITY

You have the right to lodge a complaint with a data protection supervisory authority if you believe we have violated your GDPR rights.

How to File a Complaint

You can contact your local data protection authority in the EEA country where:

  • You habitually reside
  • You work, or
  • An alleged infringement of GDPR occurred

Find your data protection authority: European Data Protection Board - List of Supervisory Authorities

We encourage you to contact us first so we can try to resolve your concerns directly.

UPDATES TO THIS GDPR POLICY

We may update this GDPR Compliance page from time to time to reflect changes in our practices, legal requirements, or for other operational reasons.

When we make changes:

  • We will update the "Last Updated" date at the top of this page
  • For material changes affecting your rights, we will notify you via email
  • We may display a prominent notice on our platform

We encourage you to review this page periodically to stay informed about how we protect your data under GDPR.

CONTACT US

If you have questions about our GDPR compliance, data protection practices, or wish to exercise your rights, please contact us:

  • Email: support@DMText.com
  • Subject Line: "GDPR Inquiry" or "GDPR Data Request"
  • Address: San Francisco, CA, United States

We are committed to protecting your personal data and respecting your rights under GDPR. We will respond to all legitimate requests within the required timeframes.