Personal Data Processing at MessageFlow

When you use the MessageFlow platform, our roles regarding data protection are clearly defined by the GDPR.

You, our customer, act as the Data Controller. This means you determine the purpose and means of processing personal data. You are responsible for ensuring you have a legal basis to process the data of your end-users (recipients).
MessageFlow acts as the Data Processor. We process personal data solely on your behalf and according to your documented instructions, as outlined in our Data Processing Agreement (DPA). Our role is to provide the technology to carry out your communication activities securely.

Scope and Purpose of Data Processing

The sole purpose of our data processing is to provide the services under our main agreement with you. This includes sending and managing your cross-channel communications (email, SMS, etc.), providing analytics, and ensuring the security and accessibility of the data you entrust to us.

Categories of Data Processed

As a processor, we only handle the data you provide to us, which may include:

Recipient contact information: Such as email addresses and phone numbers.
Message content: The text, images, and other information contained in your communications.
Technical metadata: Information necessary for sending and analysis, such as sending times, delivery statuses, and recipient interactions (e.g., opens, clicks).

We do not process special categories of personal data as defined by the GDPR (e.g., health data, ethnic origin, political opinions) unless it is included by you in the message content, in which case you are responsible for ensuring the appropriate legal basis.

Data Processing Duration

We process personal data for the duration of our service agreement. After the termination of the contract, all personal data is deleted in line with the provisions set out in our DPA and terms of service.

PreviousLegal Framework NextData Processing Agreement (DPA)

Last updated 2 days ago