GDPR + ManyChat: What You Need to Know

GDPR — four letters that we’ve all heard a lot lately!

What do they mean? Are you impacted by them? Are your bots compliant?

This post will be the hub that answers all those questions and a channel for ManyChat to deliver updates to our users regarding everything you need to know.

Let’s dive in.

What is the General Data Protection Regulation (GDPR)?

In case your company is based in the European Union (EU), or you process EU citizens’ personal data, you are under the jurisdiction of GDPR (the European Union’s new General Data Protection Regulation).

This groundbreaking privacy law goes into enforcement on May 25, 2018.

GDPR is a set of laws which regulates the processing of personally identifiable information (PII). The law applies to individuals, companies, and/or organizations who process or handle the PII of citizens of the EU. GDPR will replace the EU Data Protection Directive, and presents some important changes that all ManyChat users should be aware of.

GDPR requires a freely given, and specific consent from your new and existing subscribers.

If one of your ManyChat subscribers, or a data privacy auditor requests information on your PII/data processing practices, you’ll need to be ready to show the moment of consent, and explain how the subscriber’s personal data is collected, and what it will be used for.

Your subscribers must be able to easily send you a request to download, change, and even completely remove all their personal data from your ManyChat account.

ManyChat is committed to providing a safe, conversational, and magical experience for everybody who interacts with our Messenger experiences. Complying with GDPR is is not only the best thing to do for all of our businesses; it’s also the right thing to do.

As such, we’re actively working on a set of tools which will help you comply with this important data privacy law.

What if a subscriber asks to download their data?

We’re working on a feature which will enable any bot Admin to download personally identifiable information gathered in conversations with any individual subscriber. Therefore, if any of your subscribers request a copy of their data, you’ll quickly and easily be able to send it to them in a format which will be easy to access, read, and analyze.

We’re also developing some tools which will enable you to see if any of this PII was transferred to any 3rd party services ManyChat can and will be able to integrate with. This transparency will enable you to not only show your subscribers their data, but will also provide a deeper view into how and when that data was distributed to 3rd parties.

What if a subscriber asks to delete all their data from my system?

We’ve got you covered on this one!

Soon, we’ll be launching tools to help you manually administrate your subscribers’ data. In case you get a request from your ManyChat subscriber (or an auditor) to delete any particular subscriber’s PII from the system, you’ll be able to manually delete their subscriber record entirely from the ManyChat account.

Deleted data can include Facebook profile information, any custom fields, tags, email addresses, phone numbers, and even their LiveChat discussions with your Facebook page Messenger.

Keep in mind that full Messenger chat history will still be stored by Facebook in your “Page Inbox”, and in the subscriber’s Messenger. Our tools will only cover ManyChat (not the Facebook page itself), so you’ll need to take any further action in Page Inbox or in the subscriber’s Messenger on your own.

What if I’ve downloaded subscriber data or already sent it to a 3rd party app like a CRM or email service provider?

Do I still need to delete that data?

Another nuance to be aware of – if the subscriber’s data was exported to a 3rd party app (for example, you used Zapier to push the subscribers’ email addresses to your CRM) you’ll also be responsible for deleting their data from the 3rd party app, and notifying your subscriber that you’ve done so.

If you delete PII from ManyChat at a subscriber’s request, but fail to simultaneously delete their data from 3rd party applications, you may be exposing yourself to the risks associated with non-compliance.

What about people who’ve unsubscribed from my bot?

Is there anything I need to do with their data to stay compliant with GDPR?

Good question!

The law stipulates new best-practices for data retention (i.e. how long you should hold on to PII and related data given certain parameters). To help your business maintain GDPR compliance,  we’ll start automatically removing personal data from subscriber profiles 90 days after they unsubscribe from your ManyChat bot.

After 90 days, the personal data associated with somebody who unsubscribed will no longer be available via ManyChat to you, or to 3rd party applications.

How do I prove that somebody gave me “consent” to process their personally identifiable information and associated data?  

GDPR emphasizes the importance of building a trusting relationship between you and your new subscribers.

One of the most critical elements to building trust with your subscribers is to obtain their consent to process personal data, and to provide them with an explanation about the purposes of using it. Once GDPR goes into enforcement, storing and using somebody’s personally identifiable information and associated data without their consent is illegal.

If you’re under the jurisdiction of GDPR, we recommend reviewing your ManyChat Flows to make sure they include personal data processing consent. Also, you’ll need to be able to prove you’ve obtained consent from existing subscribers to continue messaging them after May 25th.

ManyChat will offer a set of tools and information to help you to be compliant with the new regulations, but we cannot offer you a legal advice in your particular case. Please contact your legal team to learn how GDPR affects you, and what you need to do to prepare yourself for this new data protection law.

Helpful Community Conversations to Follow

Our community is teeming with information around GDPR! Many of our members have done extensive research and are more than willing to jump in with practical advice for implementing GDPR compliance.

Join in these conversations and get your questions answered, or help your fellow Messenger marketers!

UPDATE: May 17, 2018

Today we are happy to announce contacts management tools update is now available in your subscribers’ profiles:

  • User Data Extraction: If any of your subscribers request a copy of their data, you’re quickly and easily able to send it to them in a format fully compliant with GDPR law.
  • User Data Removal: In case you get a request from your ManyChat subscriber (or an auditor) to delete any particular subscriber’s PII from the system, you’re now able to manually delete their record entirely from the ManyChat account without affecting your bot stats.

Check out this new Support article for step-by-step instructions for putting this into action!

We’re also making final edits in our Data Processing Agreement! It will take less than 5 minutes to sign it online and get the signed agreement copy to your email.

That’s all for now, but bookmark this post and stay tuned for crucial updates!

  • Sebastián Beribé

    Great info. Thanks!!

  • Alejandro Navia

    Hi there, when you think I can get signIn with Facebook, the system shows me that as FB is working on security measures I can not sign IN in to ManyChat via Facebook

  • Pingback: | ManyChat Nieuws Update over de GDPR -

  • If one use your tool, one need in Europe a contract due to GDPR. Where is such a contract to sign up- like in case of Google Analytics etc. There one should also signup a contract from Google and have to send it back to Google in Ireland.

  • If I ask, within a bot, to get their email address, and then start sending them info and promotions… how can I asked for their informed consent on letting me use their email? there’s no checkbox available to click in FB.

    • Bloggerfly

      hey Alvaro,
      when you ask for their email, do you state how you are going to use it?
      If so, if you are really transparent, you can use their email (just us giving it and knowing what it is for is enough).
      If you say it is for something like a freebie, then you cannot use the email to send promotions BUT you can ask them in the freebie delivery email if they liked xxx, then they should jump on board to receive other xxx and subscribe to your newsletter 🙂

  • Bloggerfly

    Hi ManyChat Team,
    I am in the process of updating my Private Policy (before May 25, GDPR birthday) so I made a list of all my third parties, processors… And you are on my list so I need a contract from you.
    As an example, I got one from ConvertKit (simple but efficient).
    Will you send us one as well please?
    I’m in the EU…

    • Ranjeet Singh


  • Arthur Cronos

    Where are the ManyChat servers physically located? One of my prospects in EU wants to know. (Apparently location makes a difference.)

    So where are the ManyChat servers physically located?

  • RosinaldoBsB

    Hello. We only have brazilian customers. So, we don’t need to sign the “ManyChat – Data Processing Addendum”, right?

    We brazilian don’t need to do anything unless we have customers from EU.

    Is that correct?


  • julius banda

    If GDPR is concerned with the EU, should we get into compliance legalities, when we are ok with our areas of operations outside the EU. I am in Zambia and feel comfortable with my selected region(outside the (EU). In a dilemma to register or not, Please Advise!!

  • Pingback: Step By Step Guide to the GDPR - The Prepared Performer - The Prepared Performer()

  • Pingback: What Is Facebook Messenger Marketing? | Target Internet()

  • Larissa Jungheim

    We would appreciate it if you could inform us whether you are privacy shield certified or not?

  • Alonaj Gamz

    Can Somebody Answer My question Please. I Can’t Broadcast Anymore Since Last 2 days. i have no idea why this happened. what do you think is the reason guys and what should i do to be able to broadcast again.? Thank You .

  • Pingback: How to Use ManyChat's Live Chat — Features, Settings, Coming Soon()

  • Nathalie Sainte-Marie

    Hi, How many time will the data be stored after being collect by the bot on many chat please ? thank you