Privacy Policy
Last updated: July 11, 2026
1. Who We Are
DMly (“we”, “us”, “our”) is a product operated by Client Path, LLC, registered in the United States.
Controller Contact: hello@dmly.io
Website: https://dmly.io
2. Information We Collect
2.1 Information You Provide
We may collect information you provide such as:
- Full name
- Email address
- Phone number
- Business/organization name
- Account credentials
- Billing/subscription information
- Support communications
- Message templates, automation rules, and content you upload
2.2 Information Collected Automatically
We may automatically collect:
- IP address
- Device/browser type
- Operating system
- Log data and timestamps
- Usage activity and feature interactions
- Cookies and similar tracking technologies
2.3 Data from Connected Platforms
When you connect third-party platforms, we may process data permitted by those platforms, including:
- WhatsApp Business account details
- Facebook Pages and Messenger data
- Instagram professional account and messaging data
- TikTok business and messaging account data (including TikTok Messaging interactions)
- Telegram bot and chat metadata
- SMS sender IDs, phone numbers, and delivery metadata processed via carriers/aggregators such as Twilio and Plivo
- Live Chat website-widget sessions, visitor identifiers, and messages
- Google Business Profile data, including Google Business Messages, reviews, and Q&A
- Contact identifiers, tags, notes, and conversation events
- Message delivery and interaction metrics
We only access data explicitly authorized by you and allowed under each platform’s policies.
3. How We Use Your Data
We use your information to:
- Provide and operate the DMly platform
- Enable omnichannel messaging automation
- Deliver AI-powered responses and workflows
- Process payments and subscriptions
- Authenticate users and secure accounts
- Improve performance, reliability, and features
- Provide support and service communications
- Comply with legal and regulatory obligations
4. Controller vs Processor (Important)
Depending on how you use DMly, Client Path, LLC may act as:
- Data Controller for account, billing, and platform usage data
- Data Processor for messages, contacts, and conversations you process through DMly on behalf of your end-users
Where we act as Processor, you remain the Controller of end-user data and we process it only on your documented instructions.
5. Messaging Platform Compliance
DMly is designed to comply with:
- WhatsApp Business Platform policies
- Meta Platform Policies (Messenger, Instagram)
- TikTok Business and Messaging policies
- Telegram Bot API policies
- SMS/carrier requirements, including TCPA, CTIA guidelines, and US 10DLC registration where applicable (via aggregators such as Twilio and Plivo)
- Google Business Profile and Google Business Messages policies
- Live Chat / website-widget use governed by our website terms and applicable law
We do not:
- Sell message content or contact data
- Use messaging data for advertising
- Access private messages without authorization
- Initiate messages outside your configured automations
You are responsible for lawful opt-in/consent and compliance with applicable laws and platform requirements (including WhatsApp/Meta, TikTok, Telegram, SMS (TCPA/CTIA/10DLC), Google Business Messages, and Live Chat requirements).
The following per-channel disclosures describe the data DMly accesses from each connected channel and the platform policies you agree to comply with when you use it. You are responsible for maintaining the approvals, opt-ins and permissions each platform requires.
5.1 WhatsApp (WhatsApp Business Platform)
Through the WhatsApp Business Platform we process your WhatsApp Business Account and business phone number details, contact phone numbers and profile names, message content and approved templates, and delivery, read and opt-in status. You must comply with the WhatsApp Business Messaging Policy and Meta Business and Commerce policies, obtain valid opt-in before messaging, use approved templates for business-initiated messages, and respect the 24-hour customer service window.
5.2 Instagram
For connected Instagram professional accounts we process Instagram-scoped user identifiers, direct messages, story replies, comments and related media metadata. Use of Instagram messaging is governed by the Meta Platform Policies and Instagram Platform terms, including the Meta messaging windows.
5.3 Facebook Messenger
For connected Facebook Pages we process Page-scoped user identifiers, Messenger conversations and Page comments. Use is governed by the Meta Platform Policies and the Messenger Platform Policy, including the standard 24-hour messaging window and the approved message tags for messages sent outside it.
5.4 TikTok
For connected TikTok business accounts we process TikTok-scoped account identifiers and, where the API permits, direct messages, comments and interaction metadata. You must comply with the TikTok Developer Terms and TikTok business and platform policies, and obtain consent for outreach.
5.5 Telegram
Through the Telegram Bot API we process your bot token and metadata, chat identifiers, message content and group or channel metadata. Use is governed by the Telegram Bot API Terms, and you are responsible for lawful use and consent.
5.6 SMS
SMS is delivered through carriers and aggregators such as Twilio and Plivo. We process sender identifiers and numbers, recipient phone numbers, message content and delivery status. You must comply with the US TCPA, the CTIA Messaging Principles, applicable carrier terms, and complete 10DLC / A2P registration where required. You must obtain documented opt-in and honour opt-out keywords such as STOP at all times.
5.7 Live Chat (website widget)
When you deploy the DMly live-chat widget on your website we process visitor messages, the page and URL context, browser and device information, session identifiers and cookies, together with any details a visitor chooses to share. You are responsible for disclosing the widget in your own website privacy notice and obtaining cookie consent where required.
5.8 Google Business Profile
For a connected Google Business Profile we process your business and location details and, where enabled, customer messages, reviews, questions and answers, and reviewer display names. Use is governed by the Google Business Profile policies and the Google API Services User Data Policy.
6. Payments & Billing
Payments are processed securely by Stripe and other supported payment providers.
DMly does not store full card numbers or CVV codes. Billing data retained may include transaction IDs, subscription plan, payment status, invoices, and receipts.
7. AI & Automated Processing
DMly uses AI services (including OpenAI) to provide features such as AI-generated replies and automation assistance.
Key principles:
- Data is processed only to provide requested functionality
- Your private data is not used to train public AI models
- We do not use your data for advertising or profiling
- Avoid submitting highly sensitive data into automated flows
8. Cookies & Tracking Technologies
We use cookies to:
- Maintain secure sessions
- Remember preferences
- Analyze platform performance
- Improve user experience
You can manage cookies via your browser settings. Some features may not work correctly without cookies.
9. Data Sharing & Disclosure
We may share data only with:
- Cloud hosting and infrastructure providers
- Messaging and channel platform APIs you connect (Meta, TikTok, Telegram, Google Business Profile, and SMS carriers/aggregators such as Twilio and Plivo)
- Live Chat / website-widget infrastructure providers
- Payment processors (e.g., Stripe)
- AI providers (e.g., OpenAI)
- Monitoring/analytics services
- Authorities when required by law
We never sell personal data.
10. Security
We apply industry-standard safeguards including encryption in transit, access controls, and monitoring. No method of transmission or storage is 100% secure.
11. Retention & Deletion
We retain data while your account is active and as needed to provide services and meet legal obligations.
You can request data deletion from your dashboard. We will delete or anonymize data unless retention is legally required.
12. Your Rights (UK GDPR, EU GDPR, CCPA/CPRA)
Depending on your location, you may have rights to:
- Access and correct data
- Request deletion
- Restrict or object to processing
- Export your data
- Withdraw consent
Requests: hello@dmly.io
13. International Data Transfers
We may process/store data in the UK, EU, US, and other regions where providers operate. Appropriate safeguards are applied for international transfers.
14. Children’s Privacy
DMly is not intended for individuals under 18. We do not knowingly collect data from minors.
15. Changes to This Policy
We may update this policy periodically. Material changes may be communicated via email or platform notices. Continued use constitutes acceptance.
16. Contact
Client Path, LLC (DMly)
Email: hello@dmly.io
Website: https://dmly.io
Data Processing Agreement (DPA)
This DPA forms part of the agreement between:
- Customer (Controller): The business using DMly
- Client Path, LLC (Processor): Operator of DMly
1. Scope and Roles
The Customer is the Controller of end-user Personal Data. Client Path, LLC is the Processor when processing Customer Data on the Customer’s behalf.
2. Processing Details
Client Path, LLC processes Personal Data to provide the Services, including omnichannel messaging automation, workflow execution, analytics, routing, and support.
3. Types of Data and Data Subjects
Data Types: names, phone numbers, emails, messages, metadata, tags, notes, automation variables.
Data Subjects: Customer’s users, clients, leads, and contacts.
4. Customer Responsibilities
Customer warrants it has lawful basis, required notices, and opt-ins/consents for collecting and using end-user data and sending messages via connected channels (including WhatsApp Business API, Instagram, Facebook Messenger, TikTok, Telegram, SMS, Live Chat, and Google Business Profile).
5. Processor Obligations
Client Path, LLC will:
- Process data only on documented instructions
- Maintain confidentiality and security controls
- Support data subject requests as applicable
- Notify Customer of personal data breaches without undue delay
- Not sell or monetize Customer Data
6. Sub-processors
Customer authorizes the use of sub-processors such as cloud infrastructure, messaging and channel platforms (including SMS carriers/aggregators such as Twilio and Plivo), payment processors, AI providers, and analytics/monitoring vendors. Sub-processors are bound by confidentiality and data protection obligations.
7. International Transfers
Where transfers occur outside the UK/EEA, appropriate safeguards are applied.
8. Retention and Deletion
Upon account termination or deletion request, Customer Data will be deleted or anonymized unless legally required.
9. Audit and Compliance
Client Path, LLC will make reasonable information available to demonstrate compliance upon request.
10. Governing Law
This DPA is governed by the laws of England and Wales.
Meta / WhatsApp Privacy Addendum
This addendum supplements the Privacy Policy and DPA for Customers using Meta channels, including:
- WhatsApp Business Platform
- Facebook Messenger
- Instagram Messaging
Customers using other connected channels — including TikTok, Telegram, SMS (via carriers/aggregators such as Twilio and Plivo, subject to TCPA, CTIA guidelines, and US 10DLC registration), Live Chat, and Google Business Profile (Business Messages, reviews & Q&A) — are subject to equivalent channel-specific requirements under those providers’ policies and applicable law, in addition to this Privacy Policy and DPA.
1. Data Ownership
Message content and contact data remain the Customer’s data. Client Path, LLC processes this data solely to provide the Services.
2. Customer Responsibilities (Meta Requirements)
Customer agrees to:
- Obtain lawful opt-in/consent from end-users
- Provide appropriate privacy notices
- Honor opt-out requests
- Comply with WhatsApp and Meta Platform Policies and applicable laws
3. Message Initiation and Automation
Client Path, LLC does not independently initiate messages. Automations are configured and controlled by the Customer.
4. WhatsApp Processing
Messages may be processed for delivery, automation, analytics, and (if enabled) AI-assisted responses. Data is not used for advertising or profiling.
5. AI Processing
If AI features are enabled, message content may be processed by AI providers (e.g., OpenAI) to generate responses. Data is not used to train public AI models.
6. Enforcement
Violations of Meta/WhatsApp policies may result in restriction, suspension, or termination of messaging features.
7. Order of Precedence
If there is a conflict:
- Meta/WhatsApp policies
- This Addendum
- DPA
- Privacy Policy
- Terms of Service
