Legal for Clients

The Agreement

In this section, you will find all the documents that are binding when you use our main services as a customer. If you have questions about the rules on which we provide you with the Services, want to know how we handle your data, or have inquiries about intellectual property, check the documents below.

Frequently Asked Questions

By clicking the "Create an Account" button (or a similar button or checkbox that confirms that you are signing up for the Services), you accept the Terms of Use, Privacy Policy, and Data Processing Addendum, which together constitute a contract between us (referred to as the "Agreement"). In the case of an Order Form (if applicable to you), the Agreement begins to bind you on the effective date set forth in your signed Order Form.

No, the Agreement does not have to be signed to be binding. Your right to access and use the Services is expressly conditioned on your acceptance of the Agreement. Remember, the Agreement is effective as of the earliest of the date you register for the Services, by clicking the “Create account” button (or a similar button or checkbox that confirms you agree/accept/sign up” for the Services), accessing the Services, or the effective date specified in the Order Form (the “Effective Date”).

From time to time, we may change the provisions of the Agreement. You should remember that the updated version supersedes all prior versions and is effective and binding immediately after posting on the website. We advise you to review it periodically.

The Agreement is effective on the earliest of the day of your sign-up to our services or from the date specified in the Order Form.

In case anything goes wrong, let’s contact us, and we will try to amicably resolve any claims, disputes, disagreements, or other matters. If it doesn’t work, all issues will be governed by the laws of the State of Massachusetts, United States of America.

You must be at least sixteen (16) years of age to be able to register and access our service. We do not knowingly provide services to anyone under sixteen (16). If it comes to our knowledge that a person under the abovementioned age is accessing or using the services, with no liability whatsoever towards such a person, we will prohibit and block such an account without any prior notice.


Here you can find all the documents referring to how we process personal data including the GDPR-related requirements. In this section, you can find details on how we collect, transfer, and further use personal information.

Frequently Asked Questions

Services are provided, and your personal data are processed by Text, Inc. (101 Arch Street, 8th Floor, Boston, MA 02110, United States of America). You can contact us via chat or at (or via a support email).

While registering for one of the services, we request you to provide us with such information as the first name, last name, company business name, address, website address, and email address. This is the basic data of yours that we process and store. We also store the data (including personal data) you and/or your customers insert into the services or other data you ask your customers for via the service you use (i.e. in a pre-chat survey). You can find a full description of the data processing in our Privacy Policy.

Firstly, you need to figure out if you process or provide the personal data of EU citizens. If you process the personal data of European citizens, you must comply with this regulation. You or your company (organization) may act as a data controller. It happens when you are a natural or legal person, public authority, agency, or other body, and you, alone or jointly with others, determine the purposes and means of the processing of personal data. You may also act as a data processor. It happens when – as a natural or legal person, public authority, agency, or other bodies – you process personal data on behalf of the data controller. Simply, when you do not determine the purposes of the processing but use data according to the controllers’ instructions.

We do not sign the DPA as a separate agreement anymore - the DPA is already an integral part of the Agreement, meaning it does not require a separate signature. The reason why we have included the DPA in the Agreement is the need to simplify the work and “keep it simple.”

We store and process the personal data of your customers or users within your connection while using our services. We especially store data provided in the pre-chat survey, chat content, and ticket content. Thus, if you collect your customer or users’ personal data and transfer them to us, you may need to gain their consent and notify them you use our services. You can find the instructions on how to customize your pre-chat survey to comply with this rule in Prepare your chat to the GDPR. If you wish and if they meet your company’s requirements, you can use one of (or more than one) the clauses we have prepared for you. The clauses can be found in Chat Forms.

You can find more information about sub-processing rules in our DPA and check which sub-processors have access to the personal data of your customers/users/visitors under the following list.

Data Protection Officer is Maciej Malesa Text, Inc. 101 Arch Street, 8th Floor, Boston, MA 02110, United States of America,

We use cookies to provide you with the best software service possible. Cookies are pieces of information sent by the server, and stored on a user’s computer for the purpose of automatic identification of a particular user when using our services or browsing the website and are used while using our services or browsing any websites where our services are installed. You can simply delete cookies from your browser anytime. Go to our Privacy Policy to get more info.

We are proud to be certified under the new EU-US DPF provisions which means that you can be confident that your personal data will be protected when it is transferred to us from the EU. In line with this, we have recently updated our Privacy Policy, to reflect the EU-US DPF's core principles and we stay committed to upholding them.

While the EU-U.S. DPF is a standalone transfer mechanism that can be used instead of the Standard Contractual Clauses (SCCs) we're not letting our guard down. We are still continuing to maintain our ongoing supplementary measures, including safeguards like the Standard Contractual Clauses (SCC) to make sure your personal data is safe when it travels, as keeping your data secure is a top priority for us.

We act as a data processor since we do not determine the purposes of your (including your customer’s or users’ data) data processing. It is you who decide how to use our software. Thus, you will supply us with personal data to facilitate communication between you and your customers. If you submit or we collect the dara under your account through the services, We may use and process such data in order to provide, maintain, and improve our services as well as to send you personalized marketing/advertising communication or updates and news regarding the services, secure yours and our potential claims. In some exceptional cases, we may also act as a data controller. It is explained fully in our Privacy Policy.

The basis for your personal data processing by Text, Inc. is an agreement between you and us concluded when you sign up for the service (create an account). Remember that for the duration of your subscription to our services, you must have a legal basis to collect, process, and transfer any personal data to our services in order to provide the services to you. “The Agreement” is constituted by “Terms of Use,” “Privacy Policy,” and “DPA”. This is why separate consent for your data processing is not required. However, you may need to gain consent for data processing and transferring from your customer’s or your users. It depends if you collect your customer’s or user’s data, and what your data processing basis is. To help you comply with the e.g. GDPR requirements, we have created a simple and free Privacy Policy Generator that helps you gain such consent. If it’s required by law, you may need to at least notify your customers about using our services and transferring data to us.

Yes, we have. Regardless of being a data controller or a data processor, when you transfer EU/EEA or UK or California citizen’s personal data to us (and you do so while using our services), we have prepared a Data Processing Addendum incorporated by reference to the Agreement, so you don’t have to take any further action. Our Data Processing Addendum includes updated SCCs, as approved by the European Commission in June 2021, that comply with the newest recommendations of the European Commission and are relevant for your use us as a data processor if you’re based in the EU/EEA or California.

We store and process the personal data of our customers and people permitted by our client to use and operate the services for or on behalf of them while using our services. We store such data as first name, last name, email address, IP number, browser information, operating system, geolocation, payment/credit card details (and other information listed in our Privacy Policy.). We process these data only for purposes listed in the Agreement. We do not sell your data. We also store the data you and your customers inserted into our services. It allows you to have constant access to the history of your conversations and other content. You can freely decide whether you want to delete your data and content permanently from a system. If you wish to remove the data, just send us a request at, and we will delete the requested data within 30 days.

To make our services work properly, we use other third-party services. We do so to maintain our services, improve our tools, and enable and simplify their usage. If there is a necessity to give sub-processors access to a part of your data, firstly, they will gain only the necessary data enabling them to provide us with their services. Secondly, we enter into a separate agreement to make sure our sub-processors have at least the same level of protection as we do. Please note some of our sub-processors process their data outside the EU.

We are committed to complying with GDPR and accordingly to transferring personal data lawfully and with an adequate security level. This is why we work only with inspected third-party services providers. We have verified all the sub-processors we currently cooperate with. Besides the ‘location requirement’ (we cooperate mostly with companies from the EU or the US), every time before we start cooperation with a new sub-processor, we make sure it is GDPR compliant (if applicable). We also enter into agreements with our sub-processors that guarantee adequate obligations due to data protection. Only if we are sure your data will be transferred and stored securely, will we work with the provider and, if needed, apply additional measures (i.e., Standard Contractual Clauses) to transfer data in line with the GDPR.

When personal data is hosted or processed outside of the European Economic Area and the UK, GDPR requires that it remains protected by appropriate safeguards in line with EU law. We meet these requirements by implementing the appropriate safeguards required by the GDPR. Please go to International Data Transfer to get more information.

The adequacy decision for EU-US DPF reaffirms that personal data transmitted to US companies participating in the framework is held to an adequate level of protection. This means that data is able to flow safely between EU and US companies certified by the US Department of Commerce.

Text, as an active Swiss-U.S. Privacy Shield participant automatically becomes a participant in the Swiss-US Data Privacy Framework (Swiss-US DPF) and has successfully self-certified to the UK Extension to the EU-US DPF. The UK Adequacy Decision for the EU-US Data Privacy Framework was issued on October 12, 2023, so we may receive personal data from the UK and Gibraltar in reliance on the UK Extension to the EU-U.S. DPF.

However, since the Swiss-U.S. DPF have not yet received public adequacy decisions and therefore cannot be relied on for data transfers to these regions, we continue to rely on our existing Swiss-US transfer mechanisms as described in our DPA until the Swiss-U.S. DPF receives a public adequacy decision.

We will update this FAQ as soon as the Swiss-US DPF receives a public adequacy decision.


Questions about security? You are in the right place. Here you will learn where we store data, where our servers are located, how we provide security as well as to whom and in what circumstances we can share data.

Frequently Asked Questions

As a company offering its services in SaaS model we are aware that the security of our customers and their data is crucial. We treat security as a basic aspect of our business. We know that it is a matter of trust. Currently, we made sure our safeguards comply with the regulation and adjusted some new ones if necessary. More information about our technical and security measures you may find in Exhibit B of the Data Processing Addendum.

Running an external audit, fixing all found vulnerabilities, testing the implemented fix, and iterating this procedure until the issue is fixed and periodic systems scanning with tools for automatic issue recognition.

Yes, we have a DR plan; each part of the system can be restored within 24 to 48 hours (considering a complete disaster). Moreover, each instance of the whole infrastructure is multiplied, so losing a single instance will not cause the service to degrade. Provided time refers to the flood scale of the disaster.

Yes, we do have DDoS protection provided by Akamai.

Yes, we have breach detection, investigation, and internal reporting procedure in place. In case of any management incident, we are ready to react immediately to protect your data from unjustified disclosure or any other infringement.

Please contact us promptly via or chat with us on our website.

You can ask us for a copy of your data. For example, it is possible to download a copy of the data in JSON and to do that, please refer to Prepare your chat for GDPR! | LiveChat Help Center to check how you can get your data.

The application is multi-tenant, so the data for each license is accessible only to accounts assigned to the license; the person that wants access to license data, needs a corresponding login and password. This is the basic logic behind the whole application infrastructure, and it’s not possible to access other users’ data, as the access request without needed credentials will be considered an unauthorized call and denied. Also, one set of credentials (login + password) can be used for one license only.

Guidelines and Policies

Here you can find more information about our company standards, values, and general recommendations about how to use our services.