ManyChat Help Portal
Submit a ticket

Managing User Data / GDPR Compliance

ManyChat is committed to providing a safe environment for anyone who interacts with our messaging and email experiences across all channels: Facebook Messenger, Instagram DM, WhatsApp, Telegram, SMS, and email. Complying with the European Union's General Data Protection Regulation (GDPR) establishes trust with our ManyChat community, and improves managing user data and data security. Learn more about GDPR 

Our tools will help you comply with this important data privacy law. Your contacts can easily send a request to download, change, and remove all their personal data from your ManyChat account. 

Go to Contacts Section and find the contact by their name. Use the context menu (3 dots in the upper-right corner) to open the drop-down menu as shown below. Select from the following four options to manage their data: Unsubscribe from bot, Unsubscribe from Email, Download Contact Data, and Delete Contact Data.

Unsubscribe from bot

Allows you to unsubscribe a particular contact without deleting their personal information — you'll be able to see everything including Tags and Custom User Fields values.

Download Contact Data

If your contacts want a copy of their data, you can quickly send a format that's fully compliant with GDPR law, such as a .json file containing all their information.


Delete Contact Data

If your contact (or an auditor) wants to delete any particular contact’s Personable Identifiable Information (PII) from the system, just delete their record entirely from the ManyChat account. This action won't affect your bot stats. 

Deleted data can include Facebook profile information, any custom fields, tags, email addresses, phone numbers, and even their Live Chat discussions with your Facebook Messenger, IG, WhatsApp, or Telegram.

Keep in mind that full Messenger chat history will still be stored by Facebook in your “Page Inbox”, and in the subscriber’s Messenger. Our tools will only cover ManyChat (not the Facebook page itself), so you’ll need to take any further action in Page Inbox or in the subscriber’s Messenger on your own.

You can't undo this action. To remove it completely, type the verification word.

As soon as you delete the data, this contact will show up as Unknown with the "deleted" status. All their information will be permanently removed.

Other Important Notes

– The communication between ManyChat and Page subscribers is performed via Facebook Send API https://developers.facebook.com/docs/messenger-platform/reference/send-api/ ManyChat <-> Facebook API is transferred via HTTPS, but it is not end-to-end encrypted if we consider it as the communication between the bot built on top of ManyChat and the individual's mobile device. (End-to-end encryption means that only sender and receiver directly establish encryption and only they can read messages but in this case, Facebook can read the messages too)

– Page access token is obtained via Facebook API using an Individual user's token (the admin who logs in to ManyChat) https://developers.facebook.com/docs/pages/access-tokens 

– ManyChat handling of data is described here https://manychat.com/privacy.html, https://manychat.com/tos.html, and specifically here http://dpa.manychat.com/