ManyChat Help Portal
Submit a ticket

Managing User Data / GDPR Compliance

ManyChat is committed to providing a safe, conversational, and magical experience for everybody who interacts with our Messenger experiences. Complying with GDPR is not only the best thing to do for all of our businesses; it’s also the right thing to do. Please check our Blog Post to learn more about GDPR: https://blog.manychat.com/gdpr-manychat-updates/

As your contacts must be able to easily send you a request to download, change, and even completely remove all their personal data from your ManyChat account, we developed a set of tools which will help you comply with this important data privacy law. 

Go to Contacts Section and find the contact by their name. Use context menu (3 dots in the upper-right corner) to open the drop-down menu as shown below. You'll see 3 options that allow you to manage their data: Unsubscribe from bot, Download Contact Data, and Delete Contact Data).

Unsubscribe from bot

Allows you to unsubscribe a particular contact without deleting their personal information — you'll be able to see everything including Tags and Custom User Fields values.

Download Contact Data

If any of your contacts request a copy of their data, you’re quickly and easily able to send it to them in a format fully compliant with GDPR law. You'll get the file in .json format with all the information inside.

Delete Contact Data

In case you get a request from your contact (or an auditor) to delete any particular contact’s PII from the system, you’re now able to manually delete their record entirely from the ManyChat account without affecting your bot stats. 

Deleted data can include Facebook profile information, any custom fields, tags, email addresses, phone numbers, and even their LiveChat discussions with your Facebook page Messenger.

Keep in mind that full Messenger chat history will still be stored by Facebook in your “Page Inbox”, and in the subscriber’s Messenger. Our tools will only cover ManyChat (not the Facebook page itself), so you’ll need to take any further action in Page Inbox or in the subscriber’s Messenger on your own.

You cannot undo this action so you'll have to type in the verification word to remove it completely.

As soon as you delete the data, this contact will show up as Unknown with "deleted" status. All their information will be wiped out.

Other Important Notes

– The communication between ManyChat and Page subscribers is performed via Facebook Send API https://developers.facebook.com/docs/messenger-platform/reference/send-api/ ManyChat <-> Facebook API is transferred via HTTPS, but it is not end-to-end encrypted if we consider it as the communication between the bot built on top of ManyChat and the individual's mobile device. (End-to-end encryption means that only sender and receiver directly establish encryption and only they can read messages but in this case, Facebook can read the messages too)

– Page access token is obtained via Facebook API using Individual user's token (the admin who logs in to ManyChat) https://developers.facebook.com/docs/pages/access-tokens 

– ManyChat handling of data is described here https://manychat.com/privacy.html, https://manychat.com/tos.html and specifically here http://dpa.manychat.com/