Privacy Policy

Last updated: June 2026

At DMStack, we build tools that help businesses talk to their customers — through live chat, AI chatbots, WhatsApp, Telegram, Facebook Messenger, and video calls, all from one dashboard. None of that works without handling some personal information, so we’d rather be upfront about exactly what we collect, why we collect it, and what control you have over it, than bury it in legal language nobody reads.

This Privacy Policy explains how DM Stack (“DMStack,” “we,” “us”) collects, uses, shares, and protects information when you visit dmstack.io, sign up for a DMStack account, use our dashboard or apps, or interact with a chat widget that a business has installed using DMStack. We call all of this the “Service.”

We work with two kinds of people: Customers — businesses that create a DMStack account to manage their conversations — and Visitors — the people who chat with those businesses through a DMStack-powered widget. This policy covers both, and we’ve tried to flag which parts apply to whom.

1. Information We Collect

Account and billing information

When a business signs up for DMStack, we collect the name, work email, and password used to create the account, along with company name, team member details for anyone invited to the workspace, and billing information for paid plans. We don’t store full card numbers ourselves — payments are handled by a third-party payment processor that meets industry security standards.

Conversation and messaging data

This is the heart of what DMStack does, so it’s worth spelling out. When a visitor chats with a business through the widget, or through a connected channel like WhatsApp, Telegram, or Facebook Messenger, we store the messages, attachments, and any contact details the visitor shares (such as a name, email, or phone number typed into the chat). If a conversation is escalated to video, we collect basic call metadata — when it started, how long it lasted, and who was on it — but we do not record video calls unless the business has specifically turned recording on for their workspace.

If a business builds an AI chatbot using our flow builder, the messages a visitor sends may be processed by our AI systems (or, in some cases, a third-party AI provider we work with) to generate a relevant response. We don’t use this conversation content to train AI models for other customers.

Visitor and device information

To make conversations more useful for the businesses we serve, we automatically collect some technical information about visitors arriving at a website that uses DMStack: IP address, approximate location derived from that IP, browser and device type, the page being viewed, and the referral source (for example, a search engine, an ad, or a shared link). This is the “live visitor intelligence” feature shown in the DMStack dashboard.

Information from cookies and similar technologies

We use cookies and similar technologies on dmstack.io and within the chat widget to keep you logged in, remember your preferences, detect your browser’s language for our multilingual widget, and understand how our Service is used. See Section 4 for more detail.

Integration data

If a Customer connects DMStack to another tool — a CRM, helpdesk, email platform, or one of the 50+ integrations we support — information may flow between DMStack and that tool based on how the integration is configured. We only access what’s needed to make the integration work, and the Customer controls which integrations are turned on.

How We Use Information

  • To operate the Service — routing chats to the right agent, powering AI chatbots, syncing the unified inbox, and keeping conversation history available
  • To detect a visitor’s language and serve the chat widget accordingly
  • To manage accounts, process payments, and provide customer support
  • To monitor, secure, and troubleshoot the Service, including detecting fraud, spam, and abuse
  • To improve existing features and build new ones, often using aggregated or de-identified usage data
  • To send service updates, and — only with your consent or where permitted — product news and marketing
  • To comply with legal obligations and enforce our Terms & Conditions

Live Chat, AI Chatbots & Messaging Channels

Because DMStack connects to outside platforms, it’s worth understanding how data moves once a conversation leaves our dashboard:

  • WhatsApp, Telegram, and Facebook Messenger: when a visitor messages a business through one of these channels, the message also passes through that platform’s own systems and is subject to its privacy policy, in addition to ours.
  • AI chatbots: automated replies are generated based on the conversation content and any flow a business has built. Businesses can choose what an AI bot is allowed to ask for and how conversations are handed off to a human agent.
  • Conversation storage: we apply encryption to protect stored conversation data, and access is limited to the Customer’s own team and the DMStack staff who need it to operate or support the Service.

If you’re chatting with a business and don’t want a conversation stored or shared with an AI system, the most reliable option is to ask that business directly — as the account holder, they control their own workspace settings.

Cookies & Tracking Technologies

We use a few categories of cookies and similar tools:

  • Essential cookies — keep you logged in and let the chat widget function; the Service won’t work properly without these
  • Functional cookies — remember settings like language preference or widget position
  • Analytics cookies — help us understand aggregate usage patterns (for example, via Google Tag Manager) so we can improve the Service

Most browsers let you block or delete cookies through their settings, and where required by law we’ll show a cookie banner so you can choose your preferences before non-essential cookies are set. Blocking essential cookies may stop parts of the Service, including the chat widget itself, from working correctly. Some browsers also send a “Do Not Track” signal; because there’s no single accepted standard for how websites should respond to it yet, DMStack does not currently change its behavior based on that signal.

How We Share Information

We don’t sell personal information. We do share it in these situations:

  • With the business you’re chatting with — since they’re the ones using DMStack to manage their conversations, visitor and conversation data belongs to them as much as to us
  • With service providers who help us run DMStack, bound by contracts that limit how they can use the data
  • With connected third-party platforms (WhatsApp, Telegram, Messenger, video, and other integrations a Customer enables), as needed to deliver the relevant channel
  • When required by law, to respond to a valid legal request, or to protect the rights, safety, or property of DMStack, our customers, or the public
  • In connection with a merger, acquisition, financing, or sale of assets, in which case we’d make reasonable efforts to notify affected users

The categories of service providers we typically work with include:

  • Cloud hosting and infrastructure providers, to store data and run the Service
  • Payment processors, to handle billing for paid plans
  • Email and notification delivery services, to send account and product communications
  • Customer support and helpdesk tools, to manage support requests
  • Product analytics tools, to understand aggregate usage and improve the Service
  • AI/ML providers that help power chatbot response generation, where applicable

We keep a current list of sub-processors available on request — email hello@dmstack.io if you’d like the specifics for your account.

External Links

Our website, blog, and chat widget may occasionally link out to third-party websites or content. We don’t control those sites and aren’t responsible for their privacy practices, so we’d encourage you to review the privacy policy of any site you visit after leaving dmstack.io.

Data Security

We use encryption in transit and at rest, access controls limiting who on our team can view stored data, and routine monitoring to help keep information safe. That said, no online service can guarantee perfect security, and we encourage Customers to use strong, unique passwords and enable any additional account protections we offer.

Data Retention

How long we keep conversation history generally follows the plan a Customer is on — for example, our published plans currently reference 60 days of history on the Free plan, up to 1 year on the Standard plan, and up to 3 years on higher-tier plans, though exact terms may change and are confirmed at sign-up. Account information is kept for as long as an account stays active, plus a reasonable period afterward for legal, accounting, or security purposes. You can request earlier deletion as described in Section 8.

Your Privacy Rights

Depending on where you’re located, you may have rights to:

  • Access the personal information we hold about you
  • Correct inaccurate or incomplete information
  • Request deletion of your personal information
  • Receive a copy of your data in a portable format
  • Object to, or ask us to restrict, certain processing
  • Withdraw consent at any time, where processing is based on consent
  • Opt out of marketing emails using the unsubscribe link in any message

If you’re in the European Economic Area, UK, or Switzerland, these rights are generally provided under GDPR. If you’re a California resident, similar rights are available under the CCPA/CPRA, including the right to know what categories of information we collect and to request deletion. To exercise any of these rights, email us at hello@dmstack.io — we’ll respond within the timeframe required by applicable law.

International Data Transfers

DMStack is based in Boston, Massachusetts, and the information we collect may be stored and processed in the United States or other countries where we or our service providers operate. Where required, we use appropriate safeguards — such as standard contractual clauses — to protect information transferred internationally.

Children’s Privacy

DMStack is intended for business use and is not directed at children. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us with personal information, please contact us so we can remove it.

If You’re Chatting With a Business That Uses DMStack

If you’ve messaged a business through a DMStack-powered widget or one of the connected channels, that business is generally the data controller for your conversation, and DMStack acts as their service provider. For questions about how your specific conversation data is used, the fastest path is usually to contact that business directly. You’re welcome to also reach out to us at hello@dmstack.io if you have questions about DMStack’s role.

Changes to This Policy

We may update this Privacy Policy from time to time as our Service, or applicable laws, change. If we make material changes, we’ll update the “Last updated” date above and, where appropriate, notify Customers directly. We encourage you to review this page periodically.

Contact Us

If you have questions about this Privacy Policy or how DMStack handles your information, reach out to us:

  • Email: hello@dmstack.io
  • Address: Boston, MA 02110, United States