Privacy Policy

Last Updated: January 18, 2026

1. Who We Are

DMLY (“we”, “us”, “our”) is a product operated by OnlySocial LTD, registered in the United Kingdom.

Controller Contact: [email protected]
Website: https://dmly.io

2. Information We Collect

2.1 Information You Provide

We may collect information you provide such as:

  • Full name
  • Email address
  • Phone number
  • Business/organization name
  • Account credentials
  • Billing/subscription information
  • Support communications
  • Message templates, automation rules, and content you upload

2.2 Information Collected Automatically

We may automatically collect:

  • IP address
  • Device/browser type
  • Operating system
  • Log data and timestamps
  • Usage activity and feature interactions
  • Cookies and similar tracking technologies

2.3 Data from Connected Platforms

When you connect third-party platforms, we may process data permitted by those platforms, including:

  • WhatsApp Business account details
  • Facebook Pages and Messenger data
  • Instagram professional account and messaging data
  • Telegram bot and chat metadata
  • Contact identifiers, tags, notes, and conversation events
  • Message delivery and interaction metrics

We only access data explicitly authorized by you and allowed under each platform’s policies.

3. How We Use Your Data

We use your information to:

  • Provide and operate the DMLY platform
  • Enable omnichannel messaging automation
  • Deliver AI-powered responses and workflows
  • Process payments and subscriptions
  • Authenticate users and secure accounts
  • Improve performance, reliability, and features
  • Provide support and service communications
  • Comply with legal and regulatory obligations

4. Controller vs Processor (Important)

Depending on how you use DMLY, OnlySocial LTD may act as:

  • Data Controller for account, billing, and platform usage data
  • Data Processor for messages, contacts, and conversations you process through DMLY on behalf of your end-users

Where we act as Processor, you remain the Controller of end-user data and we process it only on your documented instructions.

5. Messaging Platform Compliance

DMLY is designed to comply with:

  • WhatsApp Business Platform policies
  • Meta Platform Policies (Messenger, Instagram)
  • Telegram Bot API policies

We do not:

  • Sell message content or contact data
  • Use messaging data for advertising
  • Access private messages without authorization
  • Initiate messages outside your configured automations

You are responsible for lawful opt-in/consent and compliance with applicable laws and platform requirements.

6. Payments & Billing

Payments are processed securely by Stripe and other supported payment providers.

DMLY does not store full card numbers or CVV codes. Billing data retained may include transaction IDs, subscription plan, payment status, invoices, and receipts.

7. AI & Automated Processing

DMLY uses AI services (including OpenAI) to provide features such as AI-generated replies and automation assistance.

Key principles:

  • Data is processed only to provide requested functionality
  • Your private data is not used to train public AI models
  • We do not use your data for advertising or profiling
  • Avoid submitting highly sensitive data into automated flows

8. Cookies & Tracking Technologies

We use cookies to:

  • Maintain secure sessions
  • Remember preferences
  • Analyze platform performance
  • Improve user experience

You can manage cookies via your browser settings. Some features may not work correctly without cookies.

9. Data Sharing & Disclosure

We may share data only with:

  • Cloud hosting and infrastructure providers
  • Messaging platform APIs you connect (Meta, Telegram)
  • Payment processors (e.g., Stripe)
  • AI providers (e.g., OpenAI)
  • Monitoring/analytics services
  • Authorities when required by law

We never sell personal data.

10. Security

We apply industry-standard safeguards including encryption in transit, access controls, and monitoring. No method of transmission or storage is 100% secure.

11. Retention & Deletion

We retain data while your account is active and as needed to provide services and meet legal obligations.

You can request data deletion from your dashboard. We will delete or anonymize data unless retention is legally required.

12. Your Rights (UK GDPR, EU GDPR, CCPA/CPRA)

Depending on your location, you may have rights to:

  • Access and correct data
  • Request deletion
  • Restrict or object to processing
  • Export your data
  • Withdraw consent

Requests: [email protected]

13. International Data Transfers

We may process/store data in the UK, EU, US, and other regions where providers operate. Appropriate safeguards are applied for international transfers.

14. Children’s Privacy

DMLY is not intended for individuals under 18. We do not knowingly collect data from minors.

15. Changes to This Policy

We may update this policy periodically. Material changes may be communicated via email or platform notices. Continued use constitutes acceptance.

16. Contact

OnlySocial LTD (DMLY)
Email: [email protected]
Website: https://dmly.io

Data Processing Agreement (DPA)

This DPA forms part of the agreement between:

  • Customer (Controller): The business using DMLY
  • OnlySocial LTD (Processor): Operator of DMLY

1. Scope and Roles

The Customer is the Controller of end-user Personal Data. OnlySocial LTD is the Processor when processing Customer Data on the Customer’s behalf.

2. Processing Details

OnlySocial LTD processes Personal Data to provide the Services, including omnichannel messaging automation, workflow execution, analytics, routing, and support.

3. Types of Data and Data Subjects

Data Types: names, phone numbers, emails, messages, metadata, tags, notes, automation variables.
Data Subjects: Customer’s users, clients, leads, and contacts.

4. Customer Responsibilities

Customer warrants it has lawful basis, required notices, and opt-ins/consents for collecting and using end-user data and sending messages via connected channels.

5. Processor Obligations

OnlySocial LTD will:

  • Process data only on documented instructions
  • Maintain confidentiality and security controls
  • Support data subject requests as applicable
  • Notify Customer of personal data breaches without undue delay
  • Not sell or monetize Customer Data

6. Sub-processors

Customer authorizes the use of sub-processors such as cloud infrastructure, messaging platforms, payment processors, AI providers, and analytics/monitoring vendors. Sub-processors are bound by confidentiality and data protection obligations.

7. International Transfers

Where transfers occur outside the UK/EEA, appropriate safeguards are applied.

8. Retention and Deletion

Upon account termination or deletion request, Customer Data will be deleted or anonymized unless legally required.

9. Audit and Compliance

OnlySocial LTD will make reasonable information available to demonstrate compliance upon request.

10. Governing Law

This DPA is governed by the laws of England and Wales.

Meta / WhatsApp Privacy Addendum

This addendum supplements the Privacy Policy and DPA for Customers using Meta channels, including:

  • WhatsApp Business Platform
  • Facebook Messenger
  • Instagram Messaging

1. Data Ownership

Message content and contact data remain the Customer’s data. OnlySocial LTD processes this data solely to provide the Services.

2. Customer Responsibilities (Meta Requirements)

Customer agrees to:

  • Obtain lawful opt-in/consent from end-users
  • Provide appropriate privacy notices
  • Honor opt-out requests
  • Comply with WhatsApp and Meta Platform Policies and applicable laws

3. Message Initiation and Automation

OnlySocial LTD does not independently initiate messages. Automations are configured and controlled by the Customer.

4. WhatsApp Processing

Messages may be processed for delivery, automation, analytics, and (if enabled) AI-assisted responses. Data is not used for advertising or profiling.

5. AI Processing

If AI features are enabled, message content may be processed by AI providers (e.g., OpenAI) to generate responses. Data is not used to train public AI models.

6. Enforcement

Violations of Meta/WhatsApp policies may result in restriction, suspension, or termination of messaging features.

7. Order of Precedence

If there is a conflict:

  1. Meta/WhatsApp policies
  2. This Addendum
  3. DPA
  4. Privacy Policy
  5. Terms of Service
Products
Features
Company
Resources

© 2025 DMLY. All rights reserved.