Data Protection & GDPR

How iamaDroid complies with UK and EU data protection laws, and how we help you meet your own GDPR obligations.

Summary: iamaDroid acts as a data processor for client chatbot data and as a data controller for its own account and billing data. We process information only as instructed by our clients and provide contractual, technical, and organizational safeguards to protect personal data.

1. Legal Framework

iamaDroid complies with the UK Data Protection Act 2018, the UK GDPR, and the EU General Data Protection Regulation (EU 2016/679). These regulations govern how personal data must be collected, used, and protected.

2. Roles & Responsibilities

  • Client (You): Acts as the data controller for chatbot end-user data. You determine the purpose and means of processing.
  • iamaDroid: Acts as the data processor, processing personal data only under your documented instructions.
  • For its own site and account information, iamaDroid is a data controller.

3. Data Processing Agreement (DPA)

Our DPA forms part of your contract when you use our Service. It sets out the nature, purpose, and duration of processing, categories of data, security measures, and obligations of both parties. Enterprise clients can request a signed DPA copy by emailing support@iamadroid.com.

4. Lawful Bases for Processing

  • Contract: To provide the chatbot and agent services you request.
  • Legitimate interest: To secure and improve our platform.
  • Legal obligation: To comply with regulatory or court requirements.
  • Consent: For optional marketing or cookies, obtained separately where required.

5. Security & Technical Measures

iamaDroid employs strong technical and organizational measures including encryption in transit and at rest, role-based access, MFA for administrators, vulnerability assessments, and audit logging. Full details are available on our Security page.

6. Sub-processors

We use a small number of trusted third-party service providers (“sub-processors”) to host infrastructure and deliver limited platform services such as email delivery and analytics. Each sub-processor is bound by a written data-processing agreement ensuring GDPR-equivalent protection. We maintain an internal list of all active sub-processors and will notify clients in advance of any material changes.

Clients may request the current list at any time by emailing support@iamadroid.com.

7. Data Location & Transfers

All primary data is stored in the EEA or UK. If data is transferred outside these regions, we use Standard Contractual Clauses (SCCs) or rely on adequacy decisions approved by the European Commission or UK Government.

8. Data Subject Rights

End-users of client chatbots should contact the website owner (data controller) to exercise GDPR rights. If we receive a request directly, we will notify the relevant client and assist them in fulfilling it.

9. Breach Notification

In the event of a data breach affecting client data, iamaDroid will notify the client without undue delay and cooperate fully in any required investigation or notification process.

10. Data Protection Officer (DPO)

We have appointed a DPO to oversee compliance. Contact: support@iamadroid.com

11. Contact & Complaints

Questions or complaints about data protection can be sent to our DPO above. In the UK, you may also contact the Information Commissioner’s Office (ICO): ico.org.uk

Effective date: 3 November 2025