Privacy Policy

1. Who we are

The service is operated by Inboundless (SARL). Siège social : Technopark Casablanca, Bd Dammam, Casablanca, Maroc.
Representative: Omar El hajoui.
General inquiries: contact@inboundless.co
Data protection: privacy@inboundless.co.

2. Scope

This policy covers personal data we process as a controller (e.g. demo requests, marketing contacts, account holders) and explains how the product handles visitor data when you use Inboundless on your properties. When you are a business customer and we process your end-users' data on your behalf, we act as a processor. The Data Processing Addendum (DPA) is provided with your commercial agreement or on request. See this page.

3. Data we collect

• Website & marketing: information you submit (name, email, company), and technical data (IP address, browser type) from your visits.
• Product (dashboard users): account identifiers from our identity provider (typically email, name, organization membership), settings, and content you upload.
• End-users (your visitors): messages, optional contact details you request, session identifiers, and usage events needed to operate chat, routing, booking, analytics, and consent flows, as configured by you.
• Integrations: when you connect tools (e.g. Slack, Google Calendar, Salesforce), we process data according to the permissions you grant.

4. Purposes & legal bases (GDPR)

We process personal data to: deliver and secure the service; communicate with you; improve the product; comply with law; and, where required, with your consent (e.g. non-essential cookies on this marketing site. See Cookie Policy). Legal bases may include contract, legitimate interests (e.g. fraud prevention, product analytics in aggregate), or legal obligation. Where we rely on legitimate interests, you may object as permitted by law.

5. Sharing & subprocessors

We use trusted infrastructure and service providers to run the service. A current subprocessor list for your organization is available under contract or on request. See Subprocessors. We do not sell personal data. We may disclose information if required by law or to protect rights, safety, and integrity.

6. International transfers

Some providers are located outside the European Economic Area. Where appropriate safeguards are required, we use mechanisms such as the EU Standard Contractual Clauses. Contact us for more information.

7. Retention

We retain data only as long as needed for the purposes above, your account status, and legal requirements, including backup and dispute windows. Specific retention periods may be described in your agreement or support documentation.

8. Security

We apply technical and organizational measures appropriate to the risk (access controls, encryption in transit, vendor diligence). No system is perfectly secure; report concerns to privacy@inboundless.co.

9. Your rights (EEA / UK / similar)

You may have rights to access, rectify, erase, restrict, port, or object, and to withdraw consent where processing is consent-based. You may lodge a complaint with your supervisory authority (in France, the CNIL at cnil.fr). To exercise rights, contact privacy@inboundless.co.

10. Cookies

See our Cookie Policy for optional analytics and managing preferences.

11. Changes

We may update this policy; the "Last updated" date will change. Material changes may be communicated as appropriate.