A Fully Customizable, GDPR-Compliant Privacy Policy for You and Your Clients
What This Privacy Policy Covers
This policy clearly explains how personal data is collected, used, stored, and safeguarded across your white-labeled platform. It includes all key GDPR components, such as:
✅ Your agency’s role as the Data Controller
📋 A breakdown of what data is collected and why
⚖️ The legal basis for each data processing activity
🔗 A list of third-party services involved (e.g. Stripe, Bird, Google, Meta)
🕒 Data retention periods and user rights (access, deletion, etc.)
🔐 Security measures used to protect user information
This ensures transparency, trust, and legal protection for your business and your users.
How to Use This Document
1. Fill in your agency’s details
Replace all placeholders like [Agency Name], [Agency Address], and [Agency Email] with your actual business information.
2. Publish it on your platform Upload your finalized policy in a visible location—such as the footer of your SaaS dashboard or the onboarding/signup page.
3. Share it with clients when needed If local businesses or users ask about data privacy, you’ll have a professional, compliant document ready to share.
4. Keep it up to date Revisit and revise the policy whenever your data practices, tools, or providers change (e.g. adding new integrations or features).
Where to Display the Policy
To ensure legal compliance and user trust, we recommend placing the Privacy Policy in the following locations:
In the footer of your white-label SaaS platform
Linked during user onboarding or account creation
Included as part of your GDPR Agency Kit, in PDF or Word format
Copy This Template
Ready for you to customize and publish under your agency’s brand.
This document is specifically crafted for marketing agencies reselling DropSaaS as a white-label platform. It’s fully aligned with GDPR requirements and written to help protect both your agency (as the Data Controller) and your local business clients.
Privacy Policy
White-Label GDPR-Compliant Privacy Policy Template Effective Date: [Insert Date]
Data Controller
This Privacy Policy applies to the processing of personal data by [Agency Name], with registered office at [Agency Address] and contactable via [Agency Email], in its role as data controller for the white-labeled software platform made available to local business users.
Personal Data Collected
We collect and process the following types of personal data:
Email address and business information during registration
Authentication data for login via magic link
Phone numbers uploaded for SMS campaigns
Content and metadata of messages sent or received via SMS or chat
Interaction data with integrations (e.g., social posts, business listings, reviews)
Technical data (IP address, device type, browser info)
Support requests submitted through the platform
Legal Bases and Purposes of Processing
Your data is processed for the following purposes under GDPR lawful bases:
Account creation and access: Contractual necessity
SMS campaign delivery: Consent (confirmed via checkbox in-app)
Review requests and chat: Consent
Business listing and social media integrations: Consent / Contractual necessity
Analytics and troubleshooting: Legitimate interest
Marketing communications: Consent or Legitimate interest
Data Recipients and Sub-processors
Your data may be shared with authorized service providers (sub-processors), including:
Hosting and database infrastructure providers
SMS delivery providers (e.g., third-party SMS APIs)
Social media and business integration providers (e.g., Meta, Google)
Payment processors (if applicable)
Technical support and infrastructure partners All sub-processors are contractually bound to comply with GDPR and act only under our instructions.
International Data Transfers
Where data is transferred outside the European Economic Area (EEA), we ensure adequate protection through mechanisms such as Standard Contractual Clauses (SCCs).
Data Retention
We retain personal data for as long as your account is active. Upon account deactivation or at your request, data is securely deleted within a maximum of 12 months, unless required by applicable law to retain it longer.
User Rights
Under the GDPR, you have the right to:
Access your data
Correct or update your data
Request deletion of your data ('right to be forgotten')
Restrict or object to processing
Request data portability
Withdraw consent at any time To exercise your rights, contact us at [Agency Email].
Security Measures
We implement appropriate technical and organizational measures to ensure data security, including:
Encrypted communications (HTTPS)
Login via expiring magic link
Role-based access controls
Access logs and monitoring
Regular platform updates and infrastructure hardening
Cookies and Tracking
The platform does not use cookies, analytics tools, or any client-side tracking technologies. All interactions require authentication and take place in a secure environment.
Data Collection Limitations
We do not collect personal data from public sources or through third-party tracking. All data processed through the platform is submitted voluntarily by the user or via manual upload.
Changes to this Privacy Policy
This Privacy Policy may be updated to reflect legal, operational, or technological changes. We will notify users of significant changes via in-app notification or email. The latest version is always accessible from the platform.
Contact
If you have questions regarding this Privacy Policy or your data, please contact: [Agency Name]
Email: [Agency Email]