lock icon

Privacy & Security at Manychat

Protection of customer data has always been our top priority. We build our platform using security and privacy best practices to ensure your data is safe.

Certifications

Manychat adheres to global security standards. Our security controls undergo external independent audits on an annual basis.

Cloud Security Alliance logo

Cloud Security Alliance

Manychat is listed as a Trusted Cloud Provider in the Cloud Security Alliance (CSA) STAR Registry.

Learn more
ISO/IEC 27001 logo

ISO/IEC 27001

Our Information Security Management System (ISMS) has been certified against the ISO/IEC 27001:2013 standard. You can view Manychat's ISO/IEC 27001:2013 certificate here.

Learn more
SOC 2 Type II logo

SOC 2 Type II

Manychat is SOC 2 Type 2 compliant. If you are our customer or just considering incorporating Manychat into your organization, please contact our Support to get our SOC 2 report.

Learn more
Cloud Security Alliance logo

Cloud Security Alliance

Manychat is listed as a Trusted Cloud Provider in the Cloud Security Alliance (CSA) STAR Registry.

Learn more
ISO/IEC 27001 logo

ISO/IEC 27001

Our Information Security Management System (ISMS) has been certified against the ISO/IEC 27001:2013 standard. You can view Manychat's ISO/IEC 27001:2013 certificate here.

Learn more
SOC 2 Type II logo

SOC 2 Type II

Manychat is SOC 2 Type 2 compliant. If you are our customer or just considering incorporating Manychat into your organization, please contact our Support to get our SOC 2 report.

Learn more

Official Meta Partner

As an official Meta Business Partner, Manychat complies with Meta's security policies and guidelines, including Meta Platform data security requirements and Data Use Policy. As part of the Meta Business Partner requirements, we go through periodic Data Use Checkups and Meta compliance audits.

Meta partner badge

Data privacy

We are committed to providing a high standard of privacy protection in compliance with international regulatory requirements.

General Data Protection Regulation (GDPR) logo

General Data Protection Regulation (GDPR)

GDPR regulates the use of EU residents’ personal data.

California Consumer Privacy Act (CCPA) logo

California Consumer Privacy Act (CCPA)

CCPA secures privacy rights and sets consumer protection practices for California residents. Manychat is committed to working with you to fulfill any CCPA requirements.

Privacy Policy logo

Privacy Policy

Our Privacy Policy and Data Processing Agreement (DPA) are aligned with GDPR and other privacy-related regulations.


Our security practices

Data protectionopen
Data protection
Security controls
Disaster recovery
icon

In transit


All data transmitted between your browser and Manychat is done so using strong encryption protocols. We support the latest recommended secure cipher suites to encrypt all traffic in transit, including use of TLS 1.2 protocols, AES256 encryption, and SHA2 hash functions, whenever supported by the clients.

icon

At rest


Customer data at rest in Manychat’s production network is encrypted using FIPS 140-2 compliant encryption standards, which applies to all types of data at rest within Manychat’s systems—relational databases, file drives, backups, etc. Access to the secrets management system is authorized only for a small number IT infrastructure engineers.

icon

Access


We manage access based on a "Need to know" and "Least privilege" principles. Our team members are only authorized to access data that they reasonably must handle in order to fulfill their current job responsibilities.

icon

Vulnerability


We perform automated and manual application and infrastructure security testing to identify and patch potential security vulnerabilities. We also engage independent service providers to perform external penetration tests to assess the potential system security threats on an annual basis, at minimum.

icon

Regular backups


User data is backed up continuously and encrypted. No matter what happens, your work will stay safe. There are also daily backups of the entire database that are stored separately from the main data center.

icon

Incident response


We have incident handling policies and procedures to address service availability, integrity, security, privacy, and confidentiality issues. You can check our uptime and availability status at status.manychat.com.

Security FAQ

Where do you store user data?

Do you encrypt my data in transit and at rest?

Do you have a Bug Bounty program?

Have more questions?

Try Manychat for free

Transform more conversations into sales, leads, and conversions today

Get Started