GDPR Compliance

Last updated: February 1, 2026

Our Commitment

Texting Blue is committed to full compliance with the General Data Protection Regulation (GDPR). We have implemented comprehensive technical and organizational measures to protect the personal data of our users in the European Economic Area (EEA), the United Kingdom, and Switzerland.

Data Controller and Processor

When you use Texting Blue, you act as the Data Controller for the messages and contact data processed through our platform. Texting Blue Inc. acts as a Data Processor on your behalf, processing data only according to your instructions and as necessary to provide the Service.

Legal Basis for Processing

We process personal data under the following legal bases:

  • Contract performance: Processing necessary to deliver the Service you have subscribed to
  • Legitimate interest: Processing for fraud prevention, security, and service improvement
  • Legal obligation: Processing required by applicable laws and regulations
  • Consent: Processing based on your explicit consent, such as marketing communications

Your GDPR Rights

As a data subject under the GDPR, you have the following rights:

Right of Access (Article 15)

You can request a copy of all personal data we hold about you. We will respond within 30 days.

Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete personal data.

Right to Erasure (Article 17)

You can request deletion of your personal data when it is no longer necessary for the purposes it was collected.

Right to Restrict Processing (Article 18)

You can request that we limit the processing of your personal data under certain conditions.

Right to Data Portability (Article 20)

You can request your data in a structured, machine-readable format for transfer to another service.

Right to Object (Article 21)

You can object to processing based on legitimate interest or for direct marketing purposes.

Data Protection Measures

Encryption

All data encrypted with TLS 1.3 in transit and AES-256 at rest.

Access Controls

Role-based access with multi-factor authentication for all team members.

Audit Logging

Comprehensive logging of data access and processing activities.

Incident Response

Documented breach notification procedures within 72 hours as required by GDPR Article 33.

International Data Transfers

When personal data is transferred outside the EEA, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection. We also conduct Transfer Impact Assessments as required.

Data Processing Agreement

We offer a Data Processing Agreement (DPA) to all customers who require one for GDPR compliance. The DPA outlines our obligations as a data processor, including sub-processor management, data security measures, and breach notification procedures. Contact us to request a signed DPA.

Sub-processors

We use a limited number of sub-processors to deliver the Service. We maintain an up-to-date list of sub-processors and will notify you before adding new ones, giving you the opportunity to object.

Contact Our Data Protection Team

For GDPR-related inquiries, data subject requests, or to request a DPA, contact our Data Protection team:

Email: privacy@texting.blue

Response time: Within 30 days of receiving your request

You also have the right to lodge a complaint with your local data protection authority if you believe your rights under the GDPR have been violated.