Legal

Data & GDPR

Last updated: 15 June 2026

This page explains how Ulbry handles personal data under the EU General Data Protection Regulation (GDPR), the UK GDPR, and similar laws. It supplements our Privacy Policy.

1. Our role: controller and processor

For our website, marketing, and our direct relationship with you, Ulbry is a data controller. When you use Ulbry to message your own customers, you are the controller of those conversations and Ulbry is a processor acting on your documented instructions under a Data Processing Agreement (DPA).

2. Lawful bases for processing

3. Your rights

Subject to applicable law, you have the right to:

To exercise any of these, email hello@ulbry.com. We will respond within the timeframes required by law. If you are an end-customer of a business that uses Ulbry, please contact that business (the controller) first.

4. What we process and why

DataPurposeBasis
Account & contact detailsProvide and support the ServiceContract
Conversation & contact data (your customers)Operate the Service on your behalfProcessor — per DPA
Usage & technical dataSecurity and improvementLegitimate interests
Marketing dataCommunications you opted intoConsent
Website analytics & advertisingMeasure traffic, campaigns, and ad performance (Google, Meta)Consent

5. Subprocessors & third parties

We use vetted subprocessors and third parties bound by data-protection terms, including hosting and infrastructure, AI model providers, and analytics and advertising partners such as PostHog, Google (Analytics and Ads) and Meta (Facebook Pixel). These partners may receive website usage and event data and process it under their own terms. A current list is available on request at hello@ulbry.com.

6. International transfers

Where personal data is transferred outside the EEA or UK, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses (and the UK Addendum), together with supplementary measures where needed.

7. Data retention

We retain personal data only as long as necessary for the purposes described, or as required by law, after which it is deleted or anonymised. Conversation data follows your account settings and our agreement with you.

8. Data Processing Agreement (DPA)

Business customers can enter into our DPA, which sets out the subject matter, duration, nature, and purpose of processing, the types of data and data subjects, and our obligations as processor. Request a copy at hello@ulbry.com.

9. Data-protection contact

For all data-protection matters, including any request relating to your personal data, contact us at hello@ulbry.com. We have not appointed a separate Article 27 representative.

10. Contact

For any data-protection question or request, email hello@ulbry.com.