Drift has aligned our policies and practices with the General Data Protection Regulation (GDPR). This page provides a high level summary. Please contact your CSM or email@example.com with any questions.
Drift, as a Data Processor, collects and stores a minimum of Personal Data only as instructed by our Customer, the Data Controller, for the purposes of delivering the Drift Services.
This page will cover:
Looking for more information? Here are some reference pages:
Scope: Drift collects, processes and stores Personal Data about people who chat with the Customer via Drift or who reply to the Customer’s email marketing campaigns, only as directed by the Customer. Drift does not sell any Contact Data collected on behalf of the Customer or market Drift Services to the Customer’s site visitors.
Categories of Data Subjects:
Categories of Personal Data:
Customer employees if the Customer is routing the chats to them after bot qualification)
*Drift will only use the IP address for data enrichment, i.e. to determine if it is associated with a business and then give you additional information re: that business such as industry and # of employees).
You can configure Drift to collect consents via chat prior to collecting email address or additional personal data.
Drift is able to read the consent flag passed from your Consent Management Platform (CMP) and act accordingly.Appropriate Safeguards.
Per Article 32 of the GDPR, we have in place appropriate technical and organizational measures to keep your data secure. All data is securely stored in Amazon Web Services. Please visit our Security Page for additional information on how we keep your data secure.Contracts
We have in place the appropriate Data Processing Agreements (DPAs) with all vendors and sub-processors that process data on our behalf. Check out the Sub-processor section below for more information on how we vet and contract with our sub-processors.Honoring Data Subject Rights.
We have processes in place to honor data subject requests. Drift will export, correct, or delete Contact Data upon request by the Customer. If we receive a request directly from a Data Subject, we will work with the Customer to honor the request.
Some important notes on sub-processors:
Here is a list of our sub-processors:
|Subprocessor||Description of Service|
|Amazon Web Services, Inc||Cloud Infrastructure|
|Clearbit API, Inc.||Data Enrichment|
|Message Systems, Inc. (dba Sparkpost)||Email delivery services|
|Sendgrid, Inc.||Email delivery services|
By entering your email below, you agree that we may send you emails about Drift's upcoming services and promotions. Is this okay with you? You may unsubscribe at any time.