Privacy & Security at CustomBoity

At CustomBoity, your privacy and security are our top priorities. We combine Canadian compliance (PIPEDA) with HIPAA best practices (as per UChat’s standards) and enterprise-grade security measures to ensure your data is safe and respected.

Certifications

Manychat adheres to global security standards. Our security controls undergo external independent audits on an annual basis.

📄 HIPAA-style Third Party Audit

While there's no official "HIPAA certification" recognized by U.S. federal authorities, UChat undergoes independent third-party assessments mirroring HIPAA/HITECH guidelines (e.g., risk analysis, breach controls, staff training).

Learn moreLearn moreLearn more

📊 SOC 2–Type Security Controls

UChat uses a SOC 2–like control framework, aligning with AICPA's Trust Service Criteria—covering security, confidentiality, availability, processing integrity, and privacy.
Although UChat is not officially “SOC 2 certified,” it’s design tested and maintains operational controls consistent with both SOC 2 Type I/II practices.

Learn moreLearn moreLearn more

🌍 Data & Infrastructure Compliance

UChat's servers are hosted in Canada and select international data centers, all with strong data transfer safeguards in line with PIPEDA and global privacy standards.
Security measures include TLS-in-transit encryption, AES 256 at rest, vulnerability scanning, penetration testing, and annual HIPAA-style risk assessments.

Learn moreLearn moreLearn more

Cloud Security Alliance

Manychat is listed as a Trusted Cloud Provider in the Cloud Security Alliance (CSA) STAR Registry.

Learn moreLearn moreLearn more

ISO/IEC 27001

Our Information Security Management System (ISMS) has been certified against the ISO/IEC 27001:2013 standard. You can view Manychat's ISO/IEC 27001:2013 certificate here.

Learn moreLearn moreLearn more

SOC 2 Type II

Manychat is SOC 2 Type 2 compliant. If you are our customer or just considering incorporating Manychat into your organization, please contact our Support to get our SOC 2 report.

Learn moreLearn moreLearn more

Data We Collect

Account & Profile Information

Your name, email, and any optional profile details (e.g., company name).

Usage & Device Metadata

IP address, device/browser info, timestamps—only to ensure smooth service and security.

Service Interactions

Records of messages, chat flows, integration usage as needed to provide and improve our services.

How We Use It

To provide and optimize your CustomBoity experience.
To monitor and enhance security (e.g., detect threats).
To communicate service updates, billing info, or support (you can unsubscribe at any time).
To comply with legal obligations or lawful requests.

Your Data’s Fortress, Simplified

CustomBoity stores your information on encrypted servers (TLS in transit, AES-256 at rest) with SOC 2-style monitoring and HIPAA-aligned access controls. We use cookies solely to keep you signed in and improve performance—you can turn them off in your browser. Data is kept no longer than 12 months and can be erased within three business days of your request; it is never sold and is shared only with vetted service providers or when legally required. Any cross-border transfers follow PIPEDA safeguards, and our breach plan guarantees notice to users and regulators within 60 days if an incident occurs. The service is for adults (18+) and you may access, correct, or delete your data at any time by emailing privacy@customboity.com or security@customboity.com.

Q&A

What personal data do you collect?

Only what’s necessary to run the platform—primarily your name, email, workspace details, and usage logs. No extra or sensitive data is gathered without consent.

Where do you store user data?

All production data lives on encrypted cloud servers hosted in Canada. When international redundancy is required, backups are placed in PIPEDA-compliant data centers with equivalent safeguards.

Do you encrypt my data in transit and at rest?

Absolutely. We use TLS 1.3/1.2 to secure data in transit and AES-256 encryption for everything at rest.

Do you have a Bug Bounty program?

Yes. CustomBoity runs a private Bugcrowd program and welcomes responsible disclosures. Security researchers can submit findings—along with their Bugcrowd profile—through our dedicated form, and our team responds rapidly to verified issues.

How long do you retain my data?

Up to 12 months (or longer if law or an active support request requires it). After that, data is archived or wiped. You can request deletion at any time via privacy@customboity.com.

What happens if there’s a breach?

We continuously monitor and run penetration tests. Should an incident occur, we’ll alert affected users and Canadian regulators without undue delay (within 60 days max) and publish the corrective actions taken.

Is CustomBoity suitable for minors?

No—our service is for users 18 and older. If you think a minor’s data was collected, contact us and we’ll delete it promptly.

What are my PIPEDA rights?

You may access, correct, or delete your data and withdraw consent at any time—simply email us.

Still curious? Reach us at privacy@customboity.com or explore the platform risk-free—start your CustomBoity trial today!

Have more questions?Have more questions?Have more questions?

Try CustomBotify for free

Transform more conversations into sales, leads, and conversions today

Get StartedGet StartedGet Started