Lazychat.io, hereinafter referred to as “Lazychat,” “we,” “our,” or “us,” offers a global Software-as-a-Service platform dedicated to conversational commerce, chat automation, and associated analytics. Safeguarding the confidentiality, integrity, and availability of all Personal Data entrusted to us is intrinsic to our corporate mission. This Privacy and Data Protection Policy (“Policy”) therefore explains, in a transparent and exhaustive manner, the principles and procedures through which we collect, process, retain, disclose, and protect information. The Policy reflects the requirements of the General Data Protection Regulation (EU) 2016/679, the California Consumer Privacy Act as amended by the California Privacy Rights Act, ISO/IEC 27001:2022, and all other relevant federal, state, and international privacy statutes and recognised industry standards. By accessing or utilising any component of the Lazychat platform, its websites, or its administrator portals (collectively, the “Services”), you acknowledge that you have read, understood, and accepted the practices articulated herein.
For the purposes of this Policy, the expression “Personal Data” designates any information that directly or indirectly identifies a natural person, as set forth in Article 4(1) of the GDPR or in analogous legislation. The term “Processing” encompasses every conceivable operation performed upon Personal Data, including but not limited to collection, storage, transmission, or erasure. The “Controller” is the natural or legal person that determines the purposes and means of Processing; in our commercial context this role is ordinarily fulfilled by our business-to-business Clients. Lazychat acts as “Processor” whenever we perform Processing on behalf of such a Controller. A “Sub-processor” is any third-party entity that Lazychat authorises to process Personal Data under a written agreement. The term “Client” denotes a corporate subscriber to Lazychat Services, whereas “End User” refers to any individual who interacts with a Client through channels powered by Lazychat technology.
This Policy governs three principal categories of Processing activity:
When Lazychat operates as Controller of Administrative or Visitor Data, it relies on one or more lawful bases established by Article 6 of the GDPR:
For Client-Provided Data, Clients must document the lawful basis in the Data Processing Agreement.
Client-Provided Data includes end-user interactions through channels such as Facebook Messenger, WhatsApp, Instagram Direct, web chat widgets, and SMS, along with metadata:
Administrative and Visitor Data include corporate contacts, billing addresses, tax IDs, usernames, hashed passwords, MFA credentials, subscription settings, feature usage metrics, diagnostic logs, performance stats, marketing preferences, and technical identifiers (cookies, pixels, session IDs).
Lazychat does not sell Personal Data. We disclose information only to:
Data may be stored in AWS data centres globally. Transfers from the EEA, UK, or Switzerland to third countries use Standard Contractual Clauses, the UK International Data Transfer Agreement, or equivalents. Data-residency options are available per region.
Rights of access, rectification, erasure, restriction, portability, objection, and freedom from automated decision-making under GDPR Articles 15–22 and CCPA/CPRA. Requests via privacy@lazychat.io or online form. Responses within 30 days (EEA) or 45 days (CA). Processor-mode requests go to Clients.
The Services are not directed at children under 13 years of age (or higher age required by local law). We do not knowingly collect Personal Data from minors and will promptly delete any such data if discovered.
We use strictly necessary cookies for authentication and session management. Optional analytics cookies and advertising pixels are deployed only with user consent. Detailed information and opt-out options are available on our Cookie Policy page.
Transactional messages (service announcements, operational alerts) are sent irrespective of marketing preferences. Promotional communications are only sent to those who have provided explicit consent and always include an easy opt-out mechanism in compliance with the CAN-SPAM Act and ePrivacy Directive.
In the event of a Personal Data breach that risks the rights and freedoms of individuals, we will notify affected Controllers without undue delay and no later than 72 hours after becoming aware of the incident. Notifications will include the nature of the breach, affected data categories and approximate number of individuals, potential consequences, and remedial measures taken.
Data subjects in the European Economic Area (EEA) may lodge complaints with their local Data Protection Authority. Individuals in the United States may contact BBB National Programs or their state Attorney General’s office for unresolved privacy issues.
This Policy is reviewed at least annually. Material changes will be communicated to registered users via email and posted prominently in the dashboard at least 30 days before their effective date. Continued use of our Services after changes become effective signifies acceptance.
Questions or complaints about this Policy or our data practices should be directed to:
Data Protection Officer
Lazychat.io
Telephone: +880 1325‑077265
Address: Plot 17, Road 113/A, Gulshan, Dhaka 1212, Bangladesh
Email: privacy@lazychat.io
Appendices are available upon written request and include:
A. Current Sub-processors
B. Summary of Technical and Organizational Measures
C. Record of Processing Activities