Invite only. Limited seats available.

Privacy Policy

Last updated: January 12, 2026

This Privacy Policy explains how DigiFist BV (BE 0769.399.149), Zonnekinddreef 7, 2920 Kalmthout, Belgium (“DigiFist”, “we”, “us”, “our”) collects and processes personal data in relation to Galantis and its sub-services (including “Galantis Connect”, “Galantis WhatsApp”, “Galantis Marketing”) (together, the “Services”).

This Policy is intended to (1) give you control and transparency and (2) describe what we collect, why, how long we keep it, and what rights you can exercise.

IMPORTANT: Galantis enables business customers to message their own contacts through WhatsApp via Meta’s WhatsApp Business Platform. In that context, DigiFist may process certain personal data on behalf of our business customers.

1. WHO THIS POLICY APPLIES TO

This Policy applies to:
1.1 Business Users / Authorized Users: individuals who create or use a Galantis account on behalf of a business customer.
1.2 End Recipients: individuals whose data is uploaded/managed in Galantis by our customers and who may receive messages from those customers.
1.3 Website and support interactions: individuals who visit our websites, contact support, or otherwise communicate with us about the Services.

2. CONTROLLER VS PROCESSOR (GDPR ROLES)

2.1 When DigiFist is a controller
We act as a “controller” for personal data related to:
- account creation and administration (name, email, role, credentials),
- billing and contracting,
- support communications,
- security logs and product analytics for operating our Services.

2.2 When DigiFist is a processor
We typically act as a “processor” for Customer Data that our business customers upload or generate in the Services about End Recipients (e.g., phone numbers, audience attributes, message content, opt-in status, conversation metadata). In these cases, our business customer is typically the “controller” and determines the purposes and means of processing.

If you are an End Recipient and want to exercise rights regarding data a business sent you, you should first contact that business (the controller). We will assist our customer as required by law.

3. PERSONAL DATA WE COLLECT

3.1 Data you provide (Business Users / Customers)
- Identity/contact data: name, business email, phone (if provided), job title, company name.
- Account and access data: login credentials (stored securely), roles/permissions, authentication tokens.
- Contract and billing data: invoicing details, payment status, transaction references, correspondence.
- Support data: messages you send to support, attachments, configuration details.

3.2 Customer Data processed in the Services (often as processor)
Depending on how customers use Galantis, this may include:
- End Recipient contact data: phone numbers, names, segmentation tags/attributes.
- Messaging data: message content drafted/sent by the customer, template identifiers, timestamps, delivery/interaction metadata.
- Preference data: opt-in/opt-out status and suppression lists (as configured by the customer).

3.3 Data we collect automatically (usage and device data)
- Technical identifiers: IP address, device type, browser type/version, operating system.
- Usage data: pages/screens used, actions taken, logs, error reports, performance metrics.
- Cookies and similar technologies: used for authentication, security, preferences, and analytics (see our Cookie Policy or cookie banner where applicable).

3.4 Data from third parties
- Meta / WhatsApp Business Platform may provide delivery status, conversation events, or other metadata necessary for messaging workflows.
- Integration partners (CRM/e-commerce) may transmit data to Galantis if the customer enables such integration.

4. WHY WE USE PERSONAL DATA (PURPOSES)

We process personal data for:
4.1 Providing and operating the Services (account provisioning, authentication, delivering features).
4.2 Customer relationship management (contracting, onboarding, billing, support).
4.3 Security and abuse prevention (fraud detection, rate limiting, enforcing policies).
4.4 Compliance with legal obligations (accounting, tax, responding to lawful requests).
4.5 Improving our Services (analytics, debugging, product performance, feature planning).
4.6 Marketing to business contacts (where permitted): informing customers/prospects about DigiFist/Galantis updates and offerings, consistent with applicable law and opt-out rights.

5. LEGAL BASES (GDPR)

Where DigiFist is a controller, we rely on:
5.1 Contract performance: to provide the Services and support.
5.2 Legitimate interests: to secure, operate, and improve our business and Services (balanced against your rights).
5.3 Legal obligations: accounting/tax and compliance obligations.
5.4 Consent: for certain marketing communications or cookies where required; you can withdraw consent.

Where DigiFist is a processor, processing is based on the customer’s instructions and their legal basis as controller.

6. HOW WE SHARE PERSONAL DATA

We do not sell your personal data. We share personal data only as necessary, including:
6.1 Affiliates and successors within DigiFist group/structure, for the purposes described here.
6.2 Service providers/subprocessors (e.g., hosting, analytics, security, customer support tools) under contractual confidentiality and data protection obligations.
6.3 Meta / WhatsApp Business Platform and related providers for message delivery and related functionality (as required to provide WhatsApp messaging capabilities).
6.4 Integration partners enabled by the customer (at the customer’s direction).
6.5 Legal disclosures: where required by law, regulation, or valid legal process, or to protect rights, safety, and security.
6.6 With your consent or at your direction.

7. INTERNATIONAL TRANSFERS

Our customers and providers may operate in multiple countries. Where personal data is transferred internationally, we use appropriate safeguards as required by applicable law (e.g., contractual protections and other mechanisms).

8. RETENTION

8.1 We keep personal data only as long as necessary for the purposes described above, then delete or anonymize it, unless a longer period is required by law.
8.2 Account, contract, and billing-related data may be retained for the duration of the contractual relationship and afterwards as required for legal obligations (including accounting/tax).
8.3 Customer Data (End Recipient data) is retained in accordance with our contract with the customer and the customer’s configuration, subject to technical constraints (e.g., backups) and legal obligations.

9. SECURITY

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration, or destruction. However, no security measures can guarantee absolute security against all threats.

10. CHILDREN / MINORS

The Services are intended for business use and are not offered directly to children. We do not knowingly collect personal data from children under 18 in connection with the Services.

11. YOUR RIGHTS

Subject to applicable law, you may have the right to:
- be informed about processing,
- access your personal data,
- rectification,
- deletion (“right to be forgotten”),
- restrict processing,
- data portability (where applicable),
- object to processing (especially where based on legitimate interests),
- withdraw consent (where processing is based on consent),
- lodge a complaint with a supervisory authority.

If you are an End Recipient, many rights requests should be directed to the business that contacted you (the controller). We will support that business as required.

12. HOW TO EXERCISE RIGHTS / CONTACT

To exercise rights related to DigiFist’s controller processing (e.g., your Galantis admin account), contact us via the contact form on our website and specify “Galantis Privacy Request”.

You may also contact us by mail at:

support@digifist.com
DigiFist BV (BE 0769.399.149)
Zuidervelodroom 100
2018 Antwerp
Belgium

We may require proof of identity before fulfilling requests.

13. LINKS TO OTHER WEBSITES / THIRD-PARTY SERVICES

The Services may link to or integrate with Third-Party Services. We are not responsible for their privacy practices. Review their policies before using those services.

14. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time to reflect legal, regulatory, or operational changes. If changes are significant, we may provide additional notice (e.g., within the Services or by email). The “Last updated” date shows when it was most recently revised.

Unified tools. Unmatched power.

Unified tools. Unmatched power.

Sync your marketplace, ERP, shipping, and finance tools — no more manual updates or errors.

Schedule a demo

100% free, no strings attached.

Unified tools. Unmatched power.

Sync your marketplace, ERP, shipping, and finance tools — no more manual updates or errors.

Schedule a demo

100% free, no strings attached.

Sign up and stay updated

Sign up and stay updated

Product

Integrations

Security Compliance

Book a Demo

Company & Resources

Blog

About Us

Privacy Policy

Terms of Service

English

© DigiFist 2026. All rights reserved.

Built by DigiFist • Leading Shopify Premier Partner powering 5,000+ Merchants • 3 Global Offices