Log in Sign up free

Data Storage Policy

last update: 11/29/2022

This policy explains how Text, Inc. (“Text”, “we”) stores and protects Client Data across our services, including backups, logging, and archiving. All terms and capitalized terms used here follow our Terms of Use and Data Processing Addendum (DPA).

What that means for you?

You should know where your data is kept and how it is safeguarded. Below, we explain the difference between storage (where your data is stored) and processing (how data is used to provide the Services), and how both are protected by law, contract, and security controls.

Storage vs. Processing: Understanding the Difference

If you choose an EU storage region, your primary databases, backups, and archives are stored within that region.

However, to operate the Services (for example, to deliver chat transcripts, resolve support requests, or detect abuse), we may perform purpose-bound processing using authorized and trusted Sub-Processors, some of which operate outside your storage region.

These processing activities are:

  • Purpose-limited: only what’s necessary to deliver,  maintain the Service.

  • They do not relocate your primary storage.

  • Legally protected: governed by a separate agreement with us and appropriate transfer safeguards (e.g., EU Standard Contractual Clauses, UK Addendum/IDTA, Swiss addendum, European Commission adequacy decisions, and, where applicable, the EU-U.S. Data Privacy Framework).

This ensures a consistent level of protection regardless of where processing occurs.

Data Storage Locations by Services

Here’s where we store data for each of our Services.

LiveChat

Your data is stored either in the European Union (EEA) or the United States, based on your selection.

Choosing your storage location: When you create a subscription, you can select EU storage by signing up at the bottom of this webpage or by contacting our support team at support@text.com. If no preference is selected, data will be stored in the United States by default, and relocation to another region is not currently available.

ChatBot

Your data is stored on servers located in Ireland. Relocation to another region is not currently available.

HelpDesk, KnowledgeBase, OpenWidget

Your data is stored on servers located in the United States. Relocation to another region is not currently available.

We will update this section if regional options change.

International Processing and Transfers

To deliver Services to you, we work with trusted Sub-Processors (e.g., infrastructure, technology, and support providers) after privacy/security due diligence and DPA execution.  Some Sub-Processors operate outside your storage region, which can result in international data transfers only as necessary to provide and maintain the Services.

When personal data is transferred internationally, we apply recognized legal frameworks such as European Commission adequacy decisions,  Data Privacy Framework, Standard Contractual Clauses, UK Addendum/IDTA, and Swiss addendum, as applicable. This ensures your data receives consistent protection regardless of where it’s processed.

See our current Sub-Processor list and our International Data Transfers for details.

How We Protect Your Data

We apply organizational and technical measures to preserve the confidentiality, integrity, and availability of Client Data and to prevent unauthorized access, loss, or unlawful destruction of data.  Controls include:

  • Documented security standards and policies

  • Mandatory confidentiality agreements for personnel and role-based access control

  • Security and privacy training and awareness programs

  • Logical segregation of ClientData

  • Encryption in transit (TLS) and at rest for Client Data

  • Annual independent penetration testing of the Services

  • Web Application Firewall (WAF) and DDoS protection

  • Mobile Device Management (MDM) and Endpoint Detection & Response (EDR) for personnel devices

  • Software supply-chain scanning for vulnerabilities

  • GRC (Governance, Risk & Compliance) solution for risk management

  • Vendor management program ensuring we only cooperate with trusted partners

For complete details about our data processing practices, security standards, and technical measures, please refer to our Data Processing Addendum (DPA) and Data Security

EU Data Storage: Common Client Questions

1. Does EU storage mean my data never leaves the EU?

Your data at rest remains in the EU. Limited, necessary processing may occur with approved sub-processors outside the EU, protected by our DPA and applicable transfer safeguards.

2. Is my data moved or stored outside the EU? 


No. Choosing EU storage keeps your primary databases, backups, and archives in the EU. Processing outside the EU doesn’t change your storage region.

3. What safeguards apply to international processing?

All transfers of personal data are covered by recognized legal frameworks such as SCCs, the UK Addendum/IDTA, Swiss Addendum, adequacy decisions, and, where applicable, the Data Privacy Framework. We do not relocate your primary storage out of the EU.

4. Can I see who these sub-processors are? 

Yes. See our current Sub-processor List for services provided, processing purpose, and country of operation.

5. Does Text comply with GDPR if some processing occurs abroad?

Yes. All processing (inside or outside the EU) follows our DPA and applicable transfer safeguards, ensuring GDPR-level protection.