Privacy policy

This Privacy Policy has been updated on Sep 23, 2021


If you have any privacy related concerns, please contact us at: [email protected]

This Privacy Policy describes how TobiBots OÜ ("TobiBots", "we", "us" or "our") handles personal information that we collect through our websites, applications and other digital properties that link to this Privacy Policy (collectively, the "Service", “Tobi”).

TobiBots provides services that businesses (“You”, “Customer”) use to deliver SMS messages to their own customers (“End Users”). This Privacy Policy does not apply to personal information that we process on behalf of our business customers to provide our services. For example, if you receive SMS messages from a Tobi customer, this Privacy Policy does not apply to you, and you should contact the relevant Tobi customer with any questions or concerns about the information it has engaged us to handle.

This Privacy Policy describes how we collect and use the Personal Data that customers provide. It also describes the choices available to you regarding our use of your Personal Data and how you can access the information. We respect your privacy and we take protecting it seriously.

By visiting our Site, or using our Services, you expressly consent that any information that we collect from or about you directly through this Site or Service, including Personal Data, anonymous information, and aggregate information , will be handled as described in this Privacy Policy and our Terms of Use.

TobiBots does not sell your personal data to third parties. A “sale” of Personal Data under the CCPA is defined broadly to include the “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means” the Personal Data of a Customer to another business or third party “for monetary or other valuable consideration.” If we decide to sell Service, we will inform you about this, so you can forbid us to transfer your personal data together with our business. If so, we will delete your data from the databases prior to a business transfer.

We adhere to the following principles in order to protect your privacy:

principle of purposefulness - we process personal data fairly and in a transparent manner only for the achievement of determined and lawful objectives, and they shall not be processed in a manner not conforming to the objectives of data processing;

principle of minimalism - we collect personal data only to the extent necessary for the achievement of determined purposes and do not keep personal data if it is no longer needed;

principle of restricted use - we use personal data for other purposes only with the consent of the data subject or with the permission of a competent authority;

principle of data quality - we update personal data shall be up-to-date, complete and necessary for the achievement of the purpose of data processing;

principle of security - security measures shall be applied in order to protect personal data from unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and organisational measures;

principle of individual participation - the persons shall be notified of data collected concerning him or her, the persons shall be granted access to the data concerning him or her and the persons have the right to demand the correction of inaccurate or misleading data.


1.1. Information you provide to us. Personal information you may provide to us through the Service or otherwise includes:

1.1.1. Contact data: your first and last name, phone number and email addresses.

1.1.2. Account data: your username and password that you set to establish an online account with us, and any other information that you add to your account profile.

1.1.3. Profile data: your company, job title, website URLs, country and physical addresses, where publicly-available.

1.1.4. Payment information including the dates and amounts of the payments you make to use the Service. We do not store payment card information, which is handled by our third party payment processor (PayPal and Shopify App Store) as further described in this Privacy Policy.

1.1.5. Communications that we exchange, including when you contact us with questions, feedback, or otherwise.

1.1.6. Marketing data: your preferences for receiving communications about our products and services, and details about how you engage with our communications.

1.1.7. Other information that we may collect which is not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.

1.2. If you connect Facebook account and Business Page to the Service – You give the Website permission to access and use all your data available through Facebook: public profile, photos, friends list, e-mail address and "Like", comment, share information. The collection, storage and use of such data come in accordance with Facebook policies.

1.3. Automatically information. We, our service providers, and our business partners may automatically log information about you, your computer or mobile device, and your activity over time on our sites and other sites and online services. This information may include:

1.3.1. Device data: your computer or mobile device operating system type and version number, manufacturer and model, browser type, screen resolution, IP address, IP address, unique identifiers, the website you visited before browsing to our website, and general location information such as city, state or geographic area.

1.3.2. Online activity data: pages you viewed, how long you spent on a page, navigation paths between pages, information about your activity on a page, access times, and duration of access.

1.3.3. Cookies: some of our automatic data collection is facilitated by cookies and similar technologies. For more information, see our Cookie Policy.


2.1. We may use the information collected from you for a variety of purposes, primarily, relating to providing our Services and information about our Services. We may also use the information for such other purposes as otherwise allowed by law. For example, we (or a supplier or our affiliate company acting on our behalf and only under our instructions) may use your personal data, including personally identifiable information, for such purposes, including but not limited to:

  • Provide the Service and operate and improve the Service and our business;
  • Establish and maintain your Customer profile on the Service;
  • Communicate with you about the Service, including by sending announcements, updates, security alerts, and support and administrative messages;
  • Understand your needs and interests, and personalize your experience with the Service and our communications;
  • Provide support for the Service, and respond to your requests, questions and feedback;
  • Research and development purposes, including to analyze and improve the Service and our business;
  • Detect, investigate, and prevent illegal activities or conduct that may violate the Terms of Use Tobi;
  • Marketing and promotion of our Services or related products, including those of a third party’s products which are related to our Services (If you do not want us to use your data in this way, please let us know by contacting us at: [email protected];
  • Comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
  • Any other purpose as we determine, in our sole discretion, to be necessary or required to ensure the safety and/or integrity of our users, employees, third parties, public, and/or our Services, or to comply with requirements of any applicable law


3.1. We ask that you not provide us with any sensitive personal information (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the Service, or otherwise to us. If you do not consent to our processing and use of such sensitive personal information, you must not submit such sensitive personal information through our Service.


4.1. If you are located in the European Economic Area (EEA) privacy rights are granted and all processing of Personal Data is performed in accordance with regulations and rules following the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, known as the General Data Protection Regulation (“GDPR”).

4.2. If you are located in California, all processing of Personal Data is performed in accordance with regulations and rules following the California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq. (“CCPA”).

4.3. If you are located in Brazilia, all processing of Personal Data is performed in accordance with regulations and rules following the Lei Geral de Proteção de Dados (“LGPD”).

4.4. The Child Online Privacy and Protection Act (“COPPA”) regulates online collection of information from persons under the age of 13 (covered person). Covered persons are required to obtain parental consent before providing personal data via Service. If you are a parent of a COPPA covered person, you have the option to agree to the collection and use of your COPPA covered person’s information. You may revoke your consent, review your COPPA covered person’s personal data, ask to have it deleted, and/or refuse to allow any further collection or use of your COPPA covered person’s information at any time, contact us at [email protected].

4.5. We process Personal Data as a Controller, as defined in the GDPR.


5.1. You can review, correct, update, delete or transfer their personally identifiable information. For that, contact us directly at [email protected] We will acknowledge your request within seventy-two (72) hours and handle it promptly and as required by law.

5.1.1. Right to access. You may contact us to get confirmation as to whether or not we are processing your personal data. When we process your personal data, we will inform You of what categories of personal data we process regarding You, the processing purposes, the categories of recipients to whom personal data have been or will be disclosed and the envisaged storage period or criteria to determine that period.

5.1.2. Right to withdraw consent. You can withdraw your consent at any time by deleting the Service from your Store and your Personal Data will be deleted in 48 hours.

5.1.3. Right to object. In case our processing is based on our legitimate interest to run, maintain and develop our business, You have the right to object at any time to our processing. We shall then no longer process your personal data unless for the provision of our Services or if we demonstrate other compelling legitimate grounds for our processing that override your interests, rights and freedoms or for legal claims. Notwithstanding any consent granted beforehand for direct marketing purposes, You have the right to prohibit us from using personal data for direct marketing purposes, by contacting us or by using the functionalities of the Services or unsubscribe possibilities in connection with our direct marketing messages.

5.1.4. Right to restriction of the processing. You have the right to obtain from us restriction of processing of your personal data, as foreseen by applicable data protection law, e.g. to allow our verification of accuracy of personal data after your contesting of accuracy or to prevent us from erasing personal data when personal data are no longer necessary for the purposes but still required for your legal claims or when our processing is unlawful. Restriction of processing may lead to fewer possibilities to use our Services.

5.1.5. Right to data portability. You have the right to receive your personal data from us in a structured, commonly used and machine-readable format and to independently transmit those data to a third party, in case our processing is based on your consent and carried out by automated means.

5.1.6. How to use these rights. To exercise any of the above-mentioned rights, You should primarily use the functions offered by our Services. If such functions are however not sufficient for exercising such rights, You shall send us a letter or email to the address set out below under Contact, including the following information: name, address, phone number, email address, and a copy of a valid proof of identity. We may request additional information necessary to confirm your identity. We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded.


6.1. We store your Personal Data for as long as needed to provide you with our services. We may store Data longer, but only in a way that it cannot be tracked back to you. When Personal Data is no longer needed, we delete it using reasonable measures to protect the Data from unauthorized access or use.

6.2. EU Territory. We store Personal Data as long as it is needed for the provision of our services. Traffic information is erased or made anonymous when it is no longer needed for the purpose of the transmission or, in the case of payable services, up to the end of the period during which the bill may lawfully be challenged or payment pursued. Direct marketing and provision of value-added services information (including traffic information used for these purposes) is stored as long as the same is necessary for the provision of these activities, or up to the time when a user opts out from such use in accordance with this Privacy Policy. Other information is stored for as long as we consider it to be necessary for the provision of our services. This Section shall not prevent any technical storage or access to information for the sole purpose of carrying out the transmission of a communication or as strictly necessary in order for us to provide the service you requested.

6.3. As explained in the GDPR statement, we strive to anonymize the data when possible. If you decide to exercise your right to erasure we will also inform our Providers to delete all your data.

6.4. US Territory. We will retain collected information for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by applicable legislation.

6.5. Storing might be different depending on the territory of collecting the information and the applicable legislation, but we always strive to store the information only as long as it is needed for the purposes of providing, improving or personalizing our services.

6.6. We do not use Service to knowingly solicit information from or market to children under the age of 13. In the event that we learn that we have collected personal data from a child under 13 years of age we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 13 years of age please contact us at [email protected].


7.1. We care to ensure the security of personal data. We follow generally accepted industry standards to protect the information submitted to us, both during transmission and once we receive it. We maintain technical, physical, and administrative security measures to provide reasonable protection for your Personal Data. When we or our contractors process Your information, we also make sure that your information is protected from unauthorized access, loss, manipulation, falsification, destruction or unauthorized disclosure. This is done through appropriate administrative, technical and physical measures.

7.2. There is no 100% secure method of transmission over the Internet or method of electronic storage. Therefore, we cannot guarantee its absolute security.

7.3. We never process any kind of sensitive data and criminal offence data. Also we never undertake profiling of personal data.


8.1. We work with third party service providers who provide website, application development, hosting, maintenance, and other services for us. They may be located outside of the EEA. These contractors may have access to, or process Personal Data on behalf of us as part of providing those services for us. We limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions.

8.2. All data transfers are performed in accordance with the highest security regulations. Transfer of Personal Data to countries outside of the European Economic Area may be possible only in the case, when we have obtained your consent for it.

8.3. We may incorporate third party content in its Service (YouTube videos, Google Maps etc.), which requires your IP address to send the content to your browser. Here we cannot warrant that the third party will not use the information for other statistical purposes.

8.4. We use Google Analytics services, which allow analyzing the Customer’s activity on the Website. Accordingly, the Customer allows the use information to be transmitted and stored by Google on servers in the United States, which will be used on behalf of the Service.

8.5. We use Facebook Social Plugins – Facebook logo - enabling Facebook to receive information about the Customer having accessed the Service.

8.6. We use Google AdWords & Admob remarketing and conversion-tracking tool, which set the Your cookie (a small piece of data sent from a website and stored in a user's web browser while a Customer is browsing a website) if you click a Google AdWords ad. The tool stores the cookie for 30 days.

8.7. We use Google AdSense - a web analytics service provided by Google Inc., which allows analyzing the use of the Service by using the cookies.

8.8. We use Taboola Company - a content marketing platform, which allows analyzing the use of the Service by using the cookies.

8.9. We use DigitalOcean - cloud infrastructure provider, provided by DigitalOcean, LLC.

8.10. We use Vertex - custom communication platform (CPaaS) for SMS communication, provided by Vertex LV.

8.11. We use FullStory - which allows analyzing the Customer’s activity on the Website , provided by FullStory, Inc.

8.11. We use Front - as a support ticket system, provided by FrontApp, Inc.

8.13. We do not undertake any liability for the data gathered by the third parties issued above and their further exploitation.


9.1. You may opt out of our marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by emailing us at [email protected]. You may continue to receive service-related and other non-marketing emails, such as those about your account or our ongoing business relations.


10.1. This Privacy Policy is applicable to our Service. Once redirected to another Service, Website or App, this Policy is no longer applicable.


11.1. We assume that all Users have carefully read this document and agree to its content. If one does not agree with this Privacy policy, they should refrain from using Service.


12.1. From time to time, we may update this Privacy Policy. We encourage You to periodically check back and review this Policy so that You always will know what information we collect, how we use it, and with whom we share it.



We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services. You consent to our cookies if you continue to use our Service.

Cookies are small text files that can be used by websites to make a customer's experience more efficient.

The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.

This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.

You can at any time change or withdraw your consent from the Cookie Declaration on our website.

Your consent applies to the following domains:,,

Cookie declaration last updated on 23/09/2021:

Necessary (5)

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

Name Provider Purpose Expiry Type
__cfduid Used by the content network, Cloudflare, to identify trusted web traffic. 1 year HTTP Cookie
CookieConsent Stores the user's cookie consent state for the current domain 1 year HTTP Cookie
PHPSESSID Preserves user session state across page requests. Session HTTP Cookie
XSRF-TOKEN Ensures visitor browsing-security by preventing cross-site request forgery. This cookie is essential for the security of the website and visitor. 1 day HTTP Cookie
XSRF-TOKEN Ensures visitor browsing-security by preventing cross-site request forgery. This cookie is essential for the security of the website and visitor. 1 day HTTP Cookie

Statistics (4)

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

Name Provider Purpose Expiry Type
_ga Registers a unique ID that is used to generate statistical data on how the visitor uses the website. 2 years HTTP Cookie
_gat Used by Google Analytics to throttle request rate 1 day HTTP Cookie
_gid Registers a unique ID that is used to generate statistical data on how the visitor uses the website. 1 day HTTP Cookie
collect Used to send data to Google Analytics about the visitor's device and behavior. Tracks the visitor across devices and marketing channels. Session Pixel Tracker
_ga Registers a unique ID that is used to generate statistical data on how the visitor uses the website. 2 years HTTP Cookie 10 years HTTP Cookie

Marketing (3)

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

Name Provider Purpose Expiry Type
_fbp Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers. 3 months HTTP Cookie
fr Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers. 3 months HTTP Cookie
tr Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers. Session Pixel Tracker

Unclassified (3)

Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.

Name Provider Purpose Expiry Type
intercom-id-i7hc6lp9 Registers a unique ID that is used to generate statistical data on how the visitor uses the website. 270 days HTTP Cookie
intercom-id-i7hc6lp9 Registers a unique ID that is used to generate statistical data on how the visitor uses the website. 270 days HTML Local Storage
intercom-state-i7hc6lp9 Pending Persistent HTML Local Storage
tobi_session Preserves customer session state across page requests. 1 day HTTP Cookie



If you have any questions, the practices of Platform or/and Services, please contact us at [email protected]

TobiBots OÜ
Sepapaja 6, Tallinn 15551

Ready to drive more sales?

Get Tobi today!