Last Updated: October 17, 2025
1) Who We Are
Delightful Payments, LLC, doing business as Delightful Chat (“Delightful Chat,” “we,” “our,” or “us”), operates the website delightfulmessages.com and related applications, APIs, and services (collectively, the “Platform” or “Services”). We enable businesses to run iMessage (“blue bubble”) conversations—not bulk blasts—with customers and measure engagement.
We are committed to protecting your privacy and handling personal information responsibly.
2) Scope of this Policy
This Policy explains how we collect, use, disclose, and protect Personal Information when you:
visit delightfulmessages.com or any page we host,
create or use an account,
interact with our Services (including iMessage workflows, dashboards, and APIs), or
communicate with us (e.g., sales, support, or marketing).
This Policy does not apply to third-party websites, apps, or services you connect to the Platform (e.g., CRMs, identity providers). Their privacy practices are governed by their own policies.
If you use the Services under an organization’s account (a “Client”), that Client may be the data controller for certain processing. This Policy describes our role as a service provider/processor in those cases.
3) Key Definitions
. Personal Information (PI): Information that identifies or is reasonably linkable to an individual (e.g., name, email, device ID, IP address).
Client: A business customer that purchases or administers an account.
End User: An individual who uses the Platform under a Client account.
Recipient/Contact: A person a Client messages via the Platform.
Customer Content: Message content, attachments, media, metadata, and configuration settings that a Client or End User submits or generates through the Platform.
4) Categories of Information We Collect
A) Account & Billing Information
Admin and user names, emails, phone numbers; company name, role, preferences; billing contact, plan details, invoice history; limited payment tokens/last-4 via our payment processor.
B) Profile & Operational Data
User IDs, authentication/session tokens, team/role assignments, permissions, audit logs.
C) Device & Technical Data (Automatic)
IP address, approximate location (city/region), device type, OS, browser; event logs (timestamps, status codes, feature use); cookies/SDK events/pixels (see Section 8).
D) Messaging Content & Metadata (Customer Content)
iMessage conversations initiated through the Platform (text, images, video, PDFs, other media); routing details (to/from identifiers configured by the Client), timestamps, delivery status, replies; campaign/workflow configuration, labels/tags/segments.
We do not use Customer Content for advertising. We process it only to provide the Services (delivery, storage, security, analytics for the Client, troubleshooting).
E) Integrations & Connected Services
When a Client connects a CRM or other tool, we receive the data the Client instructs us to sync (e.g., contact lists, custom fields, campaign IDs).
F) Support, Sales & Marketing Interactions
Emails, chat transcripts, and call notes with our team; marketing preferences, signup forms, event registrations.
G) Inferred/Derived Data
Aggregate engagement metrics (send/reply rates, time-to-response); risk/abuse signals to help prevent spam or policy violations (see Section 10).
Sensitive data: We do not require sensitive categories (e.g., government IDs, health data). Clients choose what to send via iMessage; we process only under their direction. Avoid sending Sensitive Information unless necessary.
5) Sources of Information
. Directly from you (account setup, forms, support)
Automatically via the Platform (logs, cookies, device telemetry)
From Clients and their integrations (CRMs, identity providers)
Service providers (payments, analytics, communications)
Public sources (company sites, social links) when appropriate for B2B verification
6) How We Use Information
Provide and operate the Services
Deliver/route/store iMessages and media; maintain accounts, roles, permissions, and audit logs; provide dashboards, analytics, and engagement reporting.Support & security
Troubleshoot issues; detect, prevent, and respond to spam, abuse, malware, and policy violations; protect Platform integrity and enforce terms.Product improvement
Analyze usage to improve reliability, performance, and UX; develop new features (including optional, Client-enabled AI features limited to that feature’s function—no generalized model training with Customer Content).Communications
Send service notices and product updates; respond to inquiries; with consent or where allowed by law, send marketing communications (opt-out anytime).Compliance & legal
Meet legal obligations; respond to lawful requests; exercise or defend legal claims; prevent fraud; protect rights, users, and the public.
Legal bases (EEA/UK): performance of contract; legitimate interests (security, product improvement, B2B marketing); consent (where required); legal obligation.
7) How We Share Information
We do not sell Personal Information in the conventional sense. We share PI only as described:
Service Providers/Subprocessors: Hosting, storage, security, support, analytics, email delivery, payment processing—bound by contract to use PI solely to provide services to us.
Client-Directed Disclosures: When a Client connects integrations or exports data, we share per the Client’s instructions.
Enterprise Administration: Client admins can access/manage End User accounts, configuration, logs, and messaging data within their tenancy.
Corporate Transactions: PI may transfer as part of a merger, acquisition, financing, or asset sale (subject to continued protections).
Legal & Safety: To comply with law or protect rights, security, and safety.
Aggregated/De-Identified Data: Usage statistics that do not identify individuals.
“Sale/Sharing” under some U.S. laws: Certain analytics/advertising cookies on marketing pages may be deemed a “sale” or “sharing.” See Sections 8 and 13 for choices and signals.
8) Cookies, Pixels, and Similar Technologies
We use essential (auth/security), functional (preferences), analytics (traffic/feature usage), and advertising/retargeting cookies (on public marketing pages only; never to read Customer Content).
Choices: Most browsers let you block/delete cookies. Blocking essential cookies may disrupt sign-in and core features. Industry tools (e.g., NAI/DAA) and browser settings can manage ad preferences.
Global Privacy Control (GPC): Where required, we honor GPC signals for “sale/sharing” opt-outs on our marketing pages.
9) iMessage & Messaging-Specific Practices
Conversational use only: We support one-to-one or segmented, consent-based iMessage communication. We do not permit spam blasts.
Content handling: Customer Content is encrypted in transit. Storage is restricted to the Client’s workspace and used only to provide Services (delivery, logs, analytics, support).
Media handling: Large media may be processed via secure media services for performance/delivery.
Contact lists: Clients are responsible for lawful collection and use of recipient data and for honoring opt-outs. We provide STOP/UNSUBSCRIBE handling and suppression list
10) Safety, Abuse, and Fair Use
We may automatically analyze metadata, rates, and patterns (not the substance of Customer Content unless needed for abuse review or support) to:
detect prohibited blasting/spam behavior,
throttle or block abusive campaigns, and
notify Client admins about policy concerns.
Violations may lead to suspension per our Terms.
11) International Data Transfers
We may process data in the United States and other countries. Where required, we use appropriate safeguards (e.g., Standard Contractual Clauses) for cross-border transfers. Enterprise Clients can request our Data Processing Addendum (DPA) with transfer safeguards.
12) Data Retention
We retain PI only as long as needed for the purposes described or as required by law. Typical examples:
Account/billing records: legal/finance retention periods
Logs & security data: rolling windows for security/audit
Customer Content: per Client configuration or contract
Upon termination or verified request, we delete or de-identify data per contract/policy, subject to legal holds.
13) Your Privacy Rights
A) U.S. State Rights
Depending on your state, you may have rights to: access, correct, delete, data portability, opt-out of sale/sharing for targeted advertising (cookies), restrict certain profiling, and be free from discrimination.
How to exercise: Email hello@delightfulchat.com with your request and state of residence. For cookie-based sale/sharing, use our “Do Not Sell or Share My Personal Information” link (marketing pages) or send a GPC signal.
B) EEA/UK Data Subject Rights
You may have rights to access, rectification, erasure, restriction, objection, portability, and to withdraw consent where processing relies on consent.
How: Email hello@delightfulchat.com. You may also lodge a complaint with your local supervisory authority.
Controller vs. Processor: For data we process on behalf of a Client, we may redirect your request to the relevant Client (the controller).
14) Data Security
We use administrative, technical, and physical safeguards, including encryption in transit, least-privilege access, SSO options, network monitoring, vulnerability management, secure SDLC, and logging. No method is 100% secure. If a security incident affects your data, we will notify you as required.
15) Children’s Privacy
The Services are not directed to children under 16. We do not knowingly collect PI from children under 16. If you believe a child provided PI, contact hello@delightfulchat.com and we will delete it.
16) Third-Party Links & Integrations
Our Platform may link to or integrate with third-party services (e.g., CRMs, analytics, cloud storage). Their processing of PI is governed by their privacy policies. Review those policies before enabling integrations.
17) Changes to this Policy
We may update this Policy to reflect changes in technology, laws, or our Services. We will post the new effective date above and, where required, provide additional notice. Your continued use of the Services after an update means you accept the revised Policy.
18) Contact Us
Delightful Chat
c/o Delightful Payments, LLC
215 W Michigan Ave, Suite 35, Ypsilanti, MI 48198
Email: hello@delightfulchat.com
For legal notices or privacy requests, include your name, contact information, and a detailed description of your request.
19) Supplemental Disclosures (Nevada/California)
Nevada: We do not sell PI as defined by Nevada law. Nevada residents may submit “do not sell” requests to hello@delightfulchat.com.
California: We provide disclosures required by the CCPA/CPRA in this Policy. To exercise California rights or to opt-out of sale/sharing (cookies on marketing pages), use site controls or email hello@delightfulchat.com. We honor GPC signals where applicable.
Sign up for a free trial and send your first iMessages in under 10 minutes. We're here to help – chat with our team or explore our docs anytime.
Apple Compliant
Secure Encryption
Used by 1,000+ Brands