Your Data, Your Rights: Our GDPR Policy

GDPR Compliance Policy

Last updated: 20/05/2025

At Reactify Digital, your data privacy — and your customers’ privacy — is a top priority. We follow all requirements under the UK GDPR and EU GDPR when processing data through our AI + SMS automation services.

Who Controls the Data?

  • You (the client) are the Data Controller

    You provide the leads. You decide what gets sent, when, and why. Your GoHighLevel sub-account is created in your name, giving you full ownership and control of all data.

  • We are the Data Processor

    We act only on your instructions to run outreach via SMS and automation tools. We do not store, sell, or use your lead data for any other purpose.

Where and How Is Data Processed?

  • All automation runs on a self-hosted VPS in the UK, keeping data within GDPR-compliant borders.

  • We use trusted third-party tools — including GoHighLevel, OpenAI, and Zapier — all of which have active Data Processing Agreements (DPAs) in place.

  • All data is encrypted, securely handled, and processed with strict access controls.

Lawful Basis for Contacting Leads

We only contact leads under one of two GDPR-approved bases:

  • Consent – If the lead has clearly opted in to receive marketing communication.

  • Legitimate Interest – If the contact relates to a product or service the lead previously showed interest in.

Important: It is your responsibility as the Data Controller to ensure your lead data meets these requirements. We do not contact any lead who has opted out.

Your Leads' Rights

Under GDPR, all leads have the right to:

  • Access their data

  • Request correction

  • Request deletion (“Right to be Forgotten”)

  • Withdraw consent at any time

If a request is received, we will support you in fulfilling it promptly and securely.

Data Retention

We do not store your lead data after the campaign is complete. All processing is done in real-time or during the campaign window. After that, any residual data is removed from our systems unless otherwise agreed in writing.

Sub-Processors

We only use GDPR-compliant tools, including:

A full list of sub-processors can be provided on request.

Contact Us

If you have questions about how we protect your data, or need help processing a data subject request, you can contact us at: