servus.
Back to home

Privacy Policy

This Privacy Policy explains how Servus collects, uses, shares, and protects personal data when you use our website and messaging platform.

Last updated 15 June 2026

This is a baseline document we provide for transparency — it is not legal advice. Please have it reviewed by qualified counsel before you rely on it.

Who we are

Servus is an omnichannel messaging platform operated by Servus Messaging GmbH, a company registered in Vienna, Austria. For the personal data we process about our account holders, website visitors, and prospects, we act as the data controller under the EU General Data Protection Regulation (GDPR).

For the contact and message data that our customers send through the platform, we act as a data processor on their behalf — that processing is governed by our Data Processing Agreement, not this policy. You can reach our privacy team at [email protected] and our Data Protection Officer at [email protected].

Data we collect

We collect data in a few distinct categories, each handled for a specific purpose. We try to collect only what we need to run the service well and keep it secure.

  • Account data — name, work email, company, phone number, password credentials, billing details, and your role within your organization.
  • Recipient and contact data — phone numbers, names, and contact attributes that customers upload or sync; we process these strictly on behalf of the customer.
  • Message content and metadata — the body of messages routed through Servus, plus delivery metadata such as timestamps, channel, status (sent, delivered, read), and error codes.
  • Usage and technical data — IP address, device and browser type, pages viewed, feature usage, API request logs, and diagnostic information.
  • Cookies and similar technologies — identifiers used to keep you signed in, remember preferences, and measure aggregate usage.

How we use data

We use personal data to provide, secure, and improve the service: to create and administer accounts, route and deliver messages across WhatsApp, SMS, email, and push, report delivery status, process payments, provide support, detect and prevent abuse and fraud, and meet legal obligations.

We also use aggregated and de-identified data to understand product performance and improve features. We do not sell personal data, and we do not use the content of customer messages to train models for unrelated purposes.

Legal bases for processing

Under GDPR Article 6, we rely on the following legal bases depending on the activity:

  • Performance of a contract (Art. 6(1)(b)) — to deliver the service you sign up for, including provisioning accounts and routing messages.
  • Legitimate interests (Art. 6(1)(f)) — to secure our platform, prevent abuse, analyze and improve the product, and send service-related communications, balanced against your rights.
  • Consent (Art. 6(1)(a)) — for optional cookies, marketing emails, and any processing where we ask for your agreement; you can withdraw consent at any time.
  • Legal obligation (Art. 6(1)(c)) — to comply with tax, accounting, and other laws that apply to us.

Sharing and subprocessors

We share personal data with vetted subprocessors that help us run the platform — cloud hosting, messaging channel providers (such as WhatsApp Business and SMS carriers), email delivery, payment processing, and customer support tooling. Each subprocessor is bound by a contract that requires appropriate security and confidentiality.

We may also disclose data where required by law, to enforce our agreements, or to protect the rights, safety, and security of Servus, our customers, and the public. We do not sell or rent personal data to third parties.

International transfers

Servus is built EU-first and keeps customer data within the European Union wherever possible. Where personal data is transferred to a country outside the European Economic Area that lacks an adequacy decision, we rely on the European Commission's Standard Contractual Clauses (SCCs) together with supplementary technical and organizational measures to protect that data.

Retention

We keep personal data only as long as needed for the purposes described here, then delete or anonymize it. Account data is retained for the life of the account and for a limited period afterward to meet legal and accounting requirements. Message content and delivery metadata are retained according to your plan settings and applicable law; customers can configure shorter retention where supported.

When a customer closes their account, we delete or return the personal data we process on their behalf in line with our Data Processing Agreement.

Your rights

Subject to GDPR, you have the right to access, rectify, erase, restrict, and object to the processing of your personal data, and the right to data portability. Where processing is based on consent, you can withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact [email protected]. If you are a recipient of messages sent by one of our customers, the customer is the controller of that data, and we will direct your request to them. You also have the right to lodge a complaint with a supervisory authority.

Cookies, children, and changes

We use strictly necessary cookies to operate the site and, with your consent, optional cookies for analytics and preferences. You can manage non-essential cookies through our cookie controls.

Servus is a business product not directed at children, and we do not knowingly collect data from anyone under 16. We may update this policy from time to time; we will post the new version here and update the date above. Questions? Email [email protected].