Do I need to disclose SendBird in my privacy policy?

Yes. SendBird processes user data including chat messages, media files, and push notification tokens, making it a third-party data processor under GDPR and CCPA. You must disclose SendBird's involvement in your privacy policy, explain what data it collects, and describe the purposes (messaging and notifications). Users in regulated jurisdictions have rights to know which vendors access their data.

What specific data does SendBird collect and store?

SendBird collects and stores chat messages, media files (images, documents), user profiles and metadata, message delivery and read status indicators, and push notification tokens. This data is stored on SendBird's infrastructure in the United States. SendBird also processes message timestamps and user identifiers to enable real-time messaging functionality.

Does SendBird require a cookie consent banner?

SendBird itself does not use cookies. However, if your application uses cookies for any purpose (analytics, authentication, or tracking), you must disclose those separately. SendBird's data collection operates independently of cookies and is based on account registration and message transmission rather than browser tracking.

Who is the data processor and where is data transferred?

SendBird Inc., a United States-based company, acts as your data processor. User data, including messages and metadata, is transferred to and stored on SendBird's servers in the US. SendBird maintains SOC 2 Type II certification and offers GDPR, CCPA, and HIPAA-compliant service levels. International users' data transfers to the US should be addressed in your privacy policy with appropriate safeguards.

Social & Communication

Privacy policy clauses for SendBird

SendBird is a cloud-based messaging platform that enables in-app chat, push notifications, and real-time communication features. Websites and applications integrate SendBird to facilitate user-to-user messaging, customer support channels, and notification delivery without building messaging infrastructure from scratch.

Scan my site free →Copy sample clause ↓

Free scan · No signup · Results in 60 seconds

What data SendBird collects

Your privacy policy must disclose each of the following data types when you use SendBird.

Chat messages and media files

User profiles and metadata

Message delivery and read status

Push notification tokens

When does SendBird trigger privacy obligations?

Installation and Data Flow Initiation

Adding SendBird to your app or website immediately triggers obligations because SendBird begins collecting chat messages, media files, user profiles, metadata, message delivery/read status, and push notification tokens the moment the SDK initializes or your first API call executes. These are user communications and device identifiers—high-sensitivity categories under privacy law.

Regulatory Triggers by Jurisdiction

GDPR (EU/EEA users): Triggered as soon as any EU user sends a message or their profile data enters SendBird's infrastructure. SendBird processes personal data on your behalf (GDPR Article 28); you are the controller and must establish a Data Processing Addendum (DPA) before processing begins. Failure to have a signed DPA in place before launch is a material breach.

Privacy policy clauses for SendBird

What data SendBird collects

When does SendBird trigger privacy obligations?

Installation and Data Flow Initiation

Regulatory Triggers by Jurisdiction

First Concrete Step

Where data goes

Common compliance pitfalls

Pitfall 1: Missing or Unsigned Data Processing Addendum (DPA)

Pitfall 2: Undisclosed Push Notification Token Collection

Pitfall 3: Failing to Update Privacy Policy After SDK Integration

Legal note

Sample privacy policy clause

What regulators look for

Regulatory Audit Priorities

Enforcement Trends

Frequently asked questions

Do I need to disclose SendBird in my privacy policy?

What specific data does SendBird collect and store?

Does SendBird require a cookie consent banner?

Who is the data processor and where is data transferred?

Don't ship without Bandit.