Data, Privacy & Security
GoGHL processes your data to deliver your messages - it does not store it. This page explains what we process, what we never keep, how long the little we hold lasts, and how to request a Data Processing Agreement (DPA) or have your data deleted.
GoGHL processes your messages to deliver them; it does not store them. Message content - the text and media your contacts send and receive - is relayed between GoHighLevel and your channel (WhatsApp, iMessage, SMS) and is never stored on GoGHL servers. It passes through, gets delivered, and is gone.
What we process (metadata only)β
To deliver your messages reliably and reflect their status inside GoHighLevel, we process a small amount of operational metadata:
- Delivery and read statuses, message IDs, and timestamps
- Phone-number identifiers and contact display names
- GoHighLevel sub-account identifiers
- Session and usage data
- IP address (for authentication and security) and basic device/browser metadata
The operational metadata we process is kept for no more than 14 days, then automatically deleted - we don't retain it beyond what's needed to deliver your messages. We never store message content, and we don't process any special-category (sensitive) personal data.
Data held inside GoHighLevel, WhatsApp, or Meta is governed by those platforms' own policies and retention - it sits outside GoGHL and is not covered by this page.
Where your data is processedβ
GoGHL runs on enterprise cloud infrastructure in the EU and US, under GDPR-compliant safeguards (Standard Contractual Clauses, SOC 2, ISO 27001). WhatsApp connections are routed through a dedicated residential proxy matched to your device's region (for stability and ban protection) - the proxy only carries the live connection and stores none of your data. A current list of our sub-processors is available on request as part of our DPA.
GDPR & Data Processing Agreementβ
For your use of GoGHL, you (your agency or business) are the data controller and GoGHL is the data processor. We offer a GDPR Article 28-compliant Data Processing Agreement (DPA), including the EU Standard Contractual Clauses for international transfers.
Request a DPA: compliance@goghl.ai
Account & data deletionβ
You can ask us to delete your account and associated personal data at any time. Operational metadata is already removed automatically on the 14-day cycle; on request, we remove the rest.
Request account or data deletion: support@goghl.ai
Securityβ
- Encryption of data in transit
- Access limited to authorized personnel under confidentiality obligations
- Separated development, staging, and production environments
- Personal-data breach notification within 48 hours (per our DPA)
- Secure software development lifecycle and regular review
Who to contactβ
| Request | |
|---|---|
| Data Processing Agreement (DPA) | compliance@goghl.ai |
| Account / data deletion | support@goghl.ai |
| General privacy questions | privacy@goghl.ai |