Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
ManyChat is a marketing platform that equips businesses with tools to amplify their digital presence and drive customer acquisition. It supports audience segmentation, campaign automation, and cross-channel engagement. ManyChat provides real-time analytics and reporting dashboards for performance measurement and strategy optimization. By combining data intelligence with marketing execution, ManyChat helps deliver the right message to the right audience at the right time.
ManyChat, founded in 2015 in San Francisco, is the leading conversational marketing platform with over a million businesses connected. Originally built on Facebook Messenger, it now spans Instagram DMs, WhatsApp Business, Telegram and SMS. It is widely used for lead capture, abandoned cart recovery, customer support automation and influencer campaigns.
ManyChat connects to Meta and Twilio APIs to send and receive messages on behalf of the customer. The visual flow builder lets non technical users design conversations, drip campaigns, AI replies and conditional logic. Growth Tools include opt in widgets, popups, landing pages, QR codes and Comment Reply triggers that turn an Instagram comment into a DM conversation.
On the messaging side, ManyChat stores the subscriber Meta or phone identifier, the conversation history, custom fields, tags, and event logs. On the website side, embedded Growth Tools load JavaScript from manychat.com and may set cookies (mc_*, _ga forwarded). The Comment Reply automations forward Instagram comments to ManyChat servers in the US. The platform also captures the visitor IP and user agent.
Direct marketing via SMS or messaging apps requires prior explicit consent under Art. 13 ePrivacy and Art. 6(1)(a) GDPR. WhatsApp Business Messaging only allows automated marketing to users who explicitly opted in and is subject to Meta business rules. The embedded Growth Tools require ePrivacy consent for their cookies. ManyChat is a joint sub processor for the operator alongside Meta.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
All ManyChat data is stored in the United States. Because the platform proxies messages through Meta APIs, Meta also receives subscriber identifiers and message content. Both ManyChat and Meta rely on the EU US Data Privacy Framework. A Transfer Impact Assessment should cover both transfers and the cumulative risk for the data subject.
Capture explicit opt in with granular descriptions of purposes (welcome, transactional, marketing) before the first message. Record consent (timestamp, channel, IP, version). Block embedded Growth Tools behind a CMP category. Sign DPAs with both ManyChat and Meta. Provide a working STOP keyword and a webform unsubscribe. Document both processors and the US transfer mechanism in your records of processing.
Websites using ManyChat must obtain user consent under GDPR regulations.
Third-party domains contacted
manychat.comstatic.manychat.comm.mewa.megraph.facebook.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| mc_visitor | third_party | 1 year | Visitor identifier set by the embedded ManyChat Growth Tools for cross channel attribution. |
| mc_session | third_party | Session | Session identifier used to keep state across embedded ManyChat Growth Tools. |
| _ga | third_party | 2 years | Google Analytics identifier forwarded to ManyChat for funnel analytics on Growth Tools. |
ManyChat places tracking cookies for advertising — comply with GDPR using FlowConsent.
Embedded ManyChat Growth Tools (popups, opt in widgets, landing pages) load JavaScript from manychat.com and may set first or third party cookies including mc_visitor, mc_session and forward Google Analytics identifiers. All require prior consent under Art. 5(3) ePrivacy.
Yes. Explicit prior consent is required for the messaging itself (Art. 13 ePrivacy, Art. 6(1)(a) GDPR), for the embedded Growth Tools and for any tracking cookie. WhatsApp Business messaging has stricter rules under the Meta Business Messaging Policy.
Consent (Art. 6(1)(a) GDPR) for marketing messages and tracking cookies. Performance of a contract (Art. 6(1)(b)) for transactional or customer support messages after explicit opt in. Soft opt in for similar product follow up is usually not sufficient for messaging.
Yes. ManyChat and Meta both store data on US infrastructure. Both rely on the EU US Data Privacy Framework. A Transfer Impact Assessment must cover both processors and the cumulative impact on the data subject.
A DPIA is mandatory when ManyChat is used at scale, combined with profiling, behavioural segmentation or sensitive content. The DPIA must cover Meta as a joint sub processor, the US transfers, the WhatsApp Business Messaging Policy and the embedded Growth Tools.
Capture explicit opt in before the first message with granular purposes (welcome, transactional, marketing). Record consent (timestamp, channel, IP, version). Block embedded Growth Tools behind consent. Provide a working STOP keyword. Sign DPAs with both ManyChat and Meta. Document everything in the records of processing.
EU based: Chatfuel (registered in Cyprus but US team), Botpress (Canada, self hostable), Tidio (Poland), Userlike (Germany). For WhatsApp specifically: Charles (Germany), MessengerPeople by Sinch (Germany), Heltar (Netherlands).
Subscribe to ManyChat changelog and trust centre. When sub processors, certifications or messaging policies change, update your cookie table, privacy notice and records of processing, and bump the consent banner version.