Privacy Policy
Last updated: June 28, 2026
1. Introduction
DMRocket, operated by DesignedCase, is an omnichannel customer relationship management, messaging automation, booking, and AI sales platform for businesses. This Privacy Policy explains how DMRocket ("DMRocket", "we", "our", or "us") collects, uses, processes, stores, shares, and protects information when you visit our website, create an account, connect your business messaging channels, calendars, meeting providers, email services, commerce systems, or other third-party accounts, or use our services.
This Privacy Policy applies to our website, dashboard, CRM, inbox, automation, analytics, bookings, Instagram, WhatsApp, Google Calendar, Zoom, Microsoft Teams, Webex, GoTo Meeting, email, commerce, and other connected-channel or integration features. It also explains how users can exercise privacy rights, disconnect integrations, and request deletion of their data.
2. Information We Collect
Account and Profile Information
When you create or use a DMRocket account, we may collect your name, email address, password or authentication data, business name, workspace information, team member details, billing information, subscription details, and account preferences.
Website, Device, and Usage Information
We may automatically collect browser information, device information, IP address, operating system, pages viewed, referring URLs, server logs, error logs, feature usage, session activity, and other analytics or diagnostic information to operate, secure, monitor, and improve our services.
Workspace, CRM, and Automation Data
We collect and process information you add to DMRocket, including workspace settings, connected accounts, automations, chat flows, campaign settings, saved replies, tags, notes, customer profiles, lead information, contact lists, booking information, product or order data that you choose to connect, and analytics generated from your use of the platform.
Instagram Platform Data
When you connect Instagram through the official Meta APIs, we may collect and process data that you authorize Meta to share with DMRocket. This may include Instagram account identifiers, usernames, profile information, connected business or page information, media information, comments, direct messages, message metadata, sender and recipient identifiers, timestamps, automation triggers, access tokens, permissions granted, and related webhook events. We do not collect or store your Instagram password.
WhatsApp Business Platform Data
When you connect a WhatsApp Business Account through Meta, we may collect and process WhatsApp Business Platform data that you authorize Meta to share with DMRocket. This may include WhatsApp Business Account IDs, phone number IDs, display phone numbers, business profile information, message templates, template names, template components, template categories, template approval statuses, QR codes if used, webhook subscription information, access tokens, permissions granted, analytics, and related business asset information.
To provide WhatsApp inbox, automation, campaign, and customer support features, we may also process WhatsApp conversation data, including incoming and outgoing message content, customer phone numbers, customer names when available, media attachments, message IDs, delivery status, read status, timestamps, template messages, replies, and webhook events.
Google Account and Google Calendar Data
When you choose to connect your Google account to DMRocket for booking, scheduling, or calendar sync features, we may collect and process Google user data that you authorize Google to share with DMRocket. This may include your Google account email address, basic profile information, OAuth access tokens, OAuth refresh tokens where applicable, permissions granted, connected calendar identifiers, calendar names, calendar settings needed for scheduling, free/busy availability, event IDs, event titles, event descriptions, event locations, event start and end times, attendee information, meeting links, timestamps, reminders, and event status.
We use Google Calendar data only to provide features you request, such as checking availability, preventing double bookings, creating booking events, updating booking events, syncing booking status, adding meeting details, and showing calendar connection status inside DMRocket. We do not use Google Calendar data for advertising, and we do not sell Google user data.
Connected Meeting Provider Data
When you connect Zoom, Microsoft Teams, Webex, GoTo Meeting, or another supported meeting provider, we may collect and process information that you authorize the provider to share with DMRocket. Depending on the provider and permissions you grant, this may include the connected user or organizer ID, display name, email address, account information, OAuth access tokens, OAuth refresh tokens where available, token expiration, authorized scopes, connection status, meeting IDs, meeting titles or topics, descriptions, start and end times, time zones, join URLs, host URLs, meeting settings, attendee details, and provider API status or error metadata. We do not collect or store your meeting provider password.
We use this data only to connect the account you select, display its connection status, create a unique meeting for a confirmed booking, update the meeting when a booking is rescheduled, cancel or delete the corresponding meeting when a booking is cancelled, and deliver the correct joining details through the booking channels you configure. We do not sell connected meeting provider data or use it for advertising.
Customer and End-User Data
Businesses that use DMRocket may upload, sync, or generate information about their own customers or leads. This may include names, phone numbers, Instagram identifiers, WhatsApp identifiers, email addresses, message history, conversation context, tags, notes, order information, booking details, preferences, and interaction history. We process this information on behalf of the business user to provide DMRocket services.
Payment Information
If you purchase a paid plan, payment information may be processed by our payment providers, including Dodo Payments and Stripe. We may receive limited billing details such as customer ID, subscription status, invoice status, plan selected, payment confirmation, and billing metadata. We do not store full card numbers on our servers.
3. How We Use and Process Information
We use the information we collect for the following purposes:
- To create, authenticate, and manage user accounts.
- To provide, operate, maintain, and improve the DMRocket platform.
- To connect and manage Instagram, WhatsApp, Google Calendar, Zoom, Microsoft Teams, Webex, GoTo Meeting, email, commerce, and other business messaging, booking, or customer channels that you choose to connect.
- To display connected business assets such as Instagram accounts, WhatsApp Business Accounts, phone numbers, business profiles, message templates, template statuses, connected calendars, connected meeting-provider accounts, booking settings, calendar sync status, and meeting-provider status.
- To receive, organize, and display customer conversations in a unified inbox.
- To check calendar availability, create and update booking events, generate provider-specific meeting links, reschedule or cancel connected meetings, sync booking status, prevent double bookings, and provide scheduling features that you configure.
- To send replies, approved WhatsApp message templates, automation messages, reminders, order updates, booking confirmations, calendar-related notifications, and customer support messages configured by the business user.
- To run automations, AI replies, lead tagging, follow-ups, customer segmentation, campaign workflows, booking workflows, and analytics.
- To process payments, subscriptions, invoices, trials, and billing-related communications.
- To provide customer support and respond to questions, complaints, and service requests.
- To monitor platform performance, debug errors, prevent abuse, protect against fraud, and secure our services.
- To comply with applicable laws, platform policies, legal obligations, and enforce our terms.
4. How We Use Meta Platform Data
DMRocket only accesses Meta Platform Data after a business user authorizes access through Meta login, Meta Embedded Signup, or another official Meta authorization flow. We use Meta Platform Data only to provide the features requested by the business user, including account connection, inbox management, customer messaging, automation, template management, analytics, and customer support workflows.
We do not sell Meta Platform Data. We do not use Meta Platform Data for purposes unrelated to providing and improving DMRocket's services. We do not request access to business assets that a business user has not authorized. We do not collect Instagram or WhatsApp passwords.
5. How We Use Google User Data
DMRocket only accesses Google user data after you authorize access through Google OAuth. We use Google user data only to provide and improve user-facing features that you request, including calendar connection, booking availability checks, booking event creation, event updates, event cancellation or rescheduling workflows, meeting details, reminders, and calendar sync status.
DMRocket's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We do not sell Google user data. We do not use Google user data for advertising. We do not allow humans to read Google user data unless it is necessary for security, debugging, support, legal compliance, or you have given us permission. We do not transfer Google user data to third parties except as necessary to provide or improve DMRocket features, comply with law, protect users, or as part of a merger, acquisition, or sale of assets with appropriate safeguards.
We request only the Google OAuth scopes needed for the booking and calendar functionality you choose to use. If you disconnect Google Calendar, revoke access, or request deletion, we will stop using new Google Calendar data unless you reconnect it.
6. How We Use Connected Meeting Provider Data
DMRocket accesses data from Zoom, Microsoft Teams, Webex, GoTo Meeting, or another supported meeting provider only after an authorized user starts the provider's OAuth connection from DMRocket and approves the requested permissions. We use the data only for the booking and meeting-management features described in our product and app listings, including identifying the connected organizer, creating a meeting for a booking, updating its date or time, cancelling or deleting it, and displaying or delivering the meeting link and connection status.
We request only the provider permissions needed for currently available functionality. We do not access meeting recordings, transcripts, chats, participant activity, webinars, reports, or unrelated provider data unless a future feature clearly discloses that access and you separately authorize it. We do not sell meeting provider data, rent it, use it to build advertising profiles, or share it for another party's independent marketing.
You may disconnect a provider from DMRocket and may also revoke DMRocket directly from the provider's application marketplace, account security, or connected-app settings. After disconnection or revocation, DMRocket stops requesting new provider data. We delete or disable the applicable OAuth credentials within a reasonable period, subject to limited security logs, booking records, legal obligations, and backup-retention requirements.
7. Legal Bases and Business Purposes
Depending on your location, we process personal information based on one or more legal bases, including performance of a contract, your consent, our legitimate interests in operating and securing the service, compliance with legal obligations, and the instructions of the business customer that uses DMRocket to communicate with its own customers.
8. How We Share Information
We may share information only as needed to provide, operate, secure, and improve our services, including with the following categories of service providers:
- Hosting and infrastructure providers: including Railway, Vercel, Supabase, and Cloudflare.
- Database, storage, and processing providers: including Supabase and Cloudflare R2 where applicable.
- Payment processors: including Dodo Payments and Stripe.
- Email and communication providers: used for account emails, support messages, invoices, alerts, and service notifications.
- Meta Platforms, Inc.: when you connect or use Instagram, WhatsApp, Facebook, or other Meta services through DMRocket.
- Google: when you connect or use Google Calendar, Google OAuth, Google Meet links, or related Google services through DMRocket.
- Meeting and collaboration providers: including Zoom Video Communications, Microsoft, Cisco Webex, and GoTo, when you connect those services or ask DMRocket to create, update, cancel, or deliver meetings through them.
- Legal, security, and compliance parties: when required to comply with law, enforce our terms, prevent fraud, protect users, or respond to lawful requests.
We do not sell your personal information, Meta Platform Data, Google user data, or connected meeting provider data. We do not share customer conversation, calendar, booking, or meeting provider data with third parties for their independent marketing purposes.
9. Data Storage, Processing Locations, and International Transfers
DMRocket is operated from India and uses service providers that may process data in other countries, including the United States and other locations where our infrastructure, hosting, database, payment, and support providers operate. By using DMRocket, you understand that your information may be processed and stored in countries outside your country of residence, subject to applicable data protection laws and safeguards.
10. Data Retention
We retain personal information and connected-channel data for as long as necessary to provide DMRocket services, maintain your account, comply with legal obligations, resolve disputes, enforce agreements, prevent abuse, and support security or audit requirements.
When you disconnect a Meta, Instagram, WhatsApp, Google Calendar, Zoom, Microsoft Teams, Webex, GoTo Meeting, or another connected account, we stop using new data from that account unless you reconnect it. We may retain limited historical data, logs, booking records, billing records, and backups for a reasonable period where required for security, legal, accounting, or operational purposes. If you request deletion, we will delete or anonymize applicable data unless we are required to retain it by law or for legitimate business purposes.
OAuth tokens are retained only as long as needed to provide the connected account functionality you authorize. When you disconnect a connected account or revoke authorization, we will delete or disable the applicable tokens within a reasonable period, subject to backup, security, and legal retention requirements.
11. Data Security
We use administrative, technical, and organizational safeguards designed to protect personal information and Platform Data. These safeguards may include access controls, authentication, encryption in transit where applicable, secure infrastructure, logging, monitoring, role-based permissions, and internal restrictions on who may access data.
However, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, but we work to protect your information using commercially reasonable safeguards.
12. Your Choices and Controls
- You may update certain account and workspace information in your DMRocket dashboard.
- You may disconnect connected Instagram, WhatsApp, Google Calendar, Zoom, Microsoft Teams, Webex, GoTo Meeting, or other supported accounts from your DMRocket dashboard where the feature is available.
- You may revoke DMRocket's access from your Meta Business settings or connected Meta account settings.
- You may revoke DMRocket's access to your Google account through your Google Account permissions or security settings.
- You may revoke DMRocket from the connected-app, security, or marketplace settings provided by Zoom, Microsoft, Webex, GoTo, or another connected provider.
- You may request deletion of your DMRocket account and associated data by contacting us.
- If you are a customer of a business that uses DMRocket, you may contact that business directly to exercise privacy rights related to your conversation, booking, or customer data.
13. Data Deletion Requests
You may request deletion of your personal data, DMRocket account, workspace data, and data synced from connected Instagram, WhatsApp, Google Calendar, Zoom, Microsoft Teams, Webex, GoTo Meeting, or other supported accounts by emailing us at [email protected] with the subject line "Data Deletion Request".
Please include the email address associated with your DMRocket account and enough information for us to verify and process your request. We will process verified deletion requests within 30 days unless a longer period is required by law, security, billing, dispute resolution, fraud prevention, or backup retention requirements.
If you want us to delete Meta Platform Data associated with your connected Instagram or WhatsApp account, please mention the connected account or business name in your request. You may also revoke DMRocket's access directly from your Meta account or Meta Business settings.
If you want us to delete Google Calendar data associated with your connected Google account, please mention the connected Google account email address or calendar connection in your request. You may also revoke DMRocket's access directly from your Google Account permissions or security settings.
If you want us to delete data associated with Zoom, Microsoft Teams, Webex, GoTo Meeting, or another connected meeting provider, please identify the provider and connected account in your request. You may also remove DMRocket directly from that provider's marketplace, security, or connected-app settings.
14. Children's Privacy
DMRocket is intended for businesses and is not directed to children. We do not knowingly collect personal information from children under the age required by applicable law. If you believe a child has provided us personal information, please contact us so we can take appropriate action.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes to our services, legal requirements, platform policies, or business practices. When we update this Privacy Policy, we will revise the "Last updated" date above. Your continued use of DMRocket after an update means you acknowledge the updated Privacy Policy.
16. Contact Us
If you have questions about this Privacy Policy, our data practices, or a data deletion request, contact us at [email protected].
DMRocket
Operated by DesignedCase
India
For privacy concerns or data deletion requests, contact us at [email protected].