Privacy Policy

Updated: October 6, 2021

This Privacy Policy is meant to help you understand what data we collect, why we collect it, and what we do with it. Please, take the time to read our Privacy policy carefully. It will help you understand what data we collect, why we collect it, and what we do with it. We want you to be clear how we’re using information and the ways in which you can protect your privacy. This Privacy Policy (this “Privacy Policy”) describes SessionStack’s, (“SessionStack”, “We”, “Us” or “Our”) privacy practices with regard to information, including Personal Information (as defined below), that We collect and receive from: (a) visitors to SessionStack’s website located at (the “Site”) and (b) users of Our services (“Services”), software (“Software”), and other content (excluding content provided by users) made available by SessionStack through the Site. “Personal Information” means information that allows someone to identify or contact You, as well as any other non-public information about You that is associated with or linked to any of the foregoing, and can include, for example, an individual’s first and last name, address, telephone number, e-mail address, credit card or other account number. “Anonymous Information” means data that is not associated with or linked to Your Personal Information; Anonymous Information does not, by itself, permit the identification of individual persons. This Privacy Policy is incorporated into, and considered a part of, the SessionStack Terms of Service [] (“Terms of Service”). If any provision in this Privacy Policy is inconsistent or conflicts with any provision in the Terms of Service [], this Privacy Policy will prevail with respect to the subject matter hereof. Capitalized terms used in this Privacy Policy but not defined in this Privacy Policy have the meanings given to them in the Terms of Service. If you have any questions, please, contact us at:

Who we are

SESSIONSTACK means SESSIONSTACK Ltd., UIC 203943168, with registered seat and address: Sofia, 1729, Mladost District, Mladost 1A, 33 Aleksandar Malinov Blvd., represented by Alexander Zlatkov, e-mail: It is important to note that SESSIONSTACK is acting both as a Data Controller and as a Data Processor within the realm of GDPR compliance. We are a controller with respect to our visitors and Clients interacting with our website We are a processor (and occasionally a subprocessor) with respect to the Clients’ end users whose data we receive from our Clients. Each SessionStack Client is a data controller and SessionStack is acting as Client’s data processor for its website End Users. In this respect, each SessionStack Client shall be obliged to comply with GDPR requirements by updating their own Terms of Service and/or Privacy Policy. Each SessionStack Client, processing personal information of data subjects, who are in the EU/EEA and the processing relates to the offering to them of goods or services in the EU/EEA or the monitoring of their behavior in the EU/EEA as well as when the processing is carried out in the context of the activities of an establishment of Client in the territory of the EU/EEA, shall be required to conclude our Data Processing Addendum.


By submitting or uploading Personal Information through Our Site or the Services, You agree to the terms of this Privacy Policy and You expressly consent to the collection, use and disclosure of Your Personal Information in accordance with this Privacy Policy.

Information Collection and Use

SessionStack collects Personal Information and Anonymous Information, as described below. We use information that We collect to create Your account, fulfill Your requests, improve Our Site and Services, contact You, conduct research, create reports for internal use, and in the manner described below. (a) Collection by SessionStack. Some specific types of information, which may include Personal Information, that SessionStack may collect and use (directly or through third party service providers) includes the following: (i) Registration Information. When You register for the Services, We will ask You to create a user ID and may ask for information such as Your first and last name, email address, organization (optional). We may use the Personal Information You submit during the registration process to send You Services-related communications. We may also use such Personal Information to send You electronic newsletters or promotional emails, unless You have requested not to receive such promotional communications from Us as described below. (ii) Feedback; Communications. If You provide Us Feedback or contact Us via e-mail or participate in Our polling activities, We will collect Your name and e-mail address, any information requested in our Feedback or polling forms, as well as any other content included in the e-mail or Feedback and polling forms you send to us. Any Feedback You provide will be governed by the [Terms of Service] []. We may use Personal Information submitted in Your communications to contact and respond to You and otherwise in the same manner as described above for registration information. (iii) Log File Information. When You register with or view Our Site, Our servers collect information such as Your web request, IP address, browser type, number of clicks, domain names, landing pages, pages viewed, and other browsing information. This information is used to improve the Site and Services. (iv) Cookies. To understand how we use cookies read our Cookies Policy [] (“Cookies Policy”) (v) Beacons. When You register with or view Our Site, We may employ web beacons, which are used to track Your online usage patterns. No Personal Information from Your SessionStack account is collected using beacons. (vi) Other. If additional Services and/or communications are offered in the future through Our Site and You opt-in to use such additional Services and/or communications, we will collect Your name and e-mail address and any other information we specify in the user interface where you opt-in. We may use such Personal Information to send you the corresponding additional Services and/or communications, as well as for any other purposes stated in this Privacy Policy. (b) Collection by Third Party Tools. The Service may also contain third party tracking tools from Our service providers. Such third parties may use cookies and application programming interfaces in Our Services to enable them to collect and analyze user information on Our behalf.

Information Sharing and Disclosure

SessionStack does not rent, sell, or share Personal Information about You with other persons or entities, except with Your permission, as described above, or under the following circumstances: (a) Customers. We may provide to our customers who are using the Services the names, e-mail addresses, and usage data of visitors to the customer’s website(s) from which such Personal Information was obtained. The customers may use such Personal Information only in accordance with this Privacy Policy and their own privacy policy or terms of use governing the website from which the data was obtained. (b) Service Providers. We may provide Your information to third party service providers who work on behalf of SessionStack and need the information to perform services for Us. These third party service providers are required not to use Your Personal Information other than to provide the services requested by SessionStack. (c) Payment Processors. We may provide Your credit card and related billing and payment information to third party service providers engaged on SessionStack’s behalf, including payment processors and/or credit agencies, for the purposes of checking credit, effecting payment, and servicing Your account. (d) Other Disclosures. Regardless of any choices You make regarding Your Personal Information (as described below), SessionStack may disclose Your Personal Information (a) to respond to subpoenas, warrants, court orders, lawful requests or legal process, (b) to establish or exercise Our legal rights or defend against legal claims or protect other users, (c) in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, or as otherwise required by law, or (d) to investigate, prevent, or take action regarding any violation of this Privacy Policy or Our [Terms of Service] []. (e) Affiliates. Although We currently do not have a parent company, any subsidiaries, joint ventures, or other companies under a common control (collectively, “Affiliates”), We may in the future. We may share some or all of Your Personal Information with Our Affiliates in which case We will require Our Affiliates to honor this Privacy Policy. (f) Acquirer. If SessionStack is acquired by or merged with a third party, that third party will possess the Personal Information collected by Us and will assume the rights and obligations regarding Your Personal Information as described in this Privacy Policy. In the unlikely event that SessionStack is subject to bankruptcy proceedings, Personal Information collected by Us would be among the assets that may be transferred to a third party in such proceedings. (g) Anonymous Information. We may create Anonymous Information records from Personal Information by excluding information (such as Your name) that make the data personally identifiable to You. We reserve the right to use and disclose Anonymous Information at Our discretion.

Subprocessors and Processing Out of EU

For providing quality services Sessionstack engages processors and subprocessors, carefully selected according to their capacity for personal data protection and processing in compliance with Sessionstack’s obligations under the GDPR. We provide personal data to our processors and subprocessors to process it for us, only based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures. None of our processors has the right to use your Personal information beyond what is necessary to assist Us in making our work possible. When We cooperate with third parties and they process your personal data on our behalf, we make sure your personal data is being handled with the same integrity and security as We do. Based on the above, SessionStack stores personal data in the European Union and out of the EU, including in the United States of America, where some of our processors and subprocessors are based. After the Court of Justice of the EU abolished the EU-US Privacy Shield in July 2020, the USA are regarded as a third party not ensuring an adequate level of protection. Any transfer of personal data outside the European Economic Area is done by us only under strict compliance with the GDPR. We ensure the third-party recipients in non-adequate countries conclude the EU standard contractual clauses (EU SCC) with us or follow appropriate safeguards pursuant to art. 46 GDPR. Sessionstack uses as Subprocessors and User personal data may be transferred to the providers of the following services:

  1. Customer relationship management;
  2. Email automation software;
  3. Email server;
  4. Payment gateway;
  5. Hosting services;
  6. Billing software services;
  7. Communications software;
  8. Survey software.

We may replace our processors from time to time following the above rules of strict selection. Updated information about the list of current processors may be found at all times in our Privacy policy and we may inform you about such updates. If you need an extensive overview of our trusted partners, please, contact us at:


(a) Opting Out. We may periodically send You free newsletters and e-mails that directly promote the use of Our Site and Services. When You receive newsletters or promotional communications from Us, You may indicate a preference to stop receiving further communications from Us and You will have the opportunity to “opt-out” by following the unsubscribe instructions provided in the e-mail You receive or by contacting Us at (b) Services-Related Communications. While You may “opt-out” of certain Services-related communications by following the unsubscribe instructions provided in the e-mail You receive or by contacting Us at You may not, despite Your indicated e-mail preferences, “opt-out” of other Services-related communications regarding Your account or the Service Subscription purchased by You, including receiving notices of any updates to Our Terms of Service or this Privacy Policy, except by terminating Your account.

Access to Your Data, Check Its Accuracy and Correct It

You have the right to request a copy of your personal details at any time, to check the accuracy of the information held and/or to correct or update this information. You may also ask your personal information to be deleted completely, if no enquiry from you is in progress. We will make commercially reasonable efforts to provide you with reasonable access to any of your personal information we maintain within 30 days as of receipt of your access request. Please, note that after deleting your information, you shall not be able to use adequately the SessionStack Services. To protect your privacy and security, we will take reasonable measures to verify your identity before providing you the requested information on personal data. You may change some but not all of Your Personal Information in Your account by editing Your profile within Your account. Please note that We may keep that information for legitimate business or legal purposes or be required (including by GDPR) to keep certain of Your information and not delete it (or to keep this information for a certain time, in which case We will comply with Your deletion request only after We have fulfilled such requirements). We may reject requests that are unreasonably repetitive, require disproportionate technical effort (for example, developing a new system or fundamentally changing an existing practice), risk the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backup systems). Where we can provide information access and correction, we will do so for free, except where it would require a disproportionate effort. If you wish to access, delete (in some cases) or correct your personal information please contact: However, if an End User interacts with one of our Clients and the End User seeks to access, or correct, amend, or delete inaccurate data, the End User should direct its inquiry to the Client because the Client is the data controller. If the Client requests us to remove the Personal Information, we will respond to their request within 30 days. Complaints, in case of conflict, can be addressed to: If you file a privacy-related complaint, we will collect your name and/or company name, name of a complaint-related person, email, and country location and details that gave rise to your complaint. We will use the information you provide to investigate your complaint and to send you an answer once your complaint is reviewed.

Supervisory Authority

For claims in connection with your data protection rights, you can address the supervisory authority of Bulgaria, which is the Commission for personal data protection. More information can be found at:


We make reasonable efforts to protect Your Personal information, but no company, including SessionStack, can fully eliminate security risks connected to handling information on the Internet. For example, Your Personal Information may be affected by actions outside of Our control, such as computer “hacking” and physical theft. You acknowledge that You provide Your Personal Information at Your own risk.

Third Party Websites, Products, Services, Content, and Links

Please be aware that the terms of Our Privacy Policy do not apply to third party websites, products, services, or content or to links provided for the foregoing on Our Site or through the Services. Third party providers of such third party websites, products, services, or content, may collect (via tracking technologies like cookies or web beacons) and use anonymous information regarding Your interaction with the third party website, product, service, or content that they deliver and with which You interact.

Changes to Privacy Policy

This Privacy Policy may be amended by SessionStack from time to time. Any changes to this Privacy Policy will be effective upon the earlier of thirty (30) calendar days following SessionStack’s dispatch of an e-mail notice to You or thirty (30) calendar days following SessionStack’s posting of notice of the changes on the Site. These changes will be effective immediately for new users of the Site, Site Content, or Services. Continued use of the Site, Site Content, or Services following notice of such changes shall indicate Your acknowledgement of such changes and agreement to be bound by the terms and conditions of such changes. If You object to any change, Your sole recourse shall be to immediately terminate Your account and cease using the Site, Site Content and Services. You should periodically visit this page to examine the then current Privacy Policy.


If You have any questions about this Privacy Policy, please contact Us by e-mail at marking the message “Attention: Privacy Policy.”

See what SessionStackAI can do for your business