Privacy taken seriously
Last updated June 2026
Running funnels means handling personal data: leads, orders, and the behaviour behind your analytics. When that data belongs to people in the EU or UK, the GDPR and similar laws set the rules.
Funneled is built to support your obligations: clear roles between us, support for data subject rights, a Data Processing Agreement, and data handling that follows privacy-by-design principles.
This page summarises our approach. It is not legal advice, and we are always happy to go deeper with your privacy or procurement team.
Clear data roles
You are the controller of your customers’ data. Funneled acts as your processor and handles that data only to provide the service, on your instructions.
Data Processing Agreement
A DPA covering how we process personal data on your behalf is available for customers who need one for their compliance.
Support for data subject rights
We help you respond to access, correction, and deletion requests so your customers can exercise their rights under the GDPR.
Only what is needed
We aim to collect and keep the personal data required to run your funnels and analytics, and no more, in line with data minimisation.
Controller and processor
Under the GDPR, the controller decides why and how personal data is processed, and the processor acts on the controller’s behalf.
For the data your funnels collect from your customers, you are the controller and Funneled is your processor: we process that data to provide the service and follow your instructions. For the limited data we hold about your own account and our relationship with you, we act as a controller.
Your customers’ rights
The GDPR gives individuals rights over their personal data. Because you are the controller, requests come to you, and we provide the tooling and support to help you respond. Those rights include:
- Access to the personal data held about them.
- Correction of inaccurate data.
- Erasure of their data where applicable.
- Restriction of, or objection to, certain processing.
- Portability of data they provided.
Data Processing Agreement
We make a Data Processing Agreement available to customers who need one. It sets out how we process personal data on your behalf, including our commitment to act on your instructions, keep data confidential, apply appropriate security, support you with data subject requests, and return or delete data when our agreement ends.
If you need a DPA in place, contact our privacy team and we will provide it.
Sub-processors
We use a limited set of vetted infrastructure and service providers to run Funneled, for example cloud hosting and supporting services. We choose providers that offer appropriate data protection commitments.
A current list of sub-processors is available on request, and we will give notice of material changes so you can stay informed.
International transfers
Where personal data is transferred across borders, we rely on appropriate safeguards such as Standard Contractual Clauses, so that the data keeps a comparable level of protection.
Security, retention, and deletion
We protect personal data with the security practices described on our security page, including encryption in transit and access controls.
We keep personal data while your account is active and for as long as needed to provide the service, and we return or delete it on request or when our agreement ends, in line with the DPA.
A note on selling data
We do not sell your data or your customers’ data, to anyone, for any purpose. We process it to provide Funneled, and that is it.
Privacy, GDPR, or DPA requests
Email us at privacy@getfunneled.com and we will get back to you.
Frequently asked
questions
Building for a team that
asks the hard questions?
Book a call and we will walk your security, privacy, or accessibility reviewers through how Funneled works.