How GDPR and consumer privacy laws affect your chatbot

Wonder what data regulations like the General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA) mean for your bot? Then you're in the right place! You'll want to consider your company's compliance requirements and goals when bot-building.

In this article, we'll discuss the following topics:

Ensure your bot meets your company's compliance objectives

Like any other application within your organization, your bot must comply with the relevant data collection and use regulations. The rules vary for different businesses, and there may be regulations specific to where your company and customers are located. There are many ways to comply with, for instance, GDPR or CCPA.

Therefore, it's your responsibility to ensure you comply with all relevant laws and regulations in your region and/or that of your customers.

Consider including a note in your bot's greeting message or Starting Module about how your customers' data is being used. You can even use CVars to set up flows based on whether users have accepted GDPR terms and conditions.

How Certainly stores conversation-specific data

Data relating to a conversation between a bot and an end user is stored in two different locations: the end user's browser and the Certainly Platform.

Data stored in the Local Storage of the end user's browser contains the following information:

  • BotId - The ID of the bot
  • UserId - The ID of the end user
  • AllMessages - Messages from the last active conversation
  • WebChat Widget state - The state of the Widget (open or closed)

This data never goes anywhere except the end user's device. All data is encrypted.

Data deletion within the Certainly Platform

To ensure this data is deleted every time a new conversation is started, enable clear_past_conversations in the Widget script. The Local Storage data is also deleted every time a different bot is initialized in the same browser and when the end user clears their cache.

If you want to delete conversation data for all end users who've used a given bot, we suggest using the Data Deletion feature in Bot Settings. This will remove the data from our platform.

Still curious about our data handling? Check out our Data Processor Agreement.

If you have any questions not answered here, just contact our Customer Success team.