How GDPR affects your chatbot

You have likely heard of GDPR—perhaps you are wondering what this will mean for your chatbot? If so, you're in the right place! In this article, we will discuss the following topics:

Ensure your chatbot is GDPR-compliant

Just like any other application within your business, your chatbot will have to be GDPR-compliant. There are many different ways to go about complying with GDPR, and the rules also vary for different businesses. It’s therefore up to you to ensure compliance with the current regulations.

How Certainly stores conversation-specific data

Data relating to a conversation between a bot and an end user is stored in two different locations: the end user's browser and our database.

The data stored in the Local Storage of the end user's browser contains the following information:

  • BotId - The ID of the bot
  • UserId - The ID of the end user
  • AllMessages - Messages from the last active conversation
  • WebChat Widget state - The state of the Widget (open or closed)

If you want to know more about how we at Certainly handle data, please read our Data Processor Agreement.

Deleting data

To ensure that this data is deleted every time a new conversation is started, enable clear_past_conversations in the Widget script. The Local Storage data is also deleted every time a different bot is initialized in the same browser, as well as when the end user clears their cache. It's important to note that this data never goes anywhere else but the end user's computer, and that all the data is encrypted.

If you want to delete the conversation data for all end users who have used a given bot, we recommend using the Data Deletion function in Bot Settings. This will remove the data from our database.>