ChatBot DSGVO data protection compliant

Live Chat and ChatBot 100% DSGVO data protection compliant

Founded and developed in the middle of Germany - Data protection compliant

We also focus on data protection when hosting. All personal data is encrypted and stored on servers in Germany. Here you will find some tips on how to deal with the topic: Operating ChatBot in a DSGVO data protection compliant manner.

Personal data - what needs to be considered

With the entry into force of the General Data Protection Regulation(GDPR) on 25 May 2018, the handling of personal data has been tightened. If you use a ChatBot or Live Chat on your website, this data is also subject to data protection. Therefore, the use of a German ChatBot is expressly recommended, as otherwise the data storage usually takes place abroad.

Privacy and data protection

ChatBot4You chat does not collect any personal data during an ordinary conversation. Only data that the customer explicitly provides is transmitted. If you request personal data from the customer for further processing with the integrated ChatBot in the course of a conversation, the customer can issue a consent dialogue for the collection of personal data directly before the request for data. The customer's consent is recorded. If the customer denies consent, the ChatBot cancels the questioning.

Data subjects' rights

An important part of the GDPR is to give customers certain rights when dealing with your data. Customers need to know what data you collect, hold and process from them. The functions for viewing data, correcting data and deleting data, which are integrated in the chat window and accessible to every user, save you time and give your customers a feeling of security. Via the data protection link leading to your privacy policy, you can openly and transparently inform about your data protection policies.

ChatBot and data protection

In order to be able to operate a ChatBot in compliance with the GDPR, the following points must be particularly observed:

  • Collect / use personal data
    The same DSGVO regulations apply here as on your website.

    Basically, the ChatBot of ChatBot4You can be used completely anonymously. No personal data is collected via the chat on the website, unless you ask the user to provide such data. Via the chat in Facebook Messenger, the name, profile picture and mail address of the user are collected and stored.

  • Right to be forgotten / data access
    Every user has the right to inspect the data that a company stores about them, to change this data or to delete it. According to DSGVO, every user has the "right to be forgotten". If a user insists on it, you must remove all user data from the database.

    Each user can delete the entire chat history via the menu in the chat window of the website itself. You can permanently and completely delete a single chat history including all data at any time.

  • Consent
    Before storing personal data, the user must consent to the storage process.

    No data is collected via the chat on the website. If you request data such as e-mail address or name, you can use the ChatBot to draw the user's attention to the storage and obtain his or her consent.

  • Order processing
    With external service providers, you must conclude an order processing contract in accordance with DSGVO.

    We provide you with a ready-made contract for commissioned data processing in the customer menu. You can conclude this contract directly with us online.

  • Privacy policy
    Your privacy policy should be up-to-date and adapted to the use of ChatBot or Live Chat.

    A corresponding sample privacy policy is available for you to download.

  • IT security
    The GDPR obliges to take technical and organizational measures for data protection.

    ChatBot4You stores the data in a German data center. All communication content and customer data is stored and transmitted in encrypted form. The offices are also secured with a biometric access control. Access is only permitted to employees during office hours. Visitors are always escorted. All access devices are password protected.


This does not constitute legal advice, but is only intended to provide a small insight into data protection (DSGVO) in dealing with ChatBots. There is also no guarantee for completeness and correctness. Please talk to your lawyer and data protection officer.


Translate page