Q: GDPR
Is Tiny Chat GDPR compliant?
What happens to the collected email addresses?
bastien_barn
Oct 14, 2024A: We did not take a GDPR audit, but we are aiming at being GDPR compliant.
* No Personal Data Collection by Default: We don’t collect personal data or fingerprint visitors' browsers. The only cookie we use is to ensure users can resume their conversation if they return to the site. You can read more about our cookie policy here: https://tiny-chat.com/legal/data/.
* Handling Personal Data: If you choose to collect personal data (e.g., logged-in user info) via our JavaScript API, it's your responsibility to include this in your own privacy policy.
* Email Addresses: We don’t use the email addresses collected through the chat widget. These are only transmitted to you, the site owner. By default, when asking for an email, the message states: "This will allow us to respond to you by email if we are unavailable. We won’t use your email for newsletters or any other purpose." If you plan to use the collected emails for marketing purposes, you must modify this message in your dashboard (under Widget -> Texts) to obtain proper visitor consent in line with GDPR requirements.
TimTimPLUS
Verified purchaser
To my knowledge, it's not that simple and sending the user's email address first to your server (via API), then to Slack requires further steps to make it GDPR compliant. Any update on the audit that was mentioned in another thread?
Are you referring to the audit mentioned in this post? (I didn’t see another mention of an audit in the other questions.)
As for a GDPR audit, I’d be happy to undergo one, but we can’t afford it at the moment. However, we are working towards complying with GDPR guidelines to successfully pass an audit in the future.
As Tiny Chat, we act as your data processor. You are the data controller, meaning you decide what data to collect through Tiny Chat. If you enable email collection (which can be disabled at any time from your dashboard), you must state in your data policy that you use Tiny Chat as your data processor and that you have instructed Tiny Chat to collect emails after obtaining consent.
TimTimPLUSVerified purchaser
> Are you referring to the audit mentioned in this post?
Yes, I thought it was in another post.
Maybe instead of a full audit, booking a GDPR freelancer for a few hours is all you need.