GDPR Compliance

The information contained on this page is a commentary on the GDPR, as Chatfuel interprets it, as of the date of publication. We’ve spent a lot of time with GDPR and like to think we’ve been thoughtful about its intent and meaning. But the application of GDPR is highly fact-specific, and not all aspects and interpretations of GDPR are well-settled. As a result, this information is provided for informational purposes only and should not be relied upon as legal advice or to determine how GDPR might apply to you and your organization. We encourage you to work with a legally qualified professional to discuss GDPR, how it applies specifically to your organization, and how best to ensure compliance. CHATFUEL MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION ON THIS PAGE. This information is provided “as-is”. Information and views expressed here, including URL and other Internet website references, may change without notice. This document does not provide you with any legal rights to any intellectual property in any Chatfuel product. You may copy and use this information for your internal, reference purposes only.

What is GDPR?

On 25 May 2018, the most significant piece of European data protection legislation to be introduced in 20 years went into force. The EU General Data Protection Regulation (GDPR) replaces the 1995 EU Data Protection Directive. The GDPR strengthens the rights that individuals have regarding personal data relating to them and seeks to unify data protection laws across Europe, regardless of where that data is processed.As a result of this change, many organizations that have access to and process the personal data of EU-based users are subject to the rules and regulations that come into effect along with GDPR. Since many of our bot creators are based in the EU, while many of those outside the EU have EU-based bot users, we need to address these rules and regulations accordingly.

What has Chatfuel done to comply?

Chatfuel is a company headquartered in the U.S., but we have customers and bot users located in the EU. Despite the fact that we do not have any physical locations in the EU, we recognize the fact that many of our users are directly affected by the GDPR and expect us to comply in order to continue using our product and have the confidence that they can do it in accordance with the new legislation.

Therefore, we’ve addressed the GDPR requirements that would apply to us as processors (and in some cases subprocessors) of personal data by implementing specific legal, technical and organizational measures aimed to address data privacy and security concerns:

  • We’ve put in place the contractual measures in the form of a Data Processing Agreement in accordance with the GDPR requirements that would come into effect the day GDPR comes into force and all platform users will be asked to accept the terms prior to that date.

  • We’ve ensured that we have appropriate contractual measures in place with each of our data subprocessors such as cloud service and analytics providers.

  • We’ve implemented and outlined specific technical and organizational measures (Appendix 2 to the DPA) to ensure data privacy and security and have put in place internal protocols and processes to ensure that we can address the GDPR requirements with regards to storage, processing, and control of personal data.

  • We’ve updated our Privacy Policy to add EU-specific clauses

GDPR Compliance Webinar

Watch the recording of the GDPR compliance webinar we held on April 26, 2018 to go over the specifics of the legislation and how it applies to Chatfuel, our customers, and the bot users. We also discuss the measures we have taken towards compliance with the requirements.

Update: Facebook has released additional policy updates for Messenger related to new EU privacy laws. These changes are effective as of December 16, 2020. Visit our Messenger policy guide to find out how they may impact your chatbot.

Updated Terms of Use and Privacy Policy

In accordance with the GDPR requirements, we have updated our Terms of Use and Privacy Policy. We encourage you to read both documents in full and contact us if you have any questions.

These updates take effect on May 25, 2018. By continuing to use our services on or after that date, you acknowledge our updated Privacy Policy and agree to the updated Terms of Use.

What is personal data?

Who are data controllers, processors, and sub-processors?

Does the GDPR require EU data to stay (be hosted/stored) in the EU?

Does GDPR apply only to the EU residents’ personal data?

Does GDPR apply to territories outside the EU?

How to ensure compliance if I am using 3rd party integrations
(Zapier, Integromat, etc)

How do I handle user data deletion requests?

Can I continue using Chatfuel after May 25, 2017 and be sure that
I’m in compliance with GDPR requirements?

How to best communicate the steps Chatfuel has taken
to be GDPR-compliant

Additional Resources

Please refer to Facebook’s GDPR Portal as well as GDPR guidance from the Messenger Platform for additional resources and FAQs.If you have any additional questions or concerns, please let us know: [email protected]