User data is safely stored in Europe. The Crisp core infrastructure is hosted in Amsterdam, The Netherlands. The Crisp plugin infrastructure is hosted in Frankfurt, Germany. User data is stored in our core infrastructure. We do not transfer user data outside of the EU.
1. Respect of Privacy
Here's what we do to protect user privacy:
- Before or at the time of collecting personal information, we will identify the purposes for which information is being collected.
- We will collect and use of personal information solely with the objective of fulfilling those purposes specified by us and for other compatible purposes, unless we obtain the consent of the individual concerned or as required by law.
- We collect data about visitors of websites using the Crisp chat client. This data is collected anonymously and is not directly bound to any identifiable user, whether it be its personal identity, or its network information.
- We will only retain personal information as long as necessary for the fulfillment of those purposes.
- We will collect personal information by lawful and fair means and, where appropriate, with the knowledge or consent of the individual concerned.
- Personal data should be relevant to the purposes for which it is to be used, and, to the extent necessary for those purposes, should be accurate, complete, and up-to-date.
- We will protect personal information by reasonable security safeguards against loss or theft, as well as unauthorized access, disclosure, copying, use or modification.
- We will make readily available to customers information about our policies and practices relating to the management of personal information.
2. GDPR Policy
Crisp strictly implements the GDPR regulation, that aims at protecting user data and providing a right to modify and delete such data, as well as to consent to data collection.
Our users can sign a Data Processing Agreement with us, for which documentation is available on our How to sign my GDPR Data Processing Agreement (DPA)? article.
3. Chatbox Cookie & IP Policy
- Cookies are necessary for chatbox functionalities; they are needed to restore the chat session and messages of a chatbox user when browsing between website pages and/or coming back on the website a few days after.
- Cookies have a default expiration time of 6 months, which is renewed if and when the user comes back to the website and loads the chatbox.
- Cookies bind an user to a single session. If that session contains messages, it is permanent (unless deleted by a website agent); otherwise the session is temporary and is destroyed 30 minutes after the last website access.
- Cookies are not used for tracking purposes. They are solely used to bind an user to a server-side session storage, which is then used for messaging purposes, in the event either the user or a website agent starts a conversation.
- The user IP address is stored in the server-side session storage that's bound to the cookie. If the user leaves without using the chatbox messaging features, the session (and thus the IP address) will be automatically removed from Crisp servers upon session expiration (ie. 30 minutes after last access; as stated above).
- The user IP address is kept indefinitely in the event the user started a chat session with a website on Crisp. We are legally required by the law of France to log those IPs in the event of a legal request (for a minimum duration of 1 year). Though, we keep those IP address longer as we need to aggregate them to protect our chatbox service against botnets and spam attacks, which occur frequently. The Crisp service could not function at the level our customers expect from us without statistics on those collected IP.
We are committed to conducting our business in accordance with these principles in order to ensure that the confidentiality of personal information is protected and maintained.