Privacy Statement
Last updated on: 15 July 2026
Privacy is important to us, and we strive for a high level of protection concerning all processing of personal data.
Pursuant to the General Data Protection Regulation in the European Union and other laws around the world, this policy shall set out how we collect, use, communicate, disclose and make use of personal information.
At Crisp we focus on having your data stored in Europe. Therefore, we love to use Amsterdam, Netherlands, as processors for our core infrastructure, and prevent transferring data where possible. Read in more detail below about who processes your data, and where it is stored in the section of Parties we share your data with below.
Crisp does not sell or resell any kind of user data. Our business model is funded by our user subscriptions.
This privacy policy is available in English and French.
About Crisp
Crisp is operated by Crisp IM SAS, a French limited company, identified as:
- ID / SIREN: 833085806
- Address: 2 Boulevard de Launay, 44100 Nantes, France
- Email: dpo@crisp.chat
- Phone: +33240031187
- Website: https://crisp.chat/
Crisp as Data Controller
This Privacy notice informs you how Crisp processes data as data controller, for example, data related to marketing and sales, and job recruitment.
This Privacy notice does not apply to Crisp employees.
Please note that if you are a Workspace Member or Workspace Owner, we acknowledge the Customer being the owner of the data in the Workspace, and responsible for adding and removing Workspace Members, permission-levels, and Workspace settings, including disclosure of your data to Crisp, per our General Terms of Service.
Crisp as Data Processor
Crisp is a data processor, and acts on behalf of its Customers making use of the Crisp Platform and Services, in relation with their contacts (your customers). Your contact data is processed pursuant to the requirements of Article 28 GDPR, and within the scope and terms of the Data Processing Agreement included in the Customer's General Terms of Service, which you can download from within your Crisp account on the Crisp platform.
Crisp Products and Services
At Crisp we provide a variety of products and services, as listed here: https://crisp.chat/en/pricing/ and includes the Crisp AI Service, www.hugo.ai. This Privacy policy applies to all Crisp content, which is updated as frequently as possible.
Please note that we never train our AI model with our Customer's data.
What personal data do we collect
Name, email, organisation, inquiries, and related profile information. Based on your consent, when you give it voluntarily, we collect and use the information you provide, for example, when you ask to receive invitations to webinars or events, request a demonstration of our products and services, or contact us with an inquiry through any channel. We use this information to respond to you and to send the invitations, offers, and materials you have requested. With your consent, we also use your provided information to send you marketing updates and newsletters, and we may show you targeted and relevant advertisements via third-party platforms, based on your profile. Furthermore, we collect data through cookies and similar technologies on our website, such as your device and browser information, pages visited, and on-site activity, where you have consented to this through our cookie banner. You can review and change your cookie preferences at any time via the banner or our cookie policy.
Account information, social media presence, website cookies, business activities. When you create an account or request a demonstration of our products and services, we collect and process personal data to set up, maintain, and monitor your use of those products and services under our (pre-)contractual relationship, to pursue entering into a contract with you. This may include your name, role, and profile picture; your organisation and location; billing information, information about your organisation and its business activities so we can assess whether a partnership is a good fit; your social media presence and activity; website cookies; and other data needed to set up and manage the business relationship. Use of our products and services is governed by our General Terms of Service.
Contacts, and related information from Customer contacts and Customer business operations, including integration with third party tools and services, etc. We collect and process personal data, for the achievement of our contract with our Customer, to provide our Crisp Platform and Services to the Customer, and for the Customer to make use of our business tools and services, in connection with its own contacts. Use of our business products and services is governed by our General Terms of Service.
Customer service exchanges, contacting information, marketing information, system logs, system information, etc. We collect and process personal data, on the basis of our legitimate interest, to operate our products and services, to understand how they are used, and to engage with you about them. This may include your name, location and address, email, phone number, and type and volume of message exchanges; customer service exchanges; the date and time of your last activity and other profile information; metadata such as device and system information and location of use; system log data such as IP addresses; customer support records; the number of individuals added to an account; and information about the features used or engaged within the account.
Job applicant information. Where you apply or inquire about employment at Crisp, we process the personal data needed to assess your application, such as your CV, references, LinkedIn profile, and publications.
What are our purposes of processing
We use the personal data described above for the following purposes.
- To respond to you and provide information. We process your personal data to answer your inquiries and questions and to send you the information or materials you have requested or consented to receive.
- To provide our products and services under our contract with you. We process your personal data to monitor and pursue the contractual obligations we have towards one another, including detection of fraud, when you, for example, to set up and maintain your user account on our platform, and to give you access to our products and services and their functionality, including integrations with third parties and external APIs. We also use your data to invoice you correctly for your use of our products and services.
- To monitor and improve our products and services. We process your personal data to understand how our products and services are used by our customers and to monitor how they are performing, so that we can maintain and improve them.
- To monitor our AI model. We process your data to monitor the output and security of our AI models. Note that your data is not stored and kept to train our model.
- To operate our website and analyse its use. Where you have consented through our cookie banner, we use cookies and similar technologies to make our website function correctly, to remember your preferences, and to analyse how visitors use the site so we can improve it. Some cookies may also be used for marketing purposes, as described in our cookie policy.
- To engage with you about our products and services. We process your personal data because we believe you have an interest in our products and services, and, if you have already created an account with us, to encourage you to use our platform.
- To reach similar potential customers. We analyse data about our existing customers and contacts to identify and reach other organisations that may have similar needs. We detect patterns via automated analysis to predict relevance or interest of our products and services.
- To provide you marketing updates. We like to display relevant advertisements and marketing updates to you and may use third-party advertising or customer engagement platforms.
- To assess your application for employment. Where you apply or inquire about a role at Crisp, we process your personal data to evaluate your suitability, including reviewing your CV, references, LinkedIn profile, and any relevant publications.
- To comply with legal obligations. We process your personal data where we are legally obliged to process, or retain, such information, for example, for bookkeeping purposes, due diligence, or by law.
AI
Crisp AI Agent
The Crisp AI-powered chatbot and AI agent, https://hugo.ai, is developed in-house, and making use of different LL.M Providers (large language models, such as ChatGPT, Claude, etc.)
Hugo AI may use LLM providers, such as OpenAI, to generate responses. Crisp sends only the context needed for the request, and the provider returns an answer. This data is not stored inside the LLM model or used to train it by default. Customer data remains managed in Crisp.
You are informed that you are communicating with an AI system, not a human. Individuals are subject to automated decisions, as the output is produced without direct human intervention. Outputs are based on the information provided by the user during the interaction.
Crisp does not use input data to train the model further.
Personal data exchanged with the chatbot are processed in accordance with the GDPR pursuant to the purposes of this Privacy notice and stored only for as long as necessary for technical support and to understand if the service has been delivered and how the service quality is upheld, and unless otherwise required by law.
You have, also concerning the AI output of any of our tools and features, the possibility to exercise any of the rights as stated below.
In the event we are your data processor, your data controller has activated our AI agent with an LL.M provider of their choice. If you are an end user, you may request your right under any of the applicable laws with your data controller and we shall assist to the best of our ability.
Cookies
At Crisp, we use cookies and similar technologies to provide, secure, and improve our services.
Some cookies are strictly necessary for the operation of our platform, such as those used for authentication, security, session management, and core functionality. These cookies do not require your consent.
We also use optional cookies and similar technologies for analytics, performance measurement, and marketing purposes. These help us understand how our services are used, improve the user experience, and provide relevant communications and advertising. These cookies will only be used with your consent where required by applicable law.
Some cookies and tracking technologies may be provided by trusted third-party service providers, including analytics, advertising, and social media partners.
If you consent to marketing cookies or related advertising technologies, we may use information collected through these technologies to measure the effectiveness of our marketing activities and to deliver more relevant advertising. Where permitted by applicable law and as described here in our Privacy Policy, we may also use customer contact information for audience matching and customer engagement campaigns on third-party advertising platforms.
You can change or withdraw your consent at any time through your cookie settings in your browser, or contact us.
See also our Cookie Policy for full details on cookies used on crisp.chat and on websites that embed the Crisp chatbox.
How long do we retain your data
Account and customer data. We delete your account and all related customer data upon your request. If you wish to keep the account active but not engage for the moment, we keep the account information for maximum of 12 months upon which we will send you a notification that your account and related data shall be deleted unless you wish to activate your account. We keep all account information for as long as needed if we are commencing in a legal dispute.
Customer contracts. We keep relevant contracts or subscriptions sold, related to your accounts and services for up to ten (10) years.
Payment and billing data. Payment information will be retained only if the payment has failed, or if there are open payments. The corresponding card information in your account will be retained for a maximum of 15 months. If we must retain it by legal obligation subject to anti-money-laundering obligations, we will retain the data for as long as we are legally required to do so.
Meta data. We keep your account system logs, including IP addresses, user agents and time of connection for a maximum of one (1) year per French law. (For references: if the judiciary system sends us a search warrant, we have the legal obligation to respond and provide the logs up to one year that contain the looked-up information.)
Bookkeeping. We store information related to bookkeeping and business operations for up to ten (10) years.
Marketing information and prospects. We keep marketing data for up to three (3) years.
Job recruitment information. If you are hired, we keep your information for our bookkeeping by law for at least five years. If we had to disappoint your solicitation we will erase your job recruitment information within three (3) months, or keep it in our databases for future positions up to two (2) years if you have provided your consent to do so.
Cookies. Cookies are kept according to the cookie table in the cookie policy.
Aggregated statistical data. Data that has been collected or made anonymous does not identify you. We retain this data for as long as necessary to optimize our systems and products.
Parties we share your data with
To make our services available, Crisp shares data with external partners. We only use authorized, vetted, and contractually binding parties. You may review these partners in our sub-processors list.
Whenever "no data held" is mentioned, the aforementioned sub-processor is usually being used to pass data along over the network, without holding it on its permanent storage.
If Crisp is held to share data based on a legal obligation to an official authority, we will inform you, unless law or authorities prohibit us from doing so.
Any transfer of personal data, if applicable, is completed under the obligations of Chapter V of the GDPR, and subject to Standard Contractual Clauses where applicable.
How do we secure your data
We have implemented applicable technical and organisational security measures to secure your data. Our team closely monitors any unauthorized system access and has put in place multiple preventive measures to reduce the attack surface on our systems and services.
See for a comprehensive list of security measures that we have implemented our Security Practices docs page.
We further welcome security researchers and users to submit a security report to an encrypted email address (security@crisp.chat) for which we process the reports on a reasonable delay.
Note that if we experience a data breach causing a high risk to the rights and freedoms of individuals, we inform the user as soon as possible, and provide reasonable assistance as necessary to enable you to notify the breach to relevant authorities and/or data subjects if you are required to do so under relevant laws.
Individual rights
The GDPR grants any data subject rights regarding the protection of your personal data. We inform you about these rights in the list below.
If you wish to exercise (one of) these rights, you can do so via your personal account page, as referred to, or by contacting Crisp's Data Protection Officer via the contact channel as described at the beginning of this privacy policy.
- Right to be informed. We inform individuals via this privacy policy and directly when necessary concerning other data protection related matters.
- Close and delete your Crisp account. At any time you can close and delete your Crisp account, see instructions here how to close and delete my Crisp account. Note that a closed account is not necessarily deleted immediately.
- Access to the data we process about you. You may request access to the data we process about you via the contact information at the top of this privacy statement.
- Rectification of the data we have processed about you. You may request a rectification of incorrect or incomplete data we have about you or request us to supplement or modify this data. You may be able to rectify information by yourself via your account. If we are the data processor, we will refer to your data controller and assist the data controller to the best of our intentions.
- Right to delete your data. You have the right to delete your data, which you are able to do via the Workspace. See for further instructions how to close and delete my Crisp account.
We cannot always delete all your data:
- When you have an active workspace. You must first close your workspace.
- When you have outstanding payments.
- If we need to retain your data for reasons of public interest or public health.
- If we need to retain the data for establishment, exercise or defense or legal claim.
- If we are legally obliged to retain your data pursuant the request of an official authority.
For reasons of clarity, anonymous data cannot be deleted as we cannot re-identify you anymore.
In the highly rare instance where we must refuse to delete your data, we will inform you about the reasons for refusal, unless we are prohibited for doing so, and your right to lodge a complaint with the local data protection authority.
If we comply with your request to delete your information, your account will be terminated, which is an action that cannot be undone. You will need to create a new account to return.
- Withdraw your consent for marketing purposes and cookies. You have the right to withdraw your consent to the processing of your data for marketing purposes (if you are not an existing customer). You are able to unsubscribe from any marketing email via the 'unsubscribe link in the email. You will still receive emails related to your account or payment information unless you request us to delete your account entirely.
- You have the right to withdraw cookies that have been set by the chatbox via your browser.
- Request a portable copy of your data. You have the right to request an electronic copy of your data.
- Request to restrict processing. You may request to restrict processing of your data in the following situations:
- If you dispute the accuracy of your data for the period in which we have not yet verified the accuracy of the data
- If we process the data unlawfully, but you do not want us to delete your data
- If we no longer need your data for one of our purposes, but you want us to retain your data for the institution, exercise or substantiation of a legal claim
- If you have objected to the processing of the data on (one of) our legitimate interests and we have not yet responded to your objection.
- Right to object. You have the right to object to the processing of your personal data.
- Right to object to automated decision-making. You have the right to obtain human intervention, to express your point of view, and to contest the decision. You may also request an explanation of the logic involved and the consequences of the decision.
Requests and Authority Claims. Any request for data from any individual will be acknowledged if we are the data processor, or answered to by us if we are your data controller, within one month. This period may be extended with one month if your request is complex or if you have made several requests. We will inform you about this extension if we need to use it.
You may request any of these rights via the contact information on the top of our page. If you feel we have not provided you with adequate information or handled your request to your satisfaction you may file a complaint with the French Data Protection Authorities (CNIL), or initiate proceedings with the Courts in Nantes, France.
If we act as a data processor, we will refer you to the data controller to submit your request. We will assist the data controller to the best of our intentions.








