Clustaar & GDPR
Our pledge to data protection and right of individuals to data
Right to data is fundamental for every individual. With organizations across the world collecting customer data to enable them to provide services. It becomes important that companies manage data in a transparent manner with the customer’s consent.
GDPR is one of the most important changes to data privacy regulations in the last two decades. It stands for “General Data Protection Regulation”. It establishes a new framework for handling and protecting the personal data of EU-based residents which came into effect on May 25, 2018. It provides the citizens of the EU greater control over their personal data and assures that their information is being securely protected across Europe.
Does GDPR affect you?
Yes! Although GDPR is a data protection framework for the citizens residing in the EU. It also applies to all companies that handle personal data of individuals from the EU, which means almost every major corporation in the world.
Clustaar GDPR Positionning
We are fully committed towards being GDPR compliant. We’ve built product features for great privacy and data control for our product.
As a SaaS company, Clustaar is to be seen as a Data Processor. The role of Data Controller is held by our clients. All the data we store and process is only used in the purpose of improving our client’s bots. User consent has to be managed by our B2B customers, who are directly dealing with their users; that’s why we ask them to do their best to be GDPR-compliant.
On our end, we have built our platform with the GDPR in mind. We have put in place all the necessary mechanisms to comply with GDPR rules and provide our customer with a GDPR-compliant service. The data we store (User IDs and conversation content) are processed with the new regulation in mind. Our privacy, security & data storage policies are also streamlined with the GDPR goals and objectives.
Final users IDs
Final users are only represented as a temporary ID, and are not associated to any metadata in our database. This means there is no way to retrieve their real identity.
Final users conversations
We only store the questions asked by the users to the bots, but with a very strict policy:
- questions are in a separated database
- user ids are different from the main database
- questions are encrypted (not readable in case of leak)
- questions are erased from database after two years
Questions are only stored with the purpose of improving the bot they relate to, understand its strength and weaknesses, and suggest improvements to it.
What about the right to be Forgotten?
Clustaar lets you delete your users conversations and date on the platform permanently. You can do it via the interface, or via API.
Is my users data stored in an EU data centre ?
Yes. All our data centers are located in Europe.
Does Clustaar use Webchat cookies?
No, the Clustaar webchat does not use cookies. It only uses the Local Storage of users which is not accessible remotely.
Does Clustaar Webchat collect user IPs?
The Clustaar Webchat does not harvest any datafrom users on websites. By default, it only assigns a random id to the user which is used to recognize the conversation context.Last messages are memorized in the local storage so they can be displayed again when users return, and provide them with a history of their conversation.Local storage can only be accessed locally through the user’s browser.
Other questions ?
For more information or questions about the Clustaar Privacy Policy and GDPR, please contact [email protected]
Subprocessors
Final users (users talking to the bot)
Amazon AWS | Anonymous User Queries Storage |
Google Cloud | APIUser Queries ComputingNLP Model TrainingConversation History |
Mlab | interlocutors id more detailsuser attributes more details |
Platform users (Bot Builder)
Mixpanel | Platform use tracking |