We are fully committed towards being GDPR compliant. We’ve built product features for great privacy and data control for our product.
As a SaaS company, Clustaar is to be seen as a Data Processor. The role of Data Controller is held by our clients. All the data we store and process is only used in the purpose of improving our client’s bots. User consent has to be managed by our B2B customers, who are directly dealing with their users; that’s why we ask them to do their best to be GDPR-compliant.
On our end, we have built our platform with the GDPR in mind. We have put in place all the necessary mechanisms to comply with GDPR rules and provide our customer with a GDPR-compliant service. The data we store (User IDs and conversation content) are processed with the new regulation in mind. Our privacy, security & data storage policies are also streamlined with the GDPR goals and objectives.
Final users IDs
Final users are only represented as a temporary ID, and are not associated to any metadata in our database. This means there is no way to retrieve their real identity.
Final users conversations
We only store the questions asked by the users to the bots, but with a very strict policy:
- questions are in a separated database
- user ids are different from the main database
- questions are encrypted (not readable in case of leak)
- questions are erased from database after two years
Questions are only stored with the purpose of improving the bot they relate to, understand its strength and weaknesses, and suggest improvements to it.
Right to be Forgotten
Clustaar lets you delete your profile on the platform permanently. You can delete your account and all the data associated.
Right to Portability
Clustaar supports export requests. You can ask for all your profile data on the platform.
Is my users data stored in an EU data centre ?
Yes. All our data centers are located in Europe.