GDPR Compliance

Our Commitment

ChatClaw is designed with privacy by design and by default. We are fully committed to GDPR and UK GDPR compliance, both as a data controller (for our customers' account data) and as a data processor (for conversation data processed on your behalf).

Data Processing Agreement

All ChatClaw customers are covered by our standard Data Processing Agreement (DPA), which is incorporated into our Terms of Service. Enterprise customers may request a custom DPA. Contact legal@chatc.dev for details.

Where Data is Stored

• Cloud customers: All data is stored in EU data centres (Frankfurt, Germany)
• Self-hosted customers: Data never leaves your infrastructure
• No data is transferred outside the EEA without appropriate safeguards

Your Rights as a Data Subject

Your Customers' Rights

When your visitors interact with your ChatClaw AI employee, you are the data controller. ChatClaw provides tools to help you comply:

• Consent banners: Configurable pre-chat consent messages
• Data deletion: Delete individual visitor conversations from the dashboard
• Data export: Export any visitor's conversation history
• Retention controls: Set automatic data retention periods

Security Measures

• TLS 1.3 encryption in transit
• AES-256 encryption at rest
• Role-based access control
• Audit logs for all data access
• Regular security assessments
• MFA for all admin accounts

Sub-Processors

We maintain a list of sub-processors used to deliver the ChatClaw service. Current sub-processors include our hosting provider (Railway/EU), payment processor (Stripe), and email service (Resend). We notify customers before adding new sub-processors.

Breach Notification

In the event of a personal data breach, we will notify affected customers within 72 hours, in accordance with Article 33 of the GDPR.

Contact Our DPO

For any GDPR-related queries: privacy@chatc.dev