Data retention policy
Chatlio will retain personal information for as long as necessary to provide the products and fulfill the transactions you have requested, or for other essential purposes such as complying with our legal obligations, resolving disputes, and enforcing our agreements. Because these needs can vary for different data types, actual retention periods can vary significantly based on criteria such as user expectations or consent, the sensitivity of the data, the availability of automated controls that enable users to delete data, and our legal or contractual obligations. For example, to meet our legal compliance obligations, we maintain minimal account information for 7 years. This includes the email of the user who signed up for Chatlio, and the billing information including invoices at our payment processor. For all other data we delete as soon as practicable. For example, we purge all web access logs in no more than 90 days, including records of visitors who did not start a chat conversation.
Data archiving and removal policy
If the processing of personal information about you is subject to European Union data protection law, you can request access to, and rectification or erasure of, personal information.
To make such requests, contact us at email@example.com or review https://chatlio.com/legal/eu-privacy-summary/ for more details on contact options. When we are processing data on behalf of another party that is the “data controller,” you should direct your request to that party.
If you are a California resident and the processing of personal information about you is subject to the California Consumer Privacy Act (“CCPA”), you have a right to request deletion of the personal information we have collected about you. To delete specific pieces of personal information we will need to verify your identity to the degree of certainty required by law.
To make requests, please contact us at firstname.lastname@example.org or by using the contact information provided at the bottom of the policy:
When we are processing visitor’s data as a service provider to a business that is a Chatlio customer, you should direct your request to that business. You may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights under the CCPA. Before accepting such a request from an agent, we will require the agent to provide proof you have authorized it to act on your behalf, and we may need you to verify your identity directly with us.
Data storage policy
The personal information we collect may be stored and processed in your country or region, or in any other country where we or our affiliates, subsidiaries, or service providers maintain facilities. Currently, we primarily use data centers in the United States of America. The storage location(s) are chosen in order to operate efficiently, to improve performance, and to create redundancies in order to protect the data in the event of an outage or other problem. We take steps designed to ensure that the data we collect under this statement is processed according to the provisions of this statement and applicable law wherever the data is located.
We transfer personal information from the European Economic Area and Switzerland to other countries, some of which have not been determined by the European Commission to have an adequate level of data protection. When we do so, we use a variety of legal mechanisms, including contracts, to help ensure your rights and protections. To learn more about the European Commission’s decisions on the adequacy of personal information protections, please visit: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.
We are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. If third-party agents process personal data on our behalf in a manner inconsistent with the Privacy Shield Principles, we remain liable unless we prove we are not responsible for the event giving rise to any damages. If you have a question or complaint related to our complaince with the Privacy Shield Principles, please contact us as indicated at the bottom of this privacy statement. For any complaints related to the Privacy Shield that cannot be resolved with us directly, you may refer the unresolved matter to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the BBB National Programs, at https://bbbprograms.org/privacy-shield-complaints/. The services of BBB National Programs are provided at no cost to you. Finally, as a last resort and under limited circumstances, a binding arbitration option is available to address certain residual complaints under the Privacy Shield not resolved by other means.
We take reasonable and appropriate steps to help protect personal information from unauthorized access, use, disclosure, alteration, and destruction. All traffic and data is encrypted in transit and we leverage Amazon AWS for hosting Chatlio infrastructure. Access to internal systems are tightly controlled and only those people that require access are given access. Services only expose the ports that are necessary. We monitor logs for abuse and misuse. All backups are encrypted and purged after a short amount of time.
Data center location(s)
Data hosting details
We run Chatlio in AWS in United States regions. Our data is stored in an AWS RDS postgres database.
App/service has sub-processors
Guidelines for sub-processors