The management and protection of personal data of both our service users and their website visitors, are subject to the terms of this agreement and the relevant provisions of General Data Protection Regulation (GDPR) (EU) 2016/679. The GDPR is a regulation in EU law on data protection and privacy for all individuals within the European Union. It applies to companies based in the EU and global companies that process personal data about individuals in the EU. The regulation applies from 25 May 2018.
Does GDPR affect you?
If you process the personal data of anyone in the EU, GDPR applies to you—whether you're based in the EU or not. Beyond strengthening data privacy across EU nations, GDPR introduces new obligations for any organization handling EU citizens' personal data, regardless of location.
Features to help you comply with GDPR
As a data processor, onWebChat provides tools to help you stay GDPR-compliant. Admins can delete visitors and all related data, including chats and offline messages. You can also export a complete data record for any visitor on your website.
How we comply with GDPR
To ensure full GDPR compliance, we've implemented automated deletion for agent accounts and their associated data. We also offer an export feature, allowing you to download all data linked to your onWebChat account. Under GDPR, you have the right to access, correct, transfer, and delete your personal data.
Right to Human Intervention:
Our service operates on a hybrid model. Users and visitors can always bypass the AI chatbot to speak with a human agent, ensuring no significant decisions are made solely through automated processing.
Data Processing Agreement (DPA):
We offer a standard DPA for our business customers to ensure compliance with Article 28 of the GDPR. You can request our DPA at support@onwebchat.com.
AI Data Processing & Privacy
For our AI services powered by OpenAI, we act as the Data Processor. We've configured our integration so that data submitted via the API is NEVER used to train AI models. OpenAI stores data for a maximum of 30 days strictly for safety monitoring, after which it is permanently deleted. All AI-generated interactions are subject to the same GDPR rights as standard chats (Access, Deletion, Portability).
| Subprocessor/Third party service | Purpose | Country | Transfer Mechanism |
|---|---|---|---|
| Hetzner | Server/Data hosting | Germany | GDPR-compliant EU hosting |
| Zoho | Email hosting | USA | Standard Contractual Clauses (SCCs) |
| Google Inc | Cloud analytics | USA | SCCs / Data Privacy Framework |
| OpenAI | AI chatbot functionality (GPT-5.1) | USA | Standard Contractual Clauses (SCCs) |
| Braintree Payments (PayPal) | Payment processing | USA | SCCs / Data Privacy Framework |
| Amazon | Automated email sending and data backups | USA / Europe (Ireland) | SCCs / GDPR Compliant Nodes |
onWebChat website may use the following cookies on your browser when you visit our website:
PHPSESSID: used by PHP to keep track of sessions (session)
_ga , _gat , _gid: used by Google analytics to distinguish visitors
accept-cookies: set to true if we have visitor's consent to store cookies (2 years)
onwebchatf: store browser http_referer info (from where a visitor came) (10 days)
aff: if the visitor comes from an affiliator, stores the affiliator id (90 days)
onwebemail: used if selected "keep me sign in" - the email of the user (60 days)
onwebhash: used if selected "keep me sign in" - hash of encrypted password (60 days)
lang: used to remember the visitors' selected language (session)
For the functionality of live chat widget, the following cookies may be used. Also, the following cookies may be used by our users' websites (websites using onWebChat service), so you may need to inform your visitors about that.
Necessary notice: chat cookies such as onwbchtexpress.sid and io are strictly necessary for the functionality of the service, so they may not always require consent before loading. However, they should still be disclosed in your website cookie banner and cookie policy.
onwbchtexpress.sid : It's the identifier for your current onWebChat session (session)
io : keep socket.io session (session)
onwbchtclientid : It is a unique id so that onWebChat can identify visitors (1 year)
onwbchtsessionrandom : A random number used to identify visitors (used only on some browsers) (1 year)
onwbchtblocked : It is used to store if this visitor is blocked by an agent (6 months)
onwbchtSound : It is used to store sound On/Off preference of the visitor (if the visitor visit again this website or opens a new tab) (3 months)
onwbchtlastvisit : The last date visitor visited this website (3 months)
onwbchttimesVisited : How many times a visitor has visited this website (3 months)
inChatC : A flag indicating if this visitor is currently chatting. (4 hours)
hasTriggeredC : a flag indicating if a trigger has been shown (only when using triggers) (4 hours)
Also, the next cookies may be stored (for 1 day) if the visitors' browser doesn't support sessionStorage (iOS Safari):
sessionstorage.maxChat : a flag indicating if the visitor has maximized the chat window (so that it will be the same if he opens a new tab)
sessionstorage.chattext : the text of the chat, so that visitor can see the chat if he opens a website page on a new tab
sessionstorage.hideImage : a flag indicating if the visitor has hidden the image (on chat window)
sessionstorage.mustSendTriggerText : a flag indicating that the text of the trigger should be sent to the agent (for displaying the chat dialog)
sessionstorage.hasStartedWriting : a flag indicating if the visitor has started writing in the text area
sessionstorage.triggerText : the text of the trigger that has been shown to the visitor
sessionstorage.hasTriggered : a flag indicating if a trigger has been shown
sessionstorage.hasWrSeByTr : a flag indicating if the text "served by ..." has been written to the visitor chat
sessionstorage.secOnSite : how many seconds the visitor is on the website (only when used triggers for the whole website)