Userlike Live Chat Software – Data Privacy Features and GDPR Compliance

Many businesses want to step up their customer support game through live chat. At the same time, they are increasingly concerned about GDPR compliance and wonder whether both are compatible.

Userlike offers a variety of functions that allow users to adhere to the GDPR. We also run on a rock-solid and future-proof infrastructure to ensure that all personal data is always securely stored at the right place.

Read on to learn more about the GDPR, our data privacy features, our GDPR-ready server setup and our general stance on data privacy.

Why data privacy matters to us

The latest trust meltdowns by Facebook and, to a lesser extent, by Slack, were painful reminders of what lax privacy policies can mean for users and businesses that trifle with their personal data.

At the same time, this shouldn’t be news to anyone. Trust has always been a cornerstone of any communication, be it between family, friends, or strangers engaging in a transaction. The GDPR, enforceable from 25th May 2018, only makes this principle a legal reality.

That’s why, as a company defining its mission as fundamentally improving communication between businesses and their customers, trust is an integral part of our product design.

And yes, of course there’s the economic perspective as well: In a time in which personal data is a currency of its own, data privacy too is a real differentiator.

The GDPR and its consequences in a nutshell

The GDPR…

  • replaces the 1995 Data Protection Directive and harmonizes legislation concerning the handling of personal data by organizations across the EU, and largely, also the UK, and Switzerland.
  • defines “personal data” as any data that refers to an identified or identifiable, actual person, or that makes a statement about the business relation of the person with another party. This includes, for example, name, address, email address, IP, cookies, and order history.
  • applies to any company for whom the handling of EU, UK, and Swiss citizens’ personal data is part of the core business. Also, to any company that handles such personal data and has more than 10 employees plus at least one business-related email address.
  • most likely also applies to any EU-, UK-, and Swiss-based subsidiary of a company outside these territories that collects data from citizens there – the 2014 case of EU vs. Google Spain showed how this can work.
  • grants any EU, UK, and Swiss citizen staying in one of these territories the right to request the disclosure, handover, and/or deletion of any of their personal data stored by one of the above-mentioned companies.

1
Data privacy chat features

Through these functions we allow our customers to adhere to the GDPR when supporting their customers.

Data privacy mode. This chat mode is basically a personal data filter for your chat sessions with web visitors. When enabled, none of their personal data is collected – unless they deliberately hand it over to you. The filter applies to IP, user agent, referrer and page visits.

screenshot of Userlike chat settings data privacy mode
Enabling data privacy mode disables Live Preview and Identitiy lookup.

The privacy mode doesn’t cover data your visitors submit themselves. For instance, in some chat modes you can require visitors to enter their name and email address before the chat starts. This personal data would then be saved, even in privacy mode.

Automatic routing of visitors to privacy-compliant chat widgets. With our Widget Router feature you can automatically present visitors with the widget that best suits their needs and preferences. The routing can be based on a visitor’s URL, user agent, geolocation, browser language, or device. Once the routing is complete, this data is deleted.

A simple privacy-oriented use case would look like this: If you assume that most of your visitors from Europe care about data privacy, you could have a Widget Router check whether the current visitor meets the criteria “geolocation: Europe” and, if the answer is yes, route them to the aforementioned Data Privacy Widget with its more restrictive settings.

Data privacy link on chat widgets. You can add a direct link to your chat widget that leads to your official privacy policy, or to a page with a less formal data privacy statement.

screenshot of Userlike chat settings data privacy mode
Enabling data privacy mode disables Live Preview and Identitiy lookup.

Informing your visitors proactively about your stance towards data privacy reduces service pressure and conveys a sense of transparency.

You can choose to point visitors to your own privacy policy or – if you’d rather inform them about the ramifications of the chat they’re about to start – Userlike’s privacy policy.

Data privacy disclaimer. Displaying a disclaimer ahead of the chat is your way to go full transparency. The text field is best used to explain to visitors how their personal data is handled. Furthermore, it prompts them to actively give their consent by clicking the check mark.

screenshot of Userlike chat settings data privacy disclaimer feature

Again, the text can either relate to your own or Userlike’s data handling practices. Our default text explains how Userlike deploys cookies and reassures visitors that they’re handled with care. It’s available in 25 different languages.

Option to disable live preview and identity lookup. Our live preview function allows your operators to see what web visitors are typing before they actually send the message. Operators can prepare their response earlier, which increases their speed and accuracy – two core principles of good customer service.

Technically, none of the text displayed to operators in the live preview is saved in chat transcripts or anywhere else unless your visitor sends it off.

Still, the feature may raise privacy concerns depending on what web visitors unsuspectingly disclose here, be it just for a moment. To acknowledge that this feature may cause some users unease, we've built in the option to turn it off.

Same goes for our identity lookup feature. If enabled, Userlike checks for your visitors’ online profiles based on the email address they enter before the start of the chat and pulls data from them, e.g. a profile picture or links to social media profiles.

If you run your chat widget in data privacy mode (explained above), both live preview and identity lookup are disabled by default.

Looking for better customer relationships?

Test Userlike for free and chat with your customers on your website, Facebook Messenger, and Telegram.

Read more

Operator anonymization. Privacy is not solely a concern between a company and its customers but also between a company and its employees.

If you want to protect your customer-facing employees’ identities, you can use our alias feature, giving your chat operators new names and profile pictures.

For internal privacy, you can choose to anonymize operator details when monitoring your support teams’ performance in our Analytics feature. This makes sense if you’re only interested in your whole-team performance and don’t want your team members to compete with each other.

You can even adjust the identifiability of your employees based on who in your team looks at the data.

2
Data access, export, and deletion features

As explained above, the GDPR entitles your visitors to request insight into what personal data of them is stored as well as its export and deletion. To make it possible and easy for you to respond to such request from visitors that you’ve served, Userlike offers the following conversation management features.

Chat search. If a visitor asks you to delete (a part of) their conversation history, you should be able to react swiftly without missing any relevant data. That’s why we offer a variety of filters with which you can sift through the mass of all chats saved in your Userlike account.

screenshot of Userlike’s chat search feature
Plenty of search filters to find every customer chat.

To find all chats with a particular visitor, the name and email search field will be your go-to options. If you’re running your chat widget in data privacy mode and therefore have less data of the visitor, the other filters will come in handy.

Individual and bulk chat export. Now, if your visitor asks you to show them all data you have on them in Userlike, you can simply run a search until all relevant chats are on display. Then you select some or all of them, depending on the visitor’s request, and export them in either CSV or Excel format. By sending this file to your visitor you will meet your duty of disclosure as stated in the GDPR.

Individual and bulk chat delete. Same route as for the chat export, only now you delete all selected chats.

Automatic message deletion. If you prefer to clean your slate on a regular basis with little effort, you can set a life cycle of between 1 and 36 months for your chat transcripts. After that, they are automatically deleted.

This feature is particularly popular among enterprises from the sectors banking, health, and insurance, where customer data contains extra sensible information.

Employee-specific data access rights. With our Roles feature you can limit team access to sensitive customer data based on your employees’ individual roles in the organization.

To map your company's data flow onto Userlike, you can choose whether a particular employee or department can both read and edit (delete/export) messages, only read them, or do neither.

3
GDPR-compliant infrastructure

Last but not least, data privacy is a matter of how and where the data is stored. All customer-related information processed by Userlike is encrypted before being saved, backed up daily, and stored purely on servers in Germany-based data centers certified according to ISO/IEC 27001.

Only components that contain no personal data whatsoever, namely the actual software, chat widgets and chat windows, are delivered from multiple regions through Amazon S3 and CloudFront – to maintain the highest possible content delivery speed.

The switch to Userlike - free, easy, GDPR-ready

If your business faces the challenge of stepping up data privacy efforts while wanting to step up their customer support game, check some worries off your list by testing a solution that lives up to GDPR’s standards of data privacy.

Our free trial allows you to test Userlike with full functionality for two weeks while our customer success experts are happy to answer any of your questions regarding data privacy and Userlike’s GDPR adherence.

Read this article in German or Dutch.