How GDPR-compliant is Live Chat from HelpCrunch: Discussing the Nuances
Does HelpCrunch provide a GDPR-compliant live chat? Sure it does! In this article, we explain everything so that you see how your and your customers' data is 100% safe with us.
Written by Anastasiia Khlystova
 
    Data protection and transparency have always been at the core of our values at HelpCrunch. It’s what we’ve always believed in, and the GDPR law became yet another step to implementing better security and trust for our tools and services.
Just like many other businesses today, HelpCrunch is, sure thing, GDPR-compliant. This is cool, because it makes your data even more secure with us than before.
“But wait, what on earth is the GDPR?” – some of you may wonder. I got you from here. In a second, we’ll talk about every single detail you should know about the GDPR at this point and, specifically, why you should care about it
What is the GDPR?
The GDPR, or General Data Protection Regulation, is the new law that grants data security and privacy to all EU citizens. The regulation was put in force on May 25, 2018.
We all want to protect our private information from breaches and illegal usage, and that’s what the GDPR aims to provide. Basically, people get to have full control over the personal data that third-party companies may have about them.
Here’s how it’ll work in real-life. For instance, companies won’t be able to gather any of your personal information without your consent. And I mean, ANY. Not your name, emails, nothing.
Another common example is the right to require organizations to show what information they have on you and how they use it.
In fact, there’s much more to it. But the basic idea is the protection of people’s personal data.
Whom does the GDPR concern?
It’s important to note that the GDPR compliance refers not only to EU citizens. It also applies to you if:
- Your organization is doing business on the territory of the EU;
- Your organization has servers based on the territory of the EU;
- Your organization collects and processes any personal data of the EU citizens.
So, what I’m saying here is that you most probably should care about the new regulation and prepare your organization for it. The good news is, if you’re looking for a GDPR-compliant live chat, which HelpCrunch definitely is, we did everything possible on our end to make it easier for you, so keep reading.
How HelpCrunch has prepared for the GDPR
Our team has been working hard all this time to implement major changes in our system to be fully compliant with the new regulation. We’re aware of how important it is, so we want you to feel safe using our service.
How HelpCrunch complies with the rule inside the product
We did an in-depth analysis so that all the HelpCrunch areas are GDPR-compliant, cooperated with lawyers, compiled a list of required changes and legal requirements, drank tons of coffee, and got the job done.
Don’t hesitate to write us in the chat in case you have any questions or want more details about any of the below information.
So yeah, here’s a basic list of the GDPR-related changes done at HelpCrunch.
- Terms of Use and Privacy Policy
HelpCrunch has specific Terms of Use and Privacy Policy documents which were updated in June 2018. We also added the GDPR-related sections to them. The new paragraphs explain specifically how we collect and use your personal information, so you can always read about it in our documentation.
- Vendors
We’re looking into our vendors and legal arrangements with them. As of now, we’ve already entered GDPR-ready Data Processing Agreements (DPA) with our vendors to ensure your data and the data of your users are protected.
Note! If you want to sign the DPA with HelpCrunch or request any details about it, just email us at [email protected], and we’ll get back to you right away.
- Data storage and security facilities
First, our employees sign NDA’s with HelpCrunch and are legally obliged to keep your secrets safe.
We keep all our data on the territory of the EU. You can be sure that it’s secured with the TLS encryption (HTTPS) and backed up every day. While the payment information is not stored on our servers as it’s kept in Stripe.
As HelpCrunch is a GDPR-compliant business, your passwords are secured by employing salted hashing algorithms. We don’t use open sources for storage. Our uptime is 99% meaning that our systems are active almost without a break.
The HelpCrunch team does regular pentests of our own services as well as of companies that use our tools. We have established a precise procedure for incident responses, which includes escalation procedures, rapid mitigation, and postmortem.
We also provide an option of permission levels. You can set such permissions for particular teammates to include app settings, billing, user data, and the ability to send or edit messages.
What HelpCrunch implements for its users
As a software company, we provide customer support services. Needless to say, we use our own tools to make it of the highest possible quality.
First, your consent to process your personal data is our bread and butter. You won’t be able to start a chat with us unless you accept our Privacy Policy in the pre-chat form. Law is law.
Under the law, we provide a number of new functionalities to our own customer support so that it is GDPR-compliant. In other words, whenever you chat with our customer support team via live chat, you can be sure we respect and provide the following rights:
1. Right to be informed
The key concept of the GDPR is that no one can collect your personal data without your consent. And to give your consent, you must have a full picture of how it will be used. That’s your right to be informed.
HelpCrunch discloses all the details about the collection and usage of our customer’s personal data in our Privacy Policy. If you want us to send it right to you, just request it via chat or email us at [email protected].
2. Right of access
The right of access grants that, if requested, a company should provide you with a copy of the personal information that they have. And they should also clarify to you how they use it.
You can export all the personal information that HelpCrunch has about you from the “Account preferences” → “Export profile” at any moment. If you also want to receive full chat transcripts, chat with us, and we’ll send them your way.

3. Right to rectification
GDPR compliance implies that any EU citizen can demand to correct any of the errors in their personal data or complete it if necessary. So if you need to change any of your personal data or add corrections, chat with us, and we’ll change it within no longer than 30 days.
4. Right to erasure (right to be forgotten)
Not only that, but we can also delete completely all of your personal information that we have. And we will do it immediately at your request. Also, if you cancel your account at HelpCrunch, all your personal information will be automatically and permanently deleted in 6 months.
5. Right to restrict processing
Given that HelpCrunch is GDPR-compliant, you can cancel your account in our service, and we will stop processing your data immediately. It is possible to fully restore it though within 6 months – just log in to your account and renew the subscription. All the canceled accounts will be completely and permanently deleted after 6 months.
6. Right to data portability
The right of data portability grants that you can obtain your personal data from a company and reuse it as you want. Upon a request, HelpCrunch can export your data in a convenient format (CSV, JSON, or XML) and send it to you.
7. Right to object
The GDPR gives individuals the right to object to the processing of their personal data in certain circumstances. Individuals have an absolute right to stop their data from being used for direct marketing. You can always subscribe or unsubscribe from our emails in the “Notification settings” → “Insights” section by ticking the box:

Long story short, HelpCrunch will stay transparent about how we gather any personal data and will comply with the regulation. In case you have any GDPR-related questions or want to file a request, just email [email protected]. For general questions, use [email protected]. We are always more than happy to talk to you via chat.
How HelpCrunch helps you become GDPR-compliant
You may be sure that the HelpCrunch chat is GDPR-compliant. Here are the number of features that justify it:
1. Getting your customers’ consent to process their personal data
To obtain and process any of your customers’ personal data, you need to get their consent. That’s why we have the checkbox in a pre-chat form of the chat widget, where you can request users to agree with your Privacy Policy before starting a conversation.
Set a pre-chat form yourself. Just go to Settings → Website Widgets → Your Widget name → Widget Customization and check a corresponding field.

2. Right of access
Your customer can request a transcript of their customer support chats with you. We grant this right and will send a complete transcript of all the conversations with a given person immediately.
Also, you can download all the personal information about a customer right from a chat in a CSV format and send it to them. If you choose the “Email transcript” option, we will send their full chat history to a customer.

3. Right to be forgotten
If you press the “Delete chat” button, it will remove their personal information from your database completely and permanently. You can do it at any time and immediately.

4. Right to be forgotten for your employees
The GDPR will concern not only your customers but also your employees. HelpCrunch takes care of people who work with our tool – your customer support agents. After leaving a job at your company, they can request a total removal of their personal information from your database. You can do it in Settings → Team members → Delete.
This action will delete all the info about an agent, including their photo and a full name. Their chats with clients and first names will stay. However, we can remove them too, if you file a corresponding request to us.
5. Right to object
You can unsubscribe anyone from your HelpCrunch mailing list. By unsubscribing a client, they will be removed from all your auto and manual messages campaigns, which includes both email and chat notifications.

6. Right to rectification
You can manually edit any information that a user provided in a pre-chat form. Just click the corresponding field in a user’s profile and change the customer’s name, email, company, and phone.

It’s important to note that all the anonymous chats (those without username, email, phone, or company) are automatically removed for you after 9 months. For authenticated users, you can choose the time of removal and set it up in Settings → Automations → General:

Bottom line
As helpful as these features are, you still have to look through your own services and documentation to make sure you don’t shrug off GDPR compliance.
Your Terms of Use and Privacy Policy should clearly render to your users that you are using a third-party sub-processor to process their personal data. You should explain to your clients what rights they have under the GDPR and be ready to exercise them.
If you have any questions about the new regulation or changes at HelpCrunch, feel free to chat with us, and we will gladly answer them.
Now, is your company GDPR-compliant? 🙂
 
   
     
    