GDPR

GDPR Compliance

Chatmefy is committed to protecting the privacy and rights of EU residents in accordance with the General Data Protection Regulation.

Our Commitment

Chatmefy fully supports GDPR requirements. As a company that operates its own AI infrastructure (rather than relying on third-party AI providers), we have complete control over how personal data is processed and stored.

We do not transfer data to third-party AI services, which means your EU customers' conversations stay within our GDPR-compliant infrastructure.

Your Rights

GDPR Data Subject Rights

As an EU resident, you have the following rights regarding your personal data.

Right to Access

Request a copy of all personal data we hold about you.

Right to Rectification

Request correction of inaccurate or incomplete data.

Right to Erasure

Request deletion of your personal data ('right to be forgotten').

Right to Portability

Receive your data in a machine-readable format.

Right to Object

Object to processing based on legitimate interests.

Right to Restrict

Request limitation of data processing in certain cases.

To exercise any of these rights, contact our Data Protection Officer.

Contact DPO
Data Processing

How We Handle Your Data

Lawful Basis for Processing

We process personal data under the following lawful bases:

  • Contract: Processing necessary to provide our services to you
  • Legitimate Interest: Analytics and service improvement (with opt-out available)
  • Consent: Marketing communications (optional, can withdraw anytime)
  • Legal Obligation: Compliance with applicable laws and regulations

Data Controller vs. Processor

As a Data Controller: Chatmefy is the controller for data we collect about our customers and website visitors (account info, billing, support requests).

As a Data Processor: When processing chat conversations on behalf of our customers, we act as a processor. Our customers are the controllers of their visitors' data.

Data Retention

We retain personal data only as long as necessary for the purposes stated in our Privacy Policy:

  • Account data: Duration of account + 30 days after deletion
  • Conversation data: As configured by the data controller (customer)
  • Anonymized analytics: Up to 2 years for product improvement
  • Billing records: 7 years (legal requirement)
Safeguards

Technical & Organizational Measures

How we protect personal data in compliance with GDPR requirements.

EU Data Centers

Primary data storage in Frankfurt, Germany with full GDPR compliance.

Standard Contractual Clauses

SCCs in place for any data transfers outside the EU/EEA.

Data Processing Agreements

DPAs available for all customers processing EU personal data.

Privacy by Design

Data protection principles built into our platform from the ground up.

Data Minimization

We only collect data necessary for the service to function.

Encryption

All data encrypted at rest (AES-256) and in transit (TLS 1.3).

Data Processing Agreement

We offer a Data Processing Agreement (DPA) to all customers who process EU personal data through Chatmefy. This agreement ensures GDPR compliance for your use of our platform.

Request Custom DPA

Data Protection Officer

For any GDPR-related inquiries or to exercise your data subject rights, please contact our Data Protection Officer.

Chatmefy Data Protection Officer

Email: dpo@chatmefy.com

Address: Chatmefy Inc., 548 Market Street, Suite 35000, San Francisco, CA 94104

We respond to all GDPR requests within 30 days.