Your data, our discipline.

EasyLiveChat Labs B.V. ("EasyLiveChat", "we", "us") is a private company registered in Amsterdam, Netherlands (KvK 89042116). Our registered office is at Herengracht 124, 1015 BT Amsterdam. For matters covered by this policy you may also reach our designated Data Protection Officer at dpo@EasyLiveChat.com.

EasyLiveChat is committed to processing personal data fairly and lawfully, in accordance with the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA / CPRA), and the laws of the jurisdiction in which you reside.

EasyLiveChat operates in two distinct capacities. When you sign up for an account, browse our marketing website, or contact our sales team, EasyLiveChat is the controller of your personal data.

When our customers (the "Workspace Owners") operate the EasyLiveChat platform to converse with their own end-users, EasyLiveChat acts as a processor on their behalf, governed by the separate Data Processing Addendum (DPA). End-users wishing to exercise their rights over data processed inside a Workspace should contact the Workspace Owner directly.

The categories of personal data we collect as a controller are:

• Account data — name, work email, hashed password, workspace name and slug, billing address (for paid plans).
• Usage data — IP address, browser user agent, pages visited, feature interactions, error stack traces. Used for product improvement and abuse prevention.
• Communication data — content of messages you send us through sales channels, email, or the public widget on EasyLiveChat.com.
• Payment data — handled by our PCI-DSS Level 1 payment processor Stripe. EasyLiveChat never receives or stores your full card number.

We do not sell personal data, and we do not engage in cross-context behavioural advertising as defined by the CPRA.

EasyLiveChat processes personal data on the following bases:

• Contract — to provide the platform you signed up for, manage billing, and deliver customer support.
• Legitimate interest — to monitor service health, prevent fraud and abuse, and improve our product. We balance this against your rights and have documented the assessment internally.
• Consent — for non-essential cookies and product marketing newsletters. You can withdraw at any time.
• Legal obligation — to comply with tax, accounting, and law-enforcement requirements.

EasyLiveChat uses a strictly limited set of first-party cookies. We do not embed third-party analytics on the marketing site by default. The cookies we set are:

• EasyLiveChat_session — authentication token, HttpOnly + Secure + SameSite=Lax. Lifetime 14 days.
• EasyLiveChat_locale — your preferred language, set when you toggle the UI language. Lifetime 365 days.
• EasyLiveChat_consent — your consent choice, so we do not re-prompt. Lifetime 365 days.

We use no tracking pixels, no fingerprinting, and no session replay tools. Our self-hosted Plausible Analytics instance stores only anonymised aggregate counts.

EasyLiveChat stores all customer data in the European Economic Area by default — primarily Frankfurt (eu-central-1) for production data and Dublin (eu-west-1) for off-site backups. Customers on the Growth and Enterprise plans may select Singapore or Virginia regions.

Where data is transferred outside the EEA we rely on the European Commission's Standard Contractual Clauses (2021) supplemented by technical measures including AES-256 encryption at rest and TLS 1.3 in transit.

We retain data only for as long as necessary to fulfil the purposes set out above. Specifically:

• Account data — deleted within 30 days of workspace closure.
• Conversation contents — retained according to your plan: 14 days (Free), 12 months (Starter), 36 months (Growth), or indefinitely (Enterprise).
• Server logs — retained for 30 days, then aggregated.
• Backups — purged on a 35-day rolling cycle.
• Invoices and tax records — retained for 10 years where required by law.

Subject to the conditions of the applicable laws, you have the right to:

• Access the personal data we hold about you;
• Rectify inaccurate or incomplete data;
• Request erasure ("right to be forgotten");
• Restrict or object to processing;
• Data portability — receive your data in a machine-readable format;
• Withdraw consent at any time, without affecting prior lawful processing;
• Lodge a complaint with a supervisory authority, e.g. the Dutch DPA (Autoriteit Persoonsgegevens).

To exercise any right, email privacy@EasyLiveChat.com and we will respond within 30 days. We may request additional information to verify your identity.

We maintain a documented information security programme aligned to ISO 27001 controls, undergo an annual SOC 2 Type II audit (the latest report is available under NDA), and follow secure development lifecycle practices including automated dependency scanning, mandatory code review, and quarterly third-party penetration tests.

In the unlikely event of a personal data breach affecting you, we will notify the competent supervisory authority within 72 hours and inform affected individuals without undue delay.

We may update this policy from time to time. Material changes will be communicated to active customers by email at least 30 days before they take effect. The version tag in the header records the calendar month of the current revision; previous versions are available on request.