English Español Português (Brasil) Français Deutsch Italiano Română
Log in Start free trial

GDPR consent

Require visitors to accept your privacy terms before they can chat.

If your audience is in the EU (or anywhere with similar privacy law), you can't quietly collect name + email + message content. The visitor has to give informed consent first. This setting puts a tickbox + privacy link under the pre-chat form and blocks the first message until it's checked.

Turning it on

Chat → Settings → Security → GDPR consent. Flip the toggle, then fill in:

  • Consent text — the sentence the visitor has to agree to. Keep it short and accurate. Examples:
    • "I agree to the processing of my personal data as described in the Privacy Policy."
    • "I understand that this chat will be stored and may be used for follow-up."
  • Privacy policy URL — the full URL to your privacy page. It's surfaced as a link inside the consent text so visitors can read the policy before agreeing.

Save. The next visitor will see a checkbox they have to tick before the Send button becomes active.

What gets recorded

When a visitor consents, we record:

  • The timestamp of the acceptance
  • The exact consent text shown at that moment
  • The URL of the privacy policy linked at that moment

This sits next to their first message on the conversation, so months later — if someone exercises a right under GDPR Art. 7(1) — you can prove what they agreed to and when.

What "blocking" means

Without consent:

  • Pre-chat form is read-only.
  • Send button is disabled.
  • Bubble label and welcome message still render — the visitor just can't talk yet.

The widget never silently captures messages while consent is pending.

Pairing with the offline form

When the widget is in offline mode (outside business hours), the consent gate applies to the offline form the same way. The visitor has to accept before they can drop their email + message for follow-up.

What this doesn't do

GDPR is broader than chat consent. Things this setting does NOT handle:

  • Cookies dropped by other scripts on your site.
  • Long-term storage of chat history — that's governed by your plan's retention window, not by the visitor's consent here.
  • Right-to-erasure requests (those are handled from the agent inbox: open the conversation, ⋯ → Delete).

This setting is one piece of the compliance picture, not the whole thing.