Data Tracking in the Web Chat Interface

**pete_nexus** · December 13, 2017, 4:57pm

Because of the whole GDPR regulation coming out next year, we’ve had some questions from potential clients about “What” data the web-interface scraps and logs. Is there a privacy policy somewhere online that outlays how data in and out of flow is captured, processed and stored? Would be really helpful in order for us to be able to use the product for more than just demos.

For instance, we tracked a function called ‘_getIPCallback’ in the web-interface, that presumably scrapped the IP and geo-location information of the user. How and where is this data used and stored?

Thanks in advance.

**DanielBeckett** · December 14, 2017, 9:53am

Hi @pete_nexus

There’s a Privacy Policy on the main site. There haven’t been any specific GDPR revisions made as of yet but that’s where we’d post any updates.

The Web Messenger itself is anonymous, and so the user name and user handle properties will be empty when you interact with a web visitor. Any session data is stored in cookies on the user’s browser but a record of Metadata associated against that interaction would be saved in your logs.

By default the Metadata would look something like the following:
Metadata
{
“firstTimeUser”: false,
“ip”: “12.345.678.987”,
“country”: “United Kingdom”,
“region”: “England”,
“timeZone”: “Europe/London”,
“longitude”: 14.5994,
“latitude”: 28.6731,
“browserName”: “Chrome”,
“browserVersion”: “63.0.3239.84”,
“operatingSystem”: “Windows”,
“operatingSystemVersion”: “10”
}

**pete_nexus** · December 18, 2017, 1:19pm

Awesome - Thanks Daniel - That’s really helpful. I can definitely go back and advise our clients with information like that.

A* service as always.

**PrzemekRoman** · January 21, 2018, 12:35am

Hi @DanielBeckett

As I understand GDPR requires platform or service providers to allow EU individuals to access, modify and delete their own data and EXPLICIT authorisation to collect and process data in the first place.
Exporting data is not a problem but what about ability to modify and delete users? I assume if these requirements are not met then the bot becomes illegal.

Please advise if you’re working on it as 25th of May if not far away.
Many thanks.

**KarenBarker** · January 22, 2018, 10:28am

Hi Przemek,

The development team are working hard to ensure the platform is fully GDPR compliant at the point GDPR regulations are enforced. Any additional features that need to be added to handle situations such as those you mention above will be in place before the 25th May.

**Santeri_Posio** · January 22, 2018, 12:40pm

Hey there!

Are you aware of the compliancy problems for example Facebook has? From my understanding running Facebook-bots after May is going to be against GDPR if Facebook doesn’t make changes to their platform.

Is FlowXO going to be available for facebook in the future too?

**DanielBeckett** · January 22, 2018, 12:52pm

Hi @Santeri_Posio

We can’t really speak for what changes Facebook may or may not have to make in regards to GDPR but if there’s anything we need to do from our side we’ll be sure to include that in any revisions we make before 25th of May. There’s certainly no intentions of dropping Facebook as a supported platform though.

**PrzemekRoman** · January 22, 2018, 12:53pm

Hi Karen,

Thank you for prompt reply.
Looking forward to an update.

**Santeri_Posio** · January 22, 2018, 1:04pm

Hey! Thanks for the reply.

But what if Facebook in itself is not GDPR compliant? As it stands, you can’t delete conversations with a page that has a bot attached. This is one very concrete example of Facebook not being GDPR compliant.

I’m just worried that if I use your platform to create bots I will end up getting fined

**KarenBarker** · January 22, 2018, 2:20pm

Hey,

To delete messages sent to your Facebook page you can go to your Facebook page > inbox and then archive the conversation. Once the conversation is archived you can then search and view your archived chats and then delete the conversation.

**Santeri_Posio** · January 22, 2018, 1:41pm

Yes - but this does nothing but delete the conversation from the page owner’s end. The customer can still see the chat log on their end. This means it remains on Facebooks’ servers and does not fulfill GDPR requirements.

This feature is also available ONLY on the legacy version of the Facebook inbox, which we have no certainty of how long it’s going to be even usable.

Sorry for being annoyingly sensitive about the subject - I just don’t want to build chatbots to Facebook and then proceed to get fined starting may if my product/service isn’t compliant.

**PrzemekRoman** · January 22, 2018, 1:46pm

Hi,

I believe Facebook will implement the changes that will make it fully compliant with GDPR.
Otherwise it will expose itself to a fines of up to 20 milion Euros or 4% of global turnover - whichever is higher. Even for Facebook it’s not petty cash
I know it doesn’t really answer your question though.

**pete_nexus** · January 22, 2018, 1:53pm

It’s pretty straightforward… don’t make Facebook bots!

**Santeri_Posio** · January 22, 2018, 1:56pm

Facebook is big enough not to comply - I’d bet my money their corporate lawyers could take on EU’s equivalent any day. This is what worries me.

And for Pete… yeah, it seems making Facebook-bots is not worth the risk at the moment!

**PrzemekRoman** · January 26, 2018, 10:12am

They have been fined by EU before and I would rather think shareholders wouldn’t be happy to give away 4% of FB’s global turnover…
Check this out: