Hey Guys,
So we are proud to have built an award-winning chatbot for our client using FlowXo, however, with the impending GDPR changes have called into question where the FlowXo data is saved.
Can you please confirm where your servers are physically located and what happens to the personal user data that is saved on your server? Do you delete the data after a certain point?
I look forward to clarification on this as this will affect many businesses using FlowXo.
Thanks,
Raman
Hi Raman 
Congratulations on your award-winning bot ! 
That’s fantastic.
There’s some information we can email through. If you can confirm you’re email address and also let me know which platform you’ve built on. (is it Facebook Messenger ??)
Sarah
Hi Sarah,
Sure the email address is - raman@ality.co.uk
Yes it is built on Facebook Messenger.
Thanks,
Raman
Just following up to see when I can expect to receive the email.
our client needs to know this information urgently to complete the impact assessment of GDPR.
I will be very grateful for a swift response.
Thanks,
Raman
Hi Raman
That’s been sent if there’s any specific questions you need us to elaborate on let us know
Hope that helps !
Sarah
Hey - can you post this info publicly? It would be great to have more info publicly about flowxo and GDPR compliance. Thank you
Hi there,
I can confirm that before GDPR comes into effect Flow XO will be fully compliant and further legal documents will be made available. Once everything is in place there will be further updates. In the meantime I’ve dropped you some further information by DM.
Hey Karen.
Hope you’re doing great. Could you please share the GDPR information with us too.
Appreciate your help in advance.
Great. My main question is around the fact that users have to be able to delete their own data. How do you see being implemented with flowxo? or is it more of a issue where a user would request for data to be deleted and then it’s done on our side (not automatically)
Hi Ality,
From my understanding of GDPR a user must be able to request for his/her data to be deleted, but this doesn’t necessarily have to be a process that they can carry out independently. Over the coming weeks there will be changes around the Users page which will allow you to delete users if they request it.
Hey Karen. Would it be possible to NOT log the ip addresses of users? In the web messenger that is the only information that is collected, that can be considered “personal data”. If it were possible to overwrite ip with xxx.xxx.xxx.xxx then we would be GDPR compliant out of the box. I would very much like to avoid having users giving consent before opening a chat.
@Thomas_Brunkard There’s some information about the way we collect / handle this and some changes that are due soon we should be providing this extra detail on Monday by email. We will report back here with the specifics too - sorry you’ve waited a few days. Be back here soon
Hi @tbinzer
Thanks for your feedback on the Web Messenger metadata.
We’ve decided to remove the user’s IP address from our Web Messenger metadata so that Web Messenger bots will be GDPR compliant out of the box and you won’t need to get consent from your users when they first interact.
Please note that we also derive the user’s country, region, time zone, longitude and latitude from the IP address so they’ll disappear too.
We’ll make the change on Friday 15th June so you’ve got some time to check this out and make any changes needed.
Hi @Thomas_Brunkard,
Just a quick update to let you know that the change has now been made and so you will no longer receive the users IP address, country, region, time zone, longitude and latitude as metadata anymore. I hope this helps.
Hi All, where can I find documents on how personal data are treated by flowxo to be compliant with GDPR? Thanks