Last updated: 2025-12-30

This page explains how ChatterKB handles data, protects customer information, and complies with the EU General Data Protection Regulation (GDPR).

ChatterKB is a B2B software-as-a-service platform that processes customer-provided content to deliver AI-powered knowledge bases, search, chat, and workflows. We act as a data processor under GDPR, while our customers act as data controllers.

GDPR Compliance Overview

ChatterKB processes personal data in accordance with GDPR, including Articles 28 and 32. We process customer data only on documented instructions from our customers and solely for the purpose of providing the service.

We provide a Data Processing Agreement (DPA) that incorporates Standard Contractual Clauses (SCCs) to support lawful international data transfers.

Data We Process

Depending on customer usage, we may process the following categories of data:

  • Account information (such as email address)
  • User-generated content (documents, messages, workflows)
  • Chat history and AI-generated responses
  • Metadata required to operate the service
  • Encrypted access tokens for third-party integrations (for example, CRM connections)

ChatterKB does not process passwords directly. Authentication credentials are managed by our identity provider.

Data Storage and Location

Customer data is stored in cloud-hosted databases and object storage. Where available, customers may request EU-based storage for application data and source documents.

Some processing activities currently occur in the United States, including:

  • Application hosting
  • AI inference using managed large language models
  • Object storage for retrieval-augmented generation (RAG) files

These transfers are governed by Standard Contractual Clauses and appropriate technical and organizational safeguards.

AI and Model Usage

ChatterKB uses large language models to generate responses and execute workflows.

  • Customer data is processed transiently for inference and response generation
  • Data is not retained after inference unless required for the customer’s account
  • Customer data is never used to train, fine-tune, or improve models
  • Model providers act as subprocessors under our DPA

Security Measures

ChatterKB implements appropriate technical and organizational measures to protect customer data, including:

  • Encryption in transit using HTTPS/TLS
  • Encryption at rest for databases and object storage
  • Logical tenant isolation
  • Access controls and least-privilege permissions
  • Secure handling of secrets and access tokens
  • Monitoring and incident response procedures

Data Retention and Deletion

Customer data is retained only for as long as the customer maintains an active account or as required to provide the service.

Upon account termination or written request, customer data is deleted within a defined retention period, unless legal obligations require longer retention.

Customers may also request export of their data at any time.

Data Subject Rights

Customers may use ChatterKB to support GDPR data subject rights, including:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restriction of processing
  • Right to data portability

As a data processor, ChatterKB assists customers in fulfilling these requests where applicable.

Subprocessors

ChatterKB uses trusted subprocessors to provide the service, including cloud infrastructure and AI service providers.

A current list of subprocessors is available at:

Contact

For questions related to data protection, GDPR, or this Trust page, please contact:

Email: privacy@chatterkb.com