free trial

Last Updated: September 1, 2025

Welcome to Authenti! This Privacy Policy explains how Authenti (“Authenti,” “we,” “us,” or “our”) collects, uses, discloses, and protects information when you use our embeddable chat service (the “Service”).

By using the Service, you agree to the collection and use of information in accordance with this policy.

Our Role and Your Role Under GDPR

For the purposes of data protection laws like the GDPR, it’s important to understand our respective roles:

  • You, the User (website owner), are the Data Controller for any personal data collected from visitors on your website via the chat widget. You determine the purposes and means of processing this data.
  • Authenti acts as the Data Processor on your behalf. We process this data solely based on your instructions and for the purpose of providing the Service.

This policy outlines how we process data for both our direct Users and on behalf of our Users for their End-Users.

1. Information We Collect

We collect information in the following ways:

Information You Provide to Us (Our Users – Website Owners):

  • Account Information: When you register for an Authenti account, we collect information such as your name, email address, company name, and password. This information is used to create and manage your account, provide you with customer support, and communicate with you about the Service.
  • Configuration Data: Information you provide to customize the chat widget, such as display names, status messages, or your Google Tag Manager ID.

Information Processed on Your Behalf (End-Users of Your Website):

  • Chat Content: When visitors to your website (“End-Users”) use the Authenti chat widget, the content of their conversations is transmitted through our Service. We process this data on your behalf.
  • Contact Information (Offline Form): If an End-User uses the offline contact form, we collect the information they submit (e.g., name, email, phone number, message) on your behalf.

Automatically Collected Information:

  • Visitor Identifier: To maintain conversation continuity, we assign a unique, anonymous identifier to each End-User, which is stored in their browser’s localStorage.
  • IP Address for Security: We collect End-Users’ IP addresses for the sole purpose of enabling you, the User, to ban non-compliant End-Users from the chat service. This IP address is not visible to you and is not used for any other purpose.
  • Analytics & Tracking Data (with Consent): If you are on an Enterprise Plan and have enabled the Google Tag Manager (GTM) integration, and an End-User provides their consent via the privacy banner, our widget will send event data (e.g., authenti_first_message_sent) to your GTM container. We do not collect this data if consent is not given, or if you are not on an Enterprise plan.
  • Third-Party Cookies (with Consent): Our service uses Google reCAPTCHA for security. If you enable the GDPR consent banner, this service and its associated cookies will only be activated after the End-User clicks “Accept”.

2. How We Use Information

We use the information we collect for specific, legitimate purposes:

  • To Provide and Maintain Our Service: To allow you to set up and manage your chat widget and to facilitate real-time chat between you and your End-Users.
  • To Manage Your Account: To communicate with you about your account, updates, and support inquiries.
  • To Improve Our Service: To understand how our services are used to improve functionality and user experience.
  • For Security: We process End-User IP addresses to provide you with the functionality to ban users who violate your terms, helping you maintain a safe environment.
  • For Analytics (Enterprise Plan Only): We provide the GTM integration to allow you to track conversions and analyze chat activity on your own analytics platforms. This is only active if you enable it and your End-Users consent.
  • For Billing and Compliance: Payment processing is handled by our third-party provider, Paddle. We use your account information to manage your subscription and comply with legal obligations.

We do not sell your personal information or the personal information of your End-Users to third parties.

3. Data Retention and Deletion

We adhere to the principle of “storage limitation” by retaining data only for as long as necessary. Retention periods are based on your subscription plan.

For Active Subscriptions:

  • Standard Plan: Chat History is permanently deleted after 30 days. Contact Information is permanently deleted after 90 days of inactivity.
  • Pro Plan: Chat History is permanently deleted after 90 days. Contact Information is permanently deleted after 1 year of inactivity.
  • Enterprise Plan: Offers extended data retention for the duration of your active subscription (by default). Data can be erased at any time by request from the owner of the plan.

For Canceled or Lapsed Accounts:

  • If you cancel your subscription or your account is terminated, all associated data (including all Chat History and Contact Information, regardless of plan) will be permanently deleted after a 90-day grace period. It is your responsibility to download any data you wish to keep before this period ends.

4. Your Data Protection Rights & How to Exercise Them

We are committed to facilitating your rights and the rights of your End-Users under GDPR.

  • Consent Management: We provide you with the tools to display a GDPR-compliant consent banner on your chat widget. It is your responsibility as the Data Controller to enable this feature if you operate in or have customers in regions that require it.
  • Right to Access, Rectify, or Erase Data: You and your End-Users have the right to request access to, correction of, or deletion of personal data.
    • For Your Authenti Account: To manage your own account data, please contact us at privacy@authenti.chat.
    • For Your End-Users: As the Data Controller, you must facilitate your End-Users’ requests. You can permanently delete a specific End-User’s contact information and chat history from your dashboard at any time. Direct your End-Users to contact you for such requests. For any requests you are unable to fulfill yourself, you may contact us for assistance at privacy@authenti.chat.

5. Data Security

We take the security of your data seriously and implement reasonable administrative, technical, and physical security measures. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

6. Sharing and Disclosure of Information

We do not share personal data with third parties except in the following circumstances:

  • Service Providers: We employ third-party companies for services like hosting and analytics, who are obligated to protect your data.
  • Payment Processing (Paddle): All payment processing is handled by Paddle.com. We do not receive or store your credit card information.
  • Analytics Services (Google): For customers who enable our GTM and reCAPTCHA integrations, data is shared with Google only after End-User consent is obtained.
  • Legal Requirements: We may disclose information if required by law or to protect our rights.
  • Business Transfers: In the event of a merger or acquisition, we will provide notice before your Personal Information is transferred.

7. Children’s Privacy

Our Service is designed for use by nonprofit organizations, including those who may provide support to young people under the age of 16. While we do not directly offer services to children, our nonprofit customers may use our chat platform to communicate with and support minors.

We act as a service provider (or data processor) for these organizations, and we do not independently collect personal information from children. Any collection, use, or disclosure of children’s information through our Service is controlled by our nonprofit customers, who are responsible for obtaining any necessary parental or guardian consent in accordance with applicable laws (such as the Children’s Online Privacy Protection Act in the U.S. and the GDPR in the EU/UK).

If you believe that we have inadvertently received personal information directly from a child without proper authorization, please contact us and we will delete it.

8. International Data Transfers

Your information may be transferred to and maintained on computers located outside of your jurisdiction. Your consent to this Privacy Policy represents your agreement to that transfer.

9. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the “Last Updated” date.

10. Contact Us

If you have any questions about this Privacy Policy, please contact us:

  • By email: privacy@authenti.chat