Laravel Cloud
Cloud hosting and infrastructure (Primary)
Country: Germany
Data Types: all application data, chat messages, user data
View DPAData Processing Agreement (DPA)
This Data Processing Agreement sets out how chatebot processes personal data when acting as a processor for customer data. For enterprise DPA requests, contact [email protected].
1. Data Controller
Name: CHATEBOT (SMC-Private) Limited
Country: Pakistan
2. Processing Locations and Transfers
Primary Region: EU Central (Frankfurt) (eu-central-1)
chatebot uses EU primary hosting. Some subprocessors may process personal data outside the EU/EEA, including in the United States, where required to provide AI features, channels, and actions.
For restricted transfers, chatebot applies transfer safeguards such as Standard Contractual Clauses (SCCs), adequacy decisions, and equivalent legal mechanisms where applicable.
3. Subprocessors
The following third-party subprocessors process personal data on our behalf:
PostHog
Product analytics and feature flag evaluation (events sent only when analytics consent is granted)
Country: European Union
Data Types: pseudonymous product analytics events, feature flag context
View DPAView SubprocessorsOpenAI
AI/LLM processing for chat responses
Country: United States
Data Types: chat messages, knowledge base content
View DPASuby
Payment processing and subscription management
Country: Finland
Data Types: billing information, email address
View DPA4. Security and Confidentiality
chatebot implements technical and organizational measures designed to protect personal data and requires confidentiality obligations for personnel and subprocessors with access to personal data.
5. Data Subject Requests and Assistance
chatebot will provide reasonable assistance to help customers respond to data subject requests, taking into account the nature of processing and the information available to chatebot.
6. Deletion and Return
Upon termination of applicable services and subject to legal retention obligations, chatebot will delete or anonymize personal data processed under this DPA according to documented retention schedules.
7. Data Protection Officer
Name: Data Protection Officer
Email: [email protected]
8. Data Subject Rights
Under GDPR and applicable data protection laws, data subjects have the right to access, rectify, erase, port, and object to processing of their personal data. Contact [email protected] to exercise these rights.