Data Processing Overview (Processor ROPA)

Summarizes what customer data we handle through our product, and how it flows through our systems.

Last updated: May 16, 2025

Processing Activity
Purpose
Data Subjects
Categories of Data Processed
Subprocessors
Storage Locations
Retention Period
Security Measures
User Interaction Logging
Monitor user interactions for diagnostics/support
End-users of customer's websites/apps
IP addresses, session metadata, page views, or any custom fields provided by the customer
Mixpanel, Grafana
EU
Depends on pricing; defaults to 14 months
TLS encryption, data anonymization, access control
Call Handling (Real-time)
Real-time audio/video interactions
End-users of customer's websites/apps
Audio/video streams, connection metadata
daily.co
EU/USA
Not stored; live relay only
TLS encryption, no persistent storage
Co-browsing Sessions
Enable real-time co-browsing support
End-users of customer's websites/apps
Cursor movements, DOM elements, page metadata
Upscope
EU/USA
Not stored; live relay only
TLS encryption, no persistent storage
Call Recording
Allow customers to review interactions
End-users of customer's websites/apps
Audio/video recordings, participant metadata
daily.co, MongoDB Atlas
EU, Germany
Customer-defined; default 30 days
Encrypted storage, access restrictions
User Authentication
Verify and manage end-user sessions
End-users of customer's websites/apps
Email, hashed passwords, IP addresses, session tokens, or any custom fields provided by the customer
Heroku, MongoDB Atlas
USA, Germany
Until deletion
Encryption at rest and transit, strict access control
Error Logging
Monitor and troubleshoot application errors
End-users of customer's websites/apps
Error reports, session identifiers, request metadata
Grafana
EU
30 days
TLS encryption, limited access
IP Geolocation
Enhance user experience based on geographic data
End-users of customer's websites/apps
IP addresses, city, country, ISP
Ipstack
Germany
Real-time; no persistent storage
Real-time processing, no long-term retention
Custom Data Fields
Provide session context, personalization, or analytics
End-users of customer's websites/apps
Names, emails, user IDs, form inputs, free-text fields
MongoDB Atlas
Germany
Customer-defined or same as associated activity
Encrypted storage, access restrictions

Notes:

  • Processing activities are explicitly aligned with customer instructions.
  • Custom fields may be configured by the Controller or submitted directly by end users through embedded components (e.g., forms, chat, call prep widgets).
  • Data retention periods are set according to customer agreements and can be modified upon request.
  • Data transfers outside EEA are secured using GDPR-compliant safeguards (e.g., SCCs).
  • Security measures adhere to GDPR standards for processors, with clear and transparent safeguards.

Last updated on May 16, 2025