When dealing with sensitive conversations we all know how important is to protect your users privacy and keep their information safe. And that’s why we wrote this article, to speak about chatbot privacy policy.
Chatbots are becoming ubiquitous and people are getting more and more used to trust them with private information, personal preferences and sometimes even account passwords and data.
Users may (and will!) share sensitive data during their conversations. How you handle this data and manage your trust relationship with you users is now of the utmost importance.
In the following sections, we’ll see how Xenioo provides all the tools you need to guarantee privacy and data safeness.
1. Why you should use the chatbot privacy opt-in
If your chatbot is processing user data or sending offers related to your products you may need to ask consent. Additionally, you will need to make it to guarantee that your user choice cannot be altered in any way.
While it is still on your flow to honor any kind of privacy setting the user has requested, it has been proven that a chatbot asking for privacy permissions tends to put most users at ease with any conversation.
Out of the box, Xenioo offers a full privacy opt-in action, built exactly for this purpose.
Placing this action at the first step of your chatbot will automatically create an opt-in request for privacy standard permissions.
User choices will enable specific conversation privacy flags that cannot be altered in any way by you and that secure the exact user response.
Users may (and will!) share sensitive data during their conversations.
2. The right to be forgotten
Additionally, your chatbot may offer your users the power to exercise their right to be forgotten.
The right to be forgotten is the right to have private information about a person be removed from Internet searches and other directories under some circumstances and it applies to chatbots too. Your users may ask you to forget them and remove any conversation exchange you’ve had with them.
Again, Xenioo got you covered with a simple and effective action.
By using this action in any point of the conversation, or by using it directly from your conversation command center, you will instruct Xenioo to delete each and every information collected about the active user.
After this command is executed no information about this user will remain on any of the Xenioo services.
Please note that deleting user data is different from allowing your users to change their privacy preferences. In the first case you’re literally wiping any data that Xenioo has about your contact while in the latter you would ideally show again the privacy opt-in to allow changes in usage preferences.
3. Hiding conversations data
Everything your user says to your chatbot is recorded and readily made available in the conversations section.
Every operator that can access the conversation section to give support can potentially see variables, inputs and detailed profile information.
While flow information like chosen product or current coupon points (just to name a couple) may be relevant from a support standpoint, there may be many other cases where information should never be disclosed, even to users that should help your customers.
Chatbots are becoming ubiquitous and people are getting more and more used to trust them
If this is your case, you can use the fine-grained users permissions granted by the PRO Team package. You can hide conversation variables from your support team.
They will still be able to access and see any (and only) assigned conversation, but they won’t be able to access variables, tags and privacy settings in any way.
4. Volatile conversations
In some cases the data of shared during a conversation may be so sensitive that in no way it should be persisted.
No trace of the conversation should remain on Xenioo for any reason at any given time. Moreso, the conversation should not even temporarily be saved on any Xenioo medium as if it never really existed but temporarily, on Xenioo memory.
Only the chatbot and the user should know about this conversation and nothing should remain after the conversation is finished.
How can this be possibly achieved? By using Volatile Conversations.
Volatile Conversations are created using “Forget User” action we’ve seen previously and by enabling the “Enable user activity until deletion”.
Putting this action at the very beginning of your chatbot will force Xenioo to run all the conversation in memory without ever saving anything anywhere.
The conversation is considered offline after about 5 minutes the user has said anything. Xenioo will just flush all the data from memory and totally forget it ever happened.
If the user comes back it will be threated as a brand new user, never seen before.
Chatbot privacy and data safeness: Wrap Up
We’ve just seen a good number of different privacy options that can cover all of the possible needs your chatbot can have.
Whatever are your requirements, Xenioo is capable of fully supporting your conversational design and comply with your privacy policy rules.
Or not? Does your chatbot have requirements that Xenioo is not yet covering? Join our Facebook group and let us know!