Boei is built with GDPR at the core, not bolted on. Every customer interaction, every data point, every retention rule is designed to keep you compliant by default.
All controller personal data stays inside the EU/EEA. The default infrastructure runs on Hetzner (Nuremberg, Germany) for the app and DigitalOcean (Amsterdam) for parts of the platform. If you need a fully European AI stack, you can configure Boei to use Mistral AI (France) so that no data ever crosses the Atlantic.
Static assets (images, uploaded files) sit in AWS S3 (EU-West, Ireland) with server-side encryption.
Your customer conversations are never used to train AI models. Not by us, not by our AI providers. We pass conversations through the model providers under no-training contractual terms, and we do not retain anything for our own training.
| Principle | How Boei implements it |
|---|---|
| Data minimization | Only collects what visitors voluntarily share. No hidden tracking, no behavioral profiling. |
| Purpose limitation | Data is only used for customer conversations and lead management. Never sold or shared. |
| Storage limitation | Configurable auto-delete prevents indefinite retention. See Data Retention. |
| Right to erasure | One-click delete on any contact. See Right to Be Forgotten. |
| Data portability | Export conversations and leads to CSV at any time. |
Boei can operate fully without cookies or local storage. Perfect for businesses that want maximum privacy compliance with ePrivacy and GDPR. No consent banners are needed for the chatbot itself when cookieless mode is on.
How to get there: Go to Setup → Chatbot in the top menu → click your chatbot → Identity → Privacy.
If your jurisdiction requires explicit consent before storing chat data, you can show a consent screen before the first message. See Pre-Chat Consent.
A comprehensive DPA is included with every plan. It documents sub-processors, their locations, and the data processing activities involved. See Data Processing Agreement.