Legal
GDPR Compliance
How GlobalChatbot meets European General Data Protection Regulation requirements.
Effective: 2026-06-06
Our GDPR posture
GlobalChatbot is built EU-first. Our infrastructure is in Germany (Hetzner). Our data processors are GDPR-compliant. Our default is data minimization.
Roles
You ("Customer") are the €1 for your customer data.
We ("Syntranova AL LTD") are the €1, acting on your instructions.
When your customers interact with your bot, you decide what data to collect and how to use it. We process that data on your behalf according to our Data Processing Agreement (DPA).
Data Processing Agreement (DPA)
A DPA is included by default in our Terms of Service. A standalone DPA in PDF (signed by both parties) is available on request from support@globalchatbot.ai for Pro and Business plans.
EU data residency
By default:
- Account data → EU (Hetzner, Germany)
- Conversations → EU (Hetzner, Germany)
- Vector embeddings → Pinecone (per-tenant namespace, EU residency available)
- AI inference → OpenAI (US — EU residency available on Business plan via Azure OpenAI)
- Email delivery → Brevo (FR)
Business plan customers can request 100% EU processing including AI inference.
Sub-processors
Full list available in our Privacy Policy. We provide 30 days notice before adding new sub-processors.
Your customer's rights
Your customers (data subjects) have GDPR rights with respect to data you collected via the bot. You're responsible for fulfilling those rights as the Controller.
We provide tools to help: 1-click export, 1-click deletion, conversation search, audit logs.
Data Protection Officer
DPO contact: support@globalchatbot.ai
Last updated: 2026-06-06.