Nutzt Ihre Website Drittanbieter-Dienste? Werden Sie in wenigen Minuten DSGVO-konform.
FlowConsent testenmobileCta.note
Re:plain is a lightweight live chat tool that routes website visitor messages to operators via Telegram. The widget is hosted in the EU, but visitor messages are processed through Telegram's infrastructure, which is registered in Dubai and operates servers in multiple jurisdictions. This Telegram routing creates a data processor relationship that requires assessment under GDPR, as Telegram's data protection practices differ from EU standards.
Re:plain is a lightweight live chat solution that connects website visitors to support agents through Telegram. Rather than using a dedicated backend, Re:plain routes all incoming chat messages to the operator''s Telegram account, allowing teams to respond from within the Telegram app. The widget script is hosted in the EU, but the message content itself flows through Telegram''s infrastructure.
Re:plain collects visitor IP addresses, browser information, and session identifiers. The full content of chat messages sent by visitors is routed through Telegram''s servers and processed under Telegram''s privacy policy and terms of service. Telegram is registered in the UAE, operates under its own terms, and its server locations are not fully disclosed.
The core GDPR concern with Re:plain is that Telegram acts as a de facto data processor for all chat message content. GDPR Article 28 requires that processors provide sufficient guarantees for data protection, sign a DPA, and only process data on documented instructions. Telegram''s standard terms do not provide these assurances in a GDPR-compatible form. Organisations using Re:plain should assess whether this Telegram routing is acceptable under their data protection obligations.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Consent is required before the Re:plain widget loads. The consent notice must specifically disclose that chat messages are routed via Telegram, and visitors must be informed that their message content will be processed by Telegram under its own privacy policy.
Telegram is registered in Dubai and does not provide a GDPR-compatible DPA. This means using Re:plain involves routing personal data (chat message content) through a processor that cannot fully meet GDPR Article 28 requirements. Organisations in regulated sectors or processing sensitive personal data via chat should carefully assess this risk.
Obtain consent before the widget loads. Explicitly disclose Telegram as a message routing processor in your privacy policy. Advise visitors not to share sensitive personal data via the Re:plain chat. Conduct a DPIA to assess the Telegram processor risk. Consider EU-based chat alternatives if sensitive data may be discussed.
Websites using Re:plain must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is advisable given the Telegram message routing, as visitor chat messages are processed by a third party (Telegram) whose data protection practices and server locations are not fully aligned with GDPR standards. The implications of Telegram as a de facto data processor should be formally assessed.
Sample consent text
We use Re:plain to provide live chat support. Your chat messages are routed via Telegram to our support team. Please accept to enable the live chat feature.
Third-party domains contacted
re-plain.comt.meapi.telegram.orgCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| rp_session | session | Session | Session identifier for the Re:plain chat widget used to maintain the active conversation |
Re:plain verwendet Cookies für Nutzereinstellungen — informieren Sie Besucher mit einem Cookie-Banner.
Re:plain collects visitor IP addresses, browser information, and session identifiers. Chat message content is routed through Telegram's servers, processed under Telegram's own privacy policy. Telegram is registered in Dubai with undisclosed server locations.
Yes. Consent is required before the widget loads. The notice must specifically disclose that messages are routed via Telegram and that Telegram processes message content under its own privacy policy.
Consent (Art. 6(1)(a)) for tracking cookies. Legitimate interest may apply for message content when a user actively initiates contact, but the Telegram routing creates a processor relationship difficult to fully bring within GDPR Article 28 compliance.
Indirectly via Telegram. Telegram is registered in Dubai and operates servers in undisclosed locations. No GDPR-compliant transfer mechanism governs the Telegram message routing, which is the primary compliance risk for EU deployments.
A DPIA is advisable given the Telegram routing. Telegram cannot currently provide a GDPR-compatible DPA, creating a processor relationship difficult to fully validate. The assessment should address the Telegram routing risk and any potential for sensitive data in chat.
Obtain consent before loading. Explicitly disclose Telegram routing in your privacy policy. Advise visitors not to share sensitive personal data via chat. Conduct a DPIA. Consider EU-based chat platforms if sensitive data may be discussed.
Ninchat (Finland), Vergic (Sweden), and Userlike (Germany) offer EU-hosted live chat without Telegram routing risks. Crisp.chat (France) and LiveAgent (Slovakia) are other EU-based alternatives.
Not in the standard sense. Telegram does not provide a GDPR-compatible DPA to third-party businesses, creating a compliance gap that organisations using Re:plain must assess in their DPIAs and privacy policies.