Does your website use third-party services? Get GDPR compliant in minutes.

CoCo AI

What does Coco AI do?

Coco AI is a conversational AI platform that embeds a chat widget on websites to answer visitor questions using large language models, storing conversation transcripts and visitor identifiers.

What is Coco AI

Coco AI is a conversational AI platform that embeds an intelligent chat widget on websites. It answers visitor questions using large language models, integrates with knowledge bases, and can hand over to a human agent. The widget is delivered as a JavaScript SDK that loads from Coco AI servers, stores conversation history, and reports analytics back to the dashboard.

Cookies and data collected

Coco AI sets first party cookies such as coco_visitor (twelve months) and coco_session (browser session) to identify chat participants across visits. The full conversation transcript, page context, and metadata (URL, user agent, IP) are sent to Coco AI servers and may be processed by foundation model APIs (OpenAI, Anthropic, or self hosted). Visitor data inside conversations is considered personal data under the GDPR.

Legal basis under the GDPR

Consent is required for the chat widget cookies and the LLM processing of conversations because users do not strictly need an AI assistant to use the website. Where conversations lead to a contractual interaction (support, sales), Art. 6(1)(b) may also apply to specific data flows. The EU AI Act imposes transparency obligations: visitors must be told they are interacting with an AI.

Get GDPR compliant in 10 minutes

Free plan available · No credit card required

Try FlowConsent free

International data transfers

Coco AI is typically hosted in the US, and conversations may be forwarded to OpenAI or Anthropic APIs (mostly US based). Transfers rely on Standard Contractual Clauses and the EU, US Data Privacy Framework where the recipient is certified. Some Coco AI plans offer an EU only mode with self hosted or EU based models.

Practical compliance steps

Display a clear AI disclosure on first message (EU AI Act Art. 52), gate the widget behind consent, set a short retention period for transcripts (typically thirty to ninety days), avoid sending special category data to the model, sign a DPA with Coco AI that lists every model sub processor, and configure prompt level redaction for emails and phone numbers.

Privacy friendly alternatives

European alternatives include Mistral powered solutions (Lyzr, Toolkit), self hosted Ollama plus open source UI, and traditional knowledge base chatbots without LLMs (Zendesk Answer Bot EU). Each trades off capability against data residency.

GDPR consent category

Marketing

Websites using Coco AI must obtain user consent under GDPR regulations.

Legal basisConsent for the chat widget and conversation storage (GDPR Art. 6(1)(a) and ePrivacy Art. 5(3))

Risk levelhigh

Applicable regulationsGDPR, ePrivacy Directive, EU AI Act (limited risk transparency obligations)

DPIA considerations

A DPIA is required because conversations may contain personal or sensitive data, sub processors include foundation model providers, and automated decision making may apply when the AI suggests products or services.

Sample consent text

We use Coco AI to provide automated chat assistance. With your consent, Coco AI will store conversation history and may share it with our AI sub processors to generate responses.

Technical details

Tracking methodJavaScript chat widget with first party cookies, conversation logs and LLM based response generation

Server locationUnited States with optional EU region

Cookieless tracking availableYes

Data transferred outside the EUCoco AI is operated from the United States and may use OpenAI or Anthropic models. EU data transfers rely on Standard Contractual Clauses and the EU, US Data Privacy Framework where applicable.

Third-party domains contacted

coco.aiwidget.coco.aiapi.coco.ai

Cookies placed

Name	Type	Duration	Purpose
coco_visitor	first_party	12 months	Pseudonymous visitor identifier for chat continuity
coco_session	first_party	Session	Session identifier for the active chat
coco_conv	first_party	30 days	Stores the current conversation reference for reconnection

Coco AI places tracking cookies for advertising — comply with GDPR using FlowConsent.

Get started free Scan your site

Frequently asked questions

What cookies does Coco AI set?

First party cookies coco_visitor (twelve months), coco_session (session), and coco_conv (thirty days) for chat continuity and reconnection.

Is consent required for Coco AI?

Yes. The chat widget cookies and LLM processing are not strictly necessary, so consent is required under Art. 5(3) ePrivacy and Art. 6(1)(a) GDPR.

What is the legal basis for Coco AI?

Consent for chat widget and LLM processing. Contract may apply for support related processing. Display an AI disclosure under EU AI Act Art. 52.

Does Coco AI transfer data outside the EU?

Yes. Coco AI is typically US hosted and may forward conversations to OpenAI or Anthropic. Use SCCs and the EU, US Data Privacy Framework where applicable.

Do I need a DPIA for Coco AI?

Yes. AI processing of free text conversations triggers Art. 35 GDPR for risk to rights and freedoms.

How do I implement Coco AI compliantly?

Block the widget until consent, display AI disclosure, set short retention, sign a DPA listing model providers, redact PII at prompt level, and use EU mode if available.

Are there alternatives?

Mistral powered chatbots (Lyzr, Toolkit), self hosted Ollama plus open UI, or non LLM knowledge base bots (Zendesk Answer Bot EU).

How do I update my cookie policy?

List the coco_ cookies, the coco.ai domains, the model sub processors and their countries, and link to the Coco AI privacy policy.

Get compliant — Try FlowConsent free

Free plan · 10-min setup