Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Richpanel is a customer service platform built for ecommerce that combines a self service portal, live chat, AI agent and shared inbox with native Shopify, Magento and WooCommerce integrations. Its widget loads on merchant sites, stores rp_anon_id and session cookies and synchronises customer order data with the Richpanel SaaS, which makes it a passive third party tracker for visitors who have not yet engaged and triggers transfers to Richpanel Inc. in the United States.
Richpanel is a customer service SaaS purpose built for direct to consumer brands. It bundles a self service portal, live chat, AI assistant, helpdesk inbox and macros, with deep native integrations into Shopify, Magento, WooCommerce, Klaviyo, Recharge and shipping providers. The widget appears on the storefront and lets shoppers track orders, trigger returns or chat with an agent.
The Richpanel script writes rp_anon_id (visitor identifier) and rp_session (chat session token) on the merchant domain to keep returning shoppers connected to their conversations. When the visitor logs into the storefront, Richpanel can match the session to the customer profile, the order history and the lifetime value computed in the backend.
Auto loading the widget for passive visitors writes cookies that are not strictly necessary, so European DPAs require prior consent under Article 5(3) ePrivacy. Once the customer types a message, processing the conversation can rely on contract performance under Article 6(1)(b) GDPR or legitimate interests in providing support, but the storefront tracking remains opt in.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Block richpanel.js through your Shopify or GTM tag manager until consent is captured, or replace the auto loaded widget with a click to chat button that loads the SDK only after explicit interaction. Configure the data sync to exclude visitors who have not granted consent for analytics.
Richpanel Inc. operates on AWS infrastructure with the United States as the default region. EU regions are available for enterprise plans. The transfer must rely on the EU U.S. Data Privacy Framework (where Richpanel is certified) or on Standard Contractual Clauses signed with the controller.
Gate the widget on a CMP signal, sign the Richpanel Data Processing Addendum, document the legal basis (consent for cookies, contract for support), set retention policies on conversations and order data, and disclose Richpanel Inc. plus the US transfer in your privacy policy.
Websites using Richpanel must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA should be considered when Richpanel is fed with order history, lifetime value and behavioural data for AI driven customer routing, since the system processes potentially sensitive ecommerce information at scale and transfers it to the United States.
Sample consent text
We use Richpanel to power our customer support widget. With your consent, the widget will load on your device, store conversation cookies and forward your messages and order data to Richpanel Inc. in the United States. You can refuse or withdraw your consent at any time from the cookie settings.
Third-party domains contacted
app.richpanel.comcdn.richpanel.comapi.richpanel.comws.richpanel.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| rp_anon_id | first_party | 1 year | Anonymous visitor identifier set by the Richpanel widget to recognise returning shoppers across sessions. |
| rp_session | first_party | session | Chat session token used by Richpanel to attribute messages to the right conversation thread. |
| __cf_bm | third_party | 30 minutes | Cloudflare bot management cookie set on Richpanel servers to mitigate automated traffic against the SaaS endpoint. |
Richpanel places tracking cookies for advertising — comply with GDPR using FlowConsent.
The widget writes rp_anon_id (visitor identifier) and rp_session (chat session token) on the merchant domain to keep returning shoppers connected to their conversations.
Yes when the widget auto loads on the storefront, since the cookies are not strictly necessary. Consent obligations drop once the customer initiates the chat, where contract performance and legitimate interests apply.
Consent for the storefront widget loading and cookies. Contract performance for processing the conversation messages and order data needed to handle a request, and legitimate interests for support quality.
Yes by default. Richpanel Inc. runs on AWS with US as the default region. Enterprise plans can be hosted in the EU. Transfers rely on the EU U.S. Data Privacy Framework or Standard Contractual Clauses.
A DPIA is recommended when Richpanel ingests order history, lifetime value and behavioural data for AI driven routing or churn prediction, due to the scale of customer profiling and the US transfers.
Block richpanel.js until consent or use a click to chat trigger, sign the Richpanel DPA, request the EU region if available, set retention policies on conversations and orders and update the privacy policy with the US transfer.
EU friendly helpdesks include Crisp (France), LiveChat (Poland), Zendesk EU region, Gorgias EU region, or self hosted Chatwoot, all of which keep ecommerce conversations within the EU.
Add a section that names Richpanel, lists the cookies (rp_anon_id, rp_session) with purpose and duration, mentions the integration with your ecommerce platform and discloses the transfer to Richpanel Inc. in the United States.