Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
YourGPT is a no code platform that lets you build AI chatbots trained on your own content. The widget embeds on a website and routes messages to a large language model with retrieval augmented generation.
YourGPT is a no code platform that lets a business build an AI chatbot trained on its own website, documents, PDFs, and structured data. Once trained, the chatbot is embedded on the website as a JavaScript widget and answers visitor questions using retrieval augmented generation, with handoff to a human agent when needed. Many SMEs adopt it as a lower cost alternative to enterprise customer support AI.
YourGPT crawls or imports your content into a vector database. The website widget opens a WebSocket to the YourGPT backend, retrieves the relevant chunks of the knowledge base, and calls a large language model (OpenAI GPT, Anthropic Claude, or a YourGPT hosted model) to generate the answer. Conversations are stored in the YourGPT admin and can be exported.
YourGPT sets first party cookies on the merchant domain (yg_session, yg_visitor) to persist the conversation. The widget collects the IP, user agent, referrer, URL, the full text of each message, attachments, and any context passed to the widget (visitor email, plan). Conversation logs are stored on the YourGPT backend on AWS and may transit through the chosen LLM provider.
Chat messages frequently contain personal data and occasionally special category data (health, financial). YourGPT acts as a processor for the conversations; the chosen LLM provider may act as an independent controller for its own model improvement. The widget writes non strictly necessary cookies and scripts, so Article 5(3) ePrivacy requires consent. The deployment can fall under the high risk category of the EU AI Act if used for decision making, eligibility, or access to essential services.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
YourGPT can be deployed on AWS US or EU. LLM inference typically happens with US providers (OpenAI, Anthropic), which transfers conversation data to the US. Transfers rely on the EU-US Data Privacy Framework where the provider is certified, and on Standard Contractual Clauses otherwise. A Transfer Impact Assessment is recommended.
Sign the DPA with YourGPT, ask for the subprocessor list including the LLM provider, choose EU residency if available, disable training on your data unless explicitly required, and configure prompt and answer filters to block special category content. Gate the widget behind consent in your CMP. Provide a manual contact channel for users who refuse the AI chat.
Websites using YourGPT must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is recommended. YourGPT processes user messages through third party LLMs (often US providers), stores conversation transcripts, and may capture personally identifiable information typed by visitors. Document the LLM chain, the retention, the opt out for model training, the US transfer mechanism, and the human escalation path.
Sample consent text
We use YourGPT to power the AI chat on this site. YourGPT loads a script, stores conversation transcripts on its servers, and routes your messages to an external large language model. We only activate it after you accept the customer support category in our cookie banner.
Third-party domains contacted
yourgpt.aiwidget.yourgpt.aiapi.yourgpt.aicdn.yourgpt.aiCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| yg_session | http_cookie | Session | Session identifier issued by YourGPT for the current chat session. |
| yg_visitor | http_cookie | 1 year | Persistent visitor identifier set by the YourGPT widget to recognise returning users. |
| yg_conv | localStorage | 30 days | Stores the active conversation ID so the user can come back without losing context. |
| yg_context | localStorage | Session | Stores the context variables passed to the widget (visitor email, plan, page URL) for personalisation. |
YourGPT collects user analytics data — you legally need a consent banner. Try FlowConsent free.
YourGPT sets first party cookies on the merchant domain (yg_session for the current session, yg_visitor for the persistent visitor ID, yg_conv for the active conversation). It also writes localStorage entries to keep the conversation across reloads.
Yes. The chat widget loads non strictly necessary scripts and writes identifiers, so Article 5(3) ePrivacy requires prior consent. The chat content itself is treated under the legal basis of contract performance (handling the request) and consent for any analytics or training.
Consent under Article 6(1)(a) GDPR for the widget cookies, profiling and any model training. Contract performance under Article 6(1)(b) when the user initiates a request that requires the chat to be answered.
Usually yes. YourGPT can host data in the EU, but LLM inference is typically performed by US providers such as OpenAI or Anthropic. Transfers rely on the EU-US Data Privacy Framework where the provider is certified and on Standard Contractual Clauses otherwise.
A DPIA is recommended. YourGPT processes free text from users (which may include special category data), uses third party LLMs, and may store conversation logs. If you use it for decision making about persons, also assess the EU AI Act implications.
Sign the DPA, list subprocessors including the LLM, choose EU residency where available, disable model training on your data, set retention, filter sensitive content in prompts and answers, and gate the widget behind consent. Always provide a manual fallback channel.
Alternatives include Chatbase, Botpress, Voiceflow, Ada, Kore.ai, parloa, Cognigy, Intercom Fin, and self hosted RAG stacks based on LangChain or LlamaIndex. EU based options exist for several of them.
Add a YourGPT entry covering the yg_session, yg_visitor and yg_conv cookies. Mention the chat content processing, the role of the LLM provider, the US transfer mechanism, the retention, and the right to delete the conversation.