Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Aivo is an Argentinian conversational AI platform that offers AgentBot, Live, Engage and Voice products for customer service. The widget loads from aivo.co and aivo.com, sets first party cookies and routes conversations to human agents or generative AI assistants. Aivo is popular with LATAM and Iberian brands.
Aivo is a conversational AI platform founded in 2012 and headquartered in Cordoba, Argentina. Its product suite (AgentBot for AI chat, Live for human handoff, Engage for outbound campaigns and Voice for IVR) is widely deployed by LATAM banks, telcos and retailers, and increasingly by Spanish and Portuguese brands. The platform integrates with WhatsApp, Facebook Messenger, Instagram and websites via a JavaScript widget.
Aivo sets first party cookies (aivo_session, aivo_visitor_id) and uses localStorage to maintain the chat session. It collects the visitor IP, user agent, language, the URL of the page hosting the widget, the full conversation transcript, attached files, and any contact details that the visitor provides (name, email, phone). When the AgentBot AI generative module is enabled, transcripts can be used to fine tune the model unless the customer opts out.
Aivo cookies fall under Article 5(3) of the ePrivacy Directive. The processing of conversation transcripts and contact data falls under Article 6 GDPR. When a user actively opens the chat to request support, the contractual basis applies. Marketing analytics, transcript retention beyond support need, and AI model fine tuning require explicit consent. The Argentinian adequacy decision covers the controller relationship but not US AWS hosting.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Gate the Aivo widget behind your CMP. Most operators classify it under functionality (support chat) which can use legitimate interest once the visitor opens the chat, but the cookies and the JavaScript load before that gesture, which is why a CMP gate is the safer pattern. AgentBot AI training and any cross channel profile sharing must use explicit consent.
Aivo SAS is headquartered in Argentina, which benefits from a European Commission adequacy decision under Art. 45 GDPR. Default hosting however runs on AWS US East and AWS Sao Paulo. EU regional hosting on AWS Frankfurt is available for enterprise contracts. Standard Contractual Clauses cover the AWS US transfer and the EU US Data Privacy Framework applies where relevant.
Sign the Aivo DPA, ask for AWS Frankfurt hosting, gate the widget behind a CMP, set conservative transcript retention (e.g. 30 to 90 days), opt out of AI training on customer transcripts where this option is offered, document Aivo as a processor in your record of processing, and disclose Aivo and its sub processors in your privacy notice.
Websites using Aivo must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is appropriate when Aivo handles sensitive conversations (health, banking, public services) or when generative AI (AgentBot AI) produces or stores transcripts. Cross channel profile building between WhatsApp, Messenger and the website also raises the risk level. Document the conversation retention period and the AI training opt out.
Sample consent text
This chat is powered by Aivo, a conversational AI platform operated by Aivo SAS (Argentina) with hosting on AWS in the United States. Your messages, contact details and conversation history are processed to provide support and improve our service. Please confirm your consent before continuing.
Third-party domains contacted
aivo.coaivo.comapi.aivo.cowidget.aivo.coCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| aivo_session | First party (chat session) | Session | Maintains the chat session between visitor and the Aivo widget |
| aivo_visitor_id | First party (visitor) | 1 year | Unique visitor identifier used to link conversations across visits |
| aivo_locale | First party (preference) | 1 year | Stores the preferred conversation language for the visitor |
| aivo_history | First party (history) | 30 days | Local cache of the most recent conversation messages for display continuity |
Aivo uses cookies for user preferences — inform visitors with a consent banner.
Aivo sets first party cookies aivo_session (session), aivo_visitor_id (1 year), aivo_locale (1 year) and aivo_history (30 days) plus uses localStorage to cache conversation history. Cookies are scoped to aivo.co and the customer domain when configured.
The widget should be gated behind a Consent Management Platform. Once the user actively opens the chat, contractual basis can support the conversation itself, but cookies and the JavaScript load before that opening: a CMP gate is the safer approach.
Art. 6(1)(b) GDPR contract for handling the support request once initiated, Art. 6(1)(a) consent for analytics, extended transcript retention and AI model fine tuning, Art. 6(1)(c) when the chat triggers regulatory obligations (e.g. KYC in banking).
Yes. Aivo SAS is in Argentina (EU adequacy decision) but production data is hosted on AWS US East and AWS Sao Paulo. EU regional hosting is available on enterprise contracts. SCCs cover the AWS US transfer and the EU US Data Privacy Framework applies.
A DPIA is appropriate for sensitive sectors (health, banking, public services), for use cases where transcripts feed AI fine tuning, or where cross channel profile building is enabled. A simple FAQ chatbot may not require a DPIA but the processing must be documented.
Sign the Aivo DPA, request AWS Frankfurt hosting, gate the widget behind a CMP, set short transcript retention (30 to 90 days), opt out of AI model training on customer transcripts, document Aivo as a processor in your record of processing and disclose it in your privacy notice.
Yes: Zendesk Messaging (US), Intercom (US/Ireland), LivePerson (US), Crisp (France/EU), iAdvize (France/EU), Userlike (Germany/EU), Tiledesk (Italy/EU). EU origin chatbots reduce transfer risk for European customers.
List the aivo_* cookies under customer support or functionality, name Aivo SAS as a processor, indicate retention periods (1 year visitor ID, 30 days history, session), note AWS US East hosting and link to the Aivo privacy policy and DPA.