Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
botBrains is an AI chatbot platform that adds an automated conversation widget to websites. It loads from third party servers and can store conversation data and identifiers in the browser, which brings it within the scope of the GDPR and the ePrivacy consent rules.
botBrains is an artificial intelligence chatbot platform that lets organisations embed an automated assistant on their website to answer questions and capture enquiries. The widget loads from the vendor infrastructure and exchanges messages in real time, so it processes whatever visitors type along with technical data about their device and session.
To keep a conversation coherent, botBrains stores a session identifier in a cookie or in browser local storage and may retain the message history linked to that identifier. Depending on the configuration it can also record the page a visitor came from, their language, and any contact details they share, all of which can constitute personal data under the GDPR.
Loading the widget and writing identifiers to the device fall under Article 5(3) of the ePrivacy Directive. Where the assistant only stores what is strictly necessary to answer a request the visitor started, that storage can be exempt, but any analytics or persistent profiling requires consent. As controller, the website operator must also inform users that an automated system processes their messages.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
If botBrains loads automatically on page open and sets non essential cookies, it should be gated behind consent. A common compliant pattern is to load only a lightweight launcher by default and initialise the full widget once the visitor opens the chat or accepts the relevant cookie category. Make the privacy notice reachable from the chat window.
Sign a data processing agreement with the vendor, confirm where conversation data is stored, and set a retention period for transcripts. List the botBrains cookies in your cookie policy, explain that an AI assistant handles the conversation, and offer a way to reach a human. Review the configuration whenever the chatbot gains new tracking features.
Websites using botBrains must obtain user consent under GDPR regulations.
DPIA considerations
A full DPIA is usually not required for a basic support chatbot, but it becomes advisable if the assistant processes sensitive topics, profiles users, or handles large volumes. Document the data flows and retention in any case.
Sample consent text
We use botBrains to answer your questions through an automated assistant. The chat only stores non essential information if you accept it.
Third-party domains contacted
botbrains.ioapp.botbrains.ioCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| bb_session | Functional | Session | Stores a conversation session identifier so the chatbot can keep the dialogue consistent |
| bb_visitor | Functional | 6 months | Recognises a returning visitor to restore an earlier conversation |
| bb_analytics | Analytics | 1 year | Measures how visitors interact with the chatbot widget |
botBrains uses cookies for user preferences — inform visitors with a consent banner.
botBrains stores a session identifier in a cookie or local storage to keep the conversation consistent, and depending on settings may add analytics cookies. The session storage supports the chat itself, while any analytics storage is non essential.
If the widget loads automatically and sets non essential cookies, you need prior consent. If it only stores what is strictly necessary once a visitor opens the chat, that part can rely on the ePrivacy exemption, but a notice is still required.
The core chat function can rely on legitimate interest or, where it supports a contract, on Article 6(1)(b). Analytics and profiling cookies rely on consent under Article 6(1)(a) of the GDPR and Article 5(3) ePrivacy.
In its standard configuration botBrains conversation data is processed within the European Union. If you enable integrations with non EU providers, check whether they introduce a transfer and document the safeguard.
A full DPIA is usually not required for a basic support chatbot, but it becomes advisable if the assistant processes sensitive topics, profiles users, or handles large volumes. Document the data flows and retention in any case.
Load only a launcher by default, initialise the full widget after the visitor opens the chat or grants consent, sign a data processing agreement, and set a transcript retention period. List its cookies and disclose the automated processing in your privacy notice.
Other chat and chatbot tools hosted in the EU offer similar features. Whatever you choose, the consent and transparency duties are the same once the widget stores non essential data or profiles visitors.
Add the botBrains session and analytics cookies to your cookie policy with their purpose and duration, mention the automated conversation processing, and update the entry whenever the widget changes how it stores data.