Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentCapacity is a US-based AI-powered support automation platform that combines a helpdesk, knowledge base, and conversational AI chatbot. It processes support conversations using AI to automate ticket resolution. Because Capacity uses AI to analyse conversation content and processes data on US infrastructure, its deployment on European websites requires prior consent under GDPR and the ePrivacy Directive.
Capacity is an AI-powered support automation platform that combines a conversational AI chatbot, a helpdesk ticketing system, a knowledge base, and workflow automation in a single platform. It is designed to reduce support ticket volume by enabling AI to resolve common queries without human agents. Capacity integrates with enterprise tools including Salesforce, Microsoft Teams, Slack, and ServiceNow. When deployed on a website, the Capacity chat widget interacts with visitors and processes their queries using AI models.
What data does Capacity collect?
Capacity collects conversation content, user identifiers, IP addresses, browser information, and session data. When integrated with enterprise systems, it may process employee or customer records to resolve queries. AI models analyse conversation content to generate responses and route tickets. All data is processed on Capacity''s US-based infrastructure.
Capacity''s AI processing of support conversations raises specific GDPR concerns. The ePrivacy Directive requires consent before the widget loads. Under GDPR, AI analysis of conversation content constitutes automated processing of personal data requiring a lawful basis. When AI is used to make or influence support decisions (ticket routing, response generation), appropriate safeguards must be in place. The US data transfer requires SCCs.
Consent is required before the Capacity widget loads. The consent notice must explain that AI is used to process support queries and that data is transferred to the US. Users must be informed that their conversations are processed by AI models.
All data is processed in the US. Standard Contractual Clauses apply. Sign a DPA with Capacity and document the transfer in your RoPA.
Block the widget until consent is obtained. Disclose AI processing in your privacy policy. Sign a DPA with Capacity. Conduct a DPIA if AI is used for automated support decisions. Document the US transfer in your RoPA.
Websites using Capacity must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is recommended when Capacity is used to automate support decisions at scale using AI, particularly when conversation content may include sensitive personal data or when automated ticket routing significantly affects users.
Sample consent text
We use Capacity to power our AI support assistant and helpdesk. Capacity processes your support conversations and queries using AI to provide automated assistance. Data is transferred to the United States. Please accept to enable AI-powered support.
Third-party domains contacted
capacity.aiapi.capacity.aicdn.capacity.aiCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| cap_session | session | Session | Session identifier used to maintain the active AI support chat state |
| cap_uid | persistent | 1 year | Visitor identifier used to recognise returning users and personalise AI support interactions |
Capacity uses cookies for user preferences — inform visitors with a consent banner.
Get started freeCapacity sets session and functional cookies to maintain the active support chat state and identify returning users. It also uses localStorage for widget preferences. These require prior consent under the ePrivacy Directive.
Yes. Capacity sets non-essential cookies and processes conversation data using AI from the first interaction. Consent must be obtained before the widget loads. The consent notice must disclose AI processing and the US data transfer.
Consent (Art. 6(1)(a)) is required for tracking cookies. For helpdesk ticket data necessary to fulfil a support request, contract performance (Art. 6(1)(b)) may apply. Legitimate interest (Art. 6(1)(f)) may cover security logging with a balancing test.
Yes. Capacity is a US company and processes all data on US infrastructure. Standard Contractual Clauses apply. Sign a DPA with Capacity and document the US transfer in your RoPA.
A DPIA is recommended when Capacity AI is used for automated support decisions at scale, or when conversation content includes sensitive personal data. The AI processing of conversation content and US data transfer create a risk profile warranting formal assessment.
Block the widget until consent is obtained. Disclose AI processing in your consent notice and privacy policy. Sign a DPA with Capacity. Conduct a DPIA if AI automates support decisions. Document the US transfer in your RoPA.
For EU-hosted AI support automation, Boost.ai (Norwegian) provides comparable capabilities with EU data residency. Intercom and Zendesk offer EU data residency on Enterprise plans. For self-hosted helpdesk without AI, Zammad and osTicket can be deployed on EU infrastructure.
Add entries for Capacity session and functional cookies in your cookie policy. Disclose AI processing of support conversations and the US data transfer. Reference Capacity as a third-party AI processor and link to their privacy policy.