Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Chaport is a live chat and messaging widget for websites, operated by an EU-based company in Cyprus. It enables real-time visitor conversations, chatbot automation, and stores chat history with visitor identifiers using cookies.
Chaport is a live chat and messaging widget that website operators embed to enable real-time conversations with visitors. The widget is served from Chaport''s CDN (cdn.chaport.com) and loads a JavaScript snippet that initialises a chat session in the visitor''s browser. Chaport is operated by a Cyprus-based company within the European Union, which reduces transfer risk compared to US-based alternatives.
The tracking mechanism relies on session and persistent cookies that assign each visitor a unique identifier. This identifier links the visitor''s browsing session to their chat history, allowing agents to recognise returning users. Chaport also supports chatbot automation, which may collect personal data entered by visitors in chat flows before any human agent is involved.
Chaport sets cookies to store a visitor identifier, session state, and preferences such as whether the chat window was previously opened. Persistent cookies may survive browser restarts and link a visitor across multiple site visits. In addition to cookie data, Chaport processes the content of chat messages, visitor IP addresses, browser user-agent strings, and timestamps. If chatbots are configured, structured data fields completed by the visitor (name, email, phone number) are also collected.
Chat transcripts are stored on Chaport''s servers and may be retained for significant periods for quality assurance and support continuity purposes. This retention must be addressed in your privacy notice and aligned with your documented retention schedules.
Under the GDPR, Chaport acts as a data processor on behalf of the website operator, who is the data controller. A Data Processing Agreement (DPA) must be in place between the operator and Chaport. The ePrivacy Directive (implemented as national cookie laws across EU member states) requires prior consent for any cookie that is not strictly necessary for the provision of a service explicitly requested by the user. Purely functional session cookies that keep the chat window open during an active session may qualify as strictly necessary; however, persistent identifier cookies and chat history retention go beyond this exemption and require consent.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Consent for Chaport cookies must be freely given, specific, informed, and unambiguous. The chat widget should not load until the visitor has actively accepted the relevant cookie category (typically labelled ''Functional'' or ''Live Chat''). Consent signals must be passed to your tag manager or CMP so that Chaport fires only after acceptance. Visitors must also be able to withdraw consent at any time, which should trigger the deletion of Chaport cookies from the browser and, where technically feasible, the anonymisation or deletion of stored chat data.
Chaport is operated by an EU-based entity (Cyprus), which means that the primary data processing relationship does not constitute an international transfer outside the EEA. However, Chaport may engage sub-processors for infrastructure or support functions, and you should review Chaport''s sub-processor list and DPA to confirm that any sub-processor transfers are covered by appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.
To deploy Chaport compliantly: sign and store Chaport''s DPA, add Chaport to your privacy policy as a data processor, create a cookie notice entry for Chaport cookies, configure your CMP to block the widget until consent is obtained, set data retention limits for chat transcripts in Chaport''s admin settings, and review Chaport''s sub-processor list at least annually. If chatbots collect personal data before a human agent is available, ensure chatbot consent flows comply with GDPR transparency requirements.
Websites using Chaport must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA should be considered where Chaport processes visitor data at scale, particularly where chatbots collect personal data, where chat logs are retained for extended periods, or where Chaport is deployed on sites serving vulnerable populations. Key risks include the storage of message content (potentially including special-category data disclosed by users), persistent visitor identifiers across sessions, and any integration with CRM or marketing systems that may expand the original processing purpose. The EU/Cyprus hosting base reduces transfer risk, but sub-processor arrangements should be reviewed and documented.
Sample consent text
We use Chaport live chat to allow you to communicate with our support team in real time. Chaport sets cookies to identify your browser session and retain your chat history. These cookies are not strictly necessary and require your consent. By accepting, you agree to Chaport storing a visitor identifier and your conversation history on its servers. You can withdraw consent at any time via our cookie settings.
Third-party domains contacted
chaport.comapp.chaport.comcdn.chaport.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| chaport_session | functional | Session | Maintains the active live chat session while the visitor is on the website; expires when the browser tab is closed |
| chaport_uid | functional | 1 year | Stores a persistent visitor identifier to recognise returning users and link them to their previous chat history |
| chaport_prefs | functional | 6 months | Remembers widget preferences such as whether the chat window was previously opened or minimised |
| chaport_visitor_token | functional | 6 months | Authentication token used to associate a visitor with their chat account and allow seamless reconnection to ongoing chats |
Chaport uses cookies for user preferences — inform visitors with a consent banner.
Chaport sets session cookies to maintain the active chat window and persistent cookies to store a visitor identifier that links returning users to their previous chat history. Additional preference cookies may record whether the chat widget was previously opened or minimised. These cookies are placed by scripts loaded from chaport.com and cdn.chaport.com.
Yes, consent is required for the persistent visitor-identification cookies and chat history retention that Chaport uses. While a purely functional session cookie keeping the chat window open during an active visit may qualify as strictly necessary, the broader tracking and storage elements go beyond that exemption under the ePrivacy Directive. The widget should be blocked by your CMP until the visitor accepts the relevant cookie category.
The primary legal basis is consent (Article 6(1)(a) GDPR) for the visitor-identification and chat history cookies. For the functional communication service itself, legitimate interest (Article 6(1)(f)) may support processing the content of an actively initiated chat conversation, but this does not extend to persistent tracking. A Data Processing Agreement must be signed with Chaport, which acts as your data processor.
Chaport is operated by a Cyprus-based entity within the EU, so the primary processing relationship does not involve a transfer outside the EEA. However, Chaport may engage sub-processors for infrastructure or email notification functions that could involve transfers. You should review Chaport's current sub-processor list and confirm that any transfers are covered by Standard Contractual Clauses or another valid transfer mechanism.
A DPIA is not automatically mandatory for all Chaport deployments, but it should be considered when Chaport is used at scale, when chatbots collect structured personal data from visitors before any human agent interaction, or when chat transcripts include potentially sensitive information. If your site serves a large number of users or vulnerable groups, conduct a proportionality and risk assessment to determine whether a full DPIA is required.
Configure your CMP to block the Chaport JavaScript snippet until the visitor consents to the functional or live-chat cookie category. Sign and store Chaport's Data Processing Agreement. Add Chaport to your cookie notice and privacy policy as a processor. Set appropriate data retention periods for chat transcripts within Chaport's admin settings. Ensure your chatbot flows include clear transparency notices if they collect personal data. Audit sub-processor arrangements at least annually.
EU-hosted live chat alternatives with strong privacy credentials include Crisp (France, GDPR-focused) and Userlike (Germany). Open-source self-hosted options such as Chatwoot or Rocket.Chat allow full data sovereignty with no third-party processing. If the primary goal is simple FAQ-style support, a cookieless help-centre widget or a static contact form may meet your needs without triggering consent requirements.
Add a dedicated entry for Chaport in your cookie policy table listing each cookie name, its type (functional/tracking), its duration, and its purpose. Reference chaport.com and cdn.chaport.com as the domains setting cookies. State the legal basis (consent) and how visitors can withdraw consent. Link to Chaport's own privacy policy for further detail on how Chaport processes data as a sub-processor. Review and update the entry whenever Chaport releases a new version that changes its cookie behaviour.