Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Chatra is a live chat and chatbot widget for websites, operated by Brantio LLC and primarily used by e-commerce and SaaS sites. It offers real-time visitor chat, automated triggers and a shared inbox for support teams. For European customers, Chatra sets first party cookies, transfers data to the United States and requires consent for proactive targeting and any visitor tracking beyond a strictly necessary chat session.
Chatra is a live chat, chatbot and shared inbox widget for websites operated by Brantio LLC, a US registered company. It is widely used by e-commerce stores (Shopify, BigCommerce) and SaaS sites to chat with visitors in real time, run proactive triggers and integrate with Slack, Telegram or Email. Chatra runs on AWS US infrastructure with WebSocket connections for instant messaging.
Chatra captures visitor name and email when provided, chat messages, IP address, browser, OS, country, current page URL, referrer, time on page, pages visited and chat session history. The widget sets first party cookies including Chatra (visitor ID), Chatra_session, Chatra_active_chat and local storage entries to preserve chat continuity. Proactive triggers can be configured based on behaviour and produce additional events sent to Chatra.
Chatra is a data processor under Art. 28 GDPR for chat content and visitor identifiers, and an independent controller for some platform telemetry. The widget sets non essential cookies on page load, so Art. 5(3) ePrivacy applies and consent is needed unless the widget is loaded only after the user clicks to open chat. Chat content may include personal or sensitive data depending on the customer''s site, which requires data minimisation, training of agents and retention rules.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
A reactive live chat opened by the visitor can rely on legitimate interest for the chat session itself, with the visitor consenting by initiating contact. Proactive triggers, behavioural targeting and persistent visitor identification require consent. Cookies set before the user opens the chat are not strictly necessary, so a cookie consent or a deferred load is required.
Chatra processes on US AWS infrastructure, no EU only region is offered. EU visitor data is transferred to the US under Standard Contractual Clauses and the EU US Data Privacy Framework where the recipient is certified. Document the transfer in your privacy notice and complete a Transfer Impact Assessment.
Sign Chatra''s Data Processing Addendum, complete a Transfer Impact Assessment, configure the widget to load only on click or after consent, disable proactive triggers unless explicitly justified, train support agents on personal data handling, set a clear retention period for chat transcripts, restrict operator access via roles and document Chatra and its US infrastructure in your privacy notice.
Websites using Chatra must obtain user consent under GDPR regulations.
DPIA considerations
Chatra processes visitor name, email, chat content, IP, browser, country, current page and session history. Key DPIA considerations: (1) the widget sets first party cookies (Chatra_*) on the customer domain even before chat is initiated, triggering Art. 5(3) ePrivacy; (2) proactive triggers based on behaviour (scroll, time on page, basket) constitute tracking and require consent; (3) chat transcripts are stored on US AWS infrastructure under SCCs; (4) sensitive data may be shared by visitors in chats (health, finance), requiring an explicit policy and minimisation; (5) third party AI integrations (when enabled) may share chat content with additional sub processors; (6) operators may have access to visitor data and need appropriate access controls.
Sample consent text
We use Chatra to offer real-time chat support on our site. Chatra sets first party cookies and stores your chat history on US based infrastructure. With your consent, Chatra may also display proactive messages based on your behaviour. Data is transferred to the United States under Standard Contractual Clauses.
Third-party domains contacted
chatra.iocdn.chatra.ioapp.chatra.iochatra.comws.chatra.ioCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| Chatra | Functional | 1 year | Persistent first party visitor identifier used by Chatra to recognise returning visitors and preserve chat history. |
| Chatra_session | Functional | Session | Session cookie used to manage an active chat session and reconnect to the WebSocket if the page reloads. |
| Chatra_active_chat | Functional | Session | Indicates whether a chat is currently active and stores any pending unsent message. |
| Chatra_marked | Marketing | 1 year | Tracks whether the visitor has been targeted by a proactive trigger to avoid showing the same trigger repeatedly. |
Chatra uses cookies for user preferences — inform visitors with a consent banner.
Chatra sets first party cookies on the customer domain including Chatra (visitor ID, 1 year), Chatra_session (session) and Chatra_active_chat (state of any active chat). It also uses local storage to keep chat history. Loading the widget triggers these cookies even before the user opens the chat.
Consent is required for the persistent visitor ID and any proactive trigger that observes behaviour, because the cookies are non essential. A reactive chat opened by the visitor can rely on legitimate interest for the session, but the widget should ideally be loaded only on click or after consent.
Legitimate interest (Art. 6(1)(f) GDPR) for offering a reactive customer service chat once the visitor opens it. Consent (Art. 6(1)(a) GDPR) for proactive triggers, persistent visitor identification and any non essential cookies. Contract (Art. 6(1)(b) GDPR) if chat is part of a service the user has agreed to.
Chatra processes on AWS US infrastructure, with no EU only region. EU visitor data is transferred to the US under Standard Contractual Clauses. Where Brantio's AWS account is certified under the EU US Data Privacy Framework, that mechanism also applies. Chat transcripts and visitor identifiers are stored in the US.
A DPIA is recommended if you use proactive triggers, chat about sensitive topics (health, finance, legal) or store chat transcripts long term. The DPIA should cover the categories of data shared in chats, US transfers, sub processors, retention periods and agent access controls.
Sign Chatra's DPA, complete a TIA, load the widget only after consent or only on user click, disable proactive triggers unless justified, train agents on minimisation of sensitive data, set a retention period for transcripts in Chatra settings and restrict operator access by role.
EU based live chat alternatives include Userlike (Germany), LiveChat (Poland), Tidio (Poland), Crisp (France), HappyFox Chat (US with EU options) and Smartsupp (Czech Republic). EU controllers and EU data centres simplify the third country transfer story.
Disclose Chatra as a data processor, name the cookies it sets and their duration, explain chat transcript storage and retention, mention US transfers under SCCs and the EU US Data Privacy Framework, separate consent for proactive triggers and link Chatra's privacy notice and DPA.