Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Crisp is a French live chat and customer messaging platform offering chat widgets, shared inbox, chatbot automation, CRM, and email campaigns. As a French company with EU infrastructure, Crisp is one of the most GDPR-friendly live chat options available. Chat session cookies for strictly necessary functionality may be exempt from consent requirements when initiated by the user, though tracking and analytics cookies require consent. No US data transfers are required for standard deployments.
Crisp is a French customer messaging platform founded in Nantes in 2015. It provides a live chat widget, shared team inbox, chatbot builder, CRM, knowledge base, email campaigns, and multi-channel messaging (WhatsApp, Instagram, SMS). Crisp serves small and medium businesses seeking an affordable, all-in-one customer communication solution. As a French company with EU infrastructure, Crisp is one of the most GDPR-compliant options in the live chat market.
Crisp sets session and visitor ID cookies to maintain the chat session and recognise returning visitors. It collects visitor IP address, browser information, current page URL, and conversation content. When visitors provide their name and email in the chat, this data is stored in the Crisp CRM. Crisp also offers optional visitor tracking analytics that record page visits, which require consent.
Crisp processes all data within the EU. No SCCs or adequacy decisions are needed for standard deployments. This makes Crisp a strong choice for European businesses concerned about US data transfers. Note: if Crisp is used with third-party integrations (Zapier, Slack, HubSpot, Salesforce), data flows to those third-party systems which may have their own transfer implications.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Strictly necessary session cookies for the chat widget may be exempt from consent when the chat function is clearly used for customer support and initiated by the user. However, Crisp visitor tracking (page visit analytics) and marketing features require consent. Configure Crisp to disable visitor tracking until consent is obtained. The strictly-necessary exemption should be documented and reviewed with your DPO or CNIL guidance.
Sign the Crisp DPA. Disable visitor tracking analytics until consent is obtained. Add Crisp to your privacy policy describing chat data processing. Configure data retention limits in Crisp for conversation history. Implement a process for responding to data subject erasure requests via the Crisp contact deletion tools. Review third-party integrations for additional transfer obligations.
Websites using Crisp Chat must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is generally not required for standard Crisp live chat deployments. It may become relevant for large-scale customer support operations processing sensitive conversation content or for AI chatbot features performing automated profiling.
Sample consent text
We use Crisp to provide customer support chat on this website. Crisp is a French company storing chat data within the EU. Crisp uses cookies to maintain your chat session. You can close the chat widget to decline non-essential cookies.
Third-party domains contacted
crisp.chatclient.crisp.chatstorage.crisp.chatCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| crisp-client%2Fsession%2F | session | Session | Crisp chat session cookie — strictly necessary to maintain the live chat conversation |
| crisp-client%2Fvisitor%2F | persistent | 6 months | Crisp visitor identifier for recognising returning visitors and personalising chat experience |
Crisp Chat uses cookies for user preferences — inform visitors with a consent banner.
Yes. Crisp is a French company processing all data within the EU under French data protection law (CNIL oversight). Crisp provides a GDPR-compliant DPA. It is one of the most GDPR-friendly live chat solutions available.
Strictly necessary session cookies for the chat widget may be exempt from consent when used for customer support initiated by the user. Visitor tracking analytics and marketing features require consent. Review with your DPO and configure Crisp to disable analytics until consent is obtained.
Crisp sets a visitor session cookie (crisp-client/session, session duration) for maintaining the chat session, and optionally a visitor ID cookie for recognising returning visitors. Analytics tracking uses additional identifiers that require consent.
No for standard deployments. Crisp processes all data within the EU. If you use Crisp integrations (Zapier, Slack, HubSpot, Salesforce), those integrations may transfer data outside the EU and require their own GDPR assessment.
Legitimate interest (Art. 6(1)(f)) for strictly necessary chat session cookies when chat is used for customer support. Consent for visitor tracking analytics, marketing emails, and chatbot lead capture.
Yes. Sign the Crisp Data Processing Agreement before using Crisp on any website processing EU personal data. The DPA is available from Crisp's privacy page.
In Crisp admin, search for the contact by email and delete the contact record. This removes their conversation history and profile. For Crisp email campaigns, remove the contact from the campaign lists. Document the deletion and confirm to the data subject.
Crisp's EU infrastructure is its primary GDPR advantage over US alternatives like Intercom, Drift, and Zendesk Chat (all US-hosted requiring SCCs). For pure GDPR simplicity, Crisp is among the best choices in its category alongside Userlike (Germany) and HelpCrunch (EU region available).