Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Freshchat is a modern messaging product from Freshworks, designed for customer support and sales conversations on websites and mobile apps. The widget loads on every page, sets cookies and opens a WebSocket connection to the Freshchat back end (EU region available). It can also run proactive campaigns based on URL or behavioural triggers, in which case it acts like a marketing tag and requires consent in the EU.
Freshchat is the messaging product within the Freshworks suite, used for live chat, automated bots, proactive campaigns, customer self service and AI assisted support. It is integrated with a snippet of JavaScript that injects a chat icon on the merchant''s site, opens a WebSocket session to the Freshchat back end and synchronises messages, attachments, presence, contact data and behavioural triggers. Freshchat offers an EU data centre in Frankfurt and is part of the wider Freshworks Customer Service Suite that includes Freshdesk and Freshsales.
The widget sets first party and third party cookies (FC_User_ID, fc_visitor_id, hubspotutk in the Freshmarketer integration), localStorage entries to keep the conversation state and indicates browser, language, time zone, page URL and User Agent to Freshworks. When the visitor sends a message, name, email, phone (optional) and the message body are stored at Freshworks together with the conversation history. Proactive triggers can collect behavioural signals (pages visited, time on page, cart value) to decide when to open the chat.
The widget loads on every page and sets persistent identifiers, which puts it under Article 5(3) of the ePrivacy Directive. EU DPAs (CNIL, BfDI) make a distinction between strictly reactive chat (the user clicks the bubble to open the conversation, no targeting on the way) and proactive chat (the widget proactively prompts the user based on URL, scroll depth or other behavioural signals). Proactive chat requires consent; reactive chat can rest on legitimate interest with proper information, provided no analytics or marketing cookies are set in the background.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
For the default deployment with proactive triggers and pre fetched identifiers, yes. To rely on a no consent reactive approach, configure Freshchat to load the widget icon only and defer the rest of the script until the user actively clicks the chat. Disable proactive campaigns, IP based geolocation and behavioural targeting in the dashboard. Anything that profiles the visitor in the background requires consent.
With the EU data centre selected, persistent storage stays in Germany. Freshworks Inc. (USA) operates the service globally and is self certified under the EU US Data Privacy Framework. Freshworks Technologies in India provides 24/7 engineering and customer support and accesses production data under SCCs and supplementary measures. The publicly available Freshworks DPA describes the categories of data and the safeguards.
Choose the EU data centre, sign the Freshworks DPA, gate proactive features behind a consent manager and load only the chat icon by default, anonymise visitor IP in the dashboard, configure conversation retention to the minimum needed (often 6 to 24 months) and list Freshworks Inc. and Freshworks Technologies as recipients with the transfer mechanism in your privacy policy.
Websites using Freshchat must obtain user consent under GDPR regulations.
DPIA considerations
Standalone Freshchat use rarely triggers a DPIA. When Freshchat is combined with customer profile enrichment from Freshsales, behavioural triggers across many pages or AI based intent detection, document a DPIA covering the data flows to Freshworks Inc. (US) and Freshworks Technologies (India) and the safeguards (encryption, retention, access control).
Sample consent text
We use Freshchat to talk with you. Loading the widget sets cookies, opens a session with Freshworks servers (EU region when configured) and may share your IP address and conversation data with Freshworks Inc. in the United States and India. Do you accept?
Third-party domains contacted
wchat.freshchat.comwchat.eu.freshchat.comfcdn.freshchat.comapi.freshchat.comfreshworks.comfreshchat.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| FC_User_ID | third party | 1 year | Persistent user identifier set by the Freshchat widget to recognise the visitor across sessions and conversations. |
| fc_visitor_id | third party | 1 year | Anonymous visitor identifier used to associate visits before the user provides a name or email. |
| fc_session_id | third party | Session | Short lived session identifier for an active Freshchat conversation. |
| fc_widget_state | first party (localStorage) | Until cleared | Stores whether the chat window is open or minimised so the state is preserved on navigation. |
| hubspotutk | third party | 180 days | HubSpot tracking cookie set when the Freshchat-HubSpot integration is enabled. |
| _cfuvid | third party | Session | Cloudflare uniqueness cookie set on Freshchat CDN domains to manage rate limiting. |
Freshchat uses cookies for user preferences — inform visitors with a consent banner.
The widget sets FC_User_ID, fc_visitor_id and similar identifiers (some as cookies, some in localStorage), to recognise the visitor across pages and conversations. Additional cookies (hubspotutk, optimizely) appear when integrations are enabled. None of these are strictly necessary on the merchant site before the user opens the chat.
For the default deployment yes, especially if proactive triggers are enabled. For a strictly reactive setup (icon only until click, no proactive campaigns, no IP geolocation), legitimate interest can apply but the user must still be informed.
Consent (Art. 6(1)(a) GDPR) for proactive engagement and marketing oriented chat. Contract (Art. 6(1)(b)) for support conversations the user initiates. Legitimate interest (Art. 6(1)(f)) for fraud and abuse prevention in chat content.
Yes. Even with the EU data centre, Freshworks Inc. (USA) and Freshworks Technologies (India) access production data for support and engineering. Transfers rely on the EU US Data Privacy Framework for the US flow and SCCs for India, documented in the Freshworks DPA.
Not as a standalone integration on a typical website. When Freshchat is combined with extensive customer profiling, multi product Freshworks suite features and large scale proactive campaigns, document a DPIA covering data flows, retention and safeguards.
Pick the EU data centre, sign the Freshworks DPA, only show the chat icon by default and load the rest on click, disable proactive campaigns until consent, anonymise the IP, set retention to the minimum, list Freshworks as recipients in your privacy policy with the transfer mechanism, and provide a clear notice when the user opens the chat.
EU based chat solutions include Crisp (France), Userlike (Germany), tawk.to (with EU data centre option), HelpCrunch and Smartsupp. Open source self hosted options: Rocket.Chat, Chatwoot, Live Helper Chat.
List Freshchat under Functional or Marketing depending on the deployment mode. Provider (Freshworks Inc., USA and Freshworks Technologies, India), domains (wchat.eu.freshchat.com, fcdn.freshchat.com), cookies (FC_User_ID, fc_visitor_id), purpose (live chat with the support team), retention and the transfer mechanism (Data Privacy Framework and SCCs).