GDPR Information

Last updated: February 17, 2026

Our Commitment to GDPR

SymplBot is fully committed to compliance with the General Data Protection Regulation (GDPR). We have implemented comprehensive measures to protect your personal data and uphold your rights as a data subject.

Data Controller

SymplBot is the data controller for personal data collected through our platform.

Data Protection Contact: dpo@symplbot.com

Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Contract: Processing necessary to provide our chatbot service to you
• Consent: For marketing communications and optional analytics cookies
• Legitimate Interest: For service improvement, fraud prevention, and security

Data Processing Location

All personal data is processed and stored exclusively within the European Union. We use EU-based data centers provided by DigitalOcean to ensure your data never leaves the EU.

Sub-processors

We work with the following third-party processors:

• DigitalOcean (EU) - Cloud infrastructure and hosting
• Open-source AI models (EU) - Chat responses and text embeddings, all processed on EU infrastructure
• Stripe - Secure payment processing

Your GDPR Rights

Under GDPR, you have the following rights:

• Right of Access: Request a copy of all personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete personal data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Restriction: Request limitation of how we process your data
• Right to Object: Object to processing based on legitimate interest
• Right to Withdraw Consent: Withdraw your consent at any time for consent-based processing

How to Exercise Your Rights

To exercise any of your GDPR rights, you can use the account settings in your dashboard to delete your account and data, or contact our Data Protection Officer at dpo@symplbot.com. We will respond to your request within 30 days.

Data Processing Agreement

If your organization requires a Data Processing Agreement (DPA) to use SymplBot, please contact us at legal@symplbot.com and we will provide one.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated. You can contact your local data protection authority or the lead supervisory authority in the EU member state where SymplBot is established.