Try it FREE
Knowledge Base Frequently Asked Questions   Phone Phone: +1 (720) 336-8323 M-F 9am-5pm MST   Download the Free Version
Free Trial
Knowledge Base
Knowledge Base » Frequently Asked Questions » Is PHP Live! GDPR ready?
Is PHP Live! GDPR ready?

Yes.  GDPR focus is data privacy and data disclosure, primarily for EU based companies.  However, companies that interact with EU visitors are also effected.  GDPR focus is data privacy and data disclosure.  Encryption of data is part of the data privacy but the data is just as secure as the server that the data is being hosted on.  Server environment is most critical when discussing data privacy.  PHP Live! software itself is very secure with various security tests performed internally and with help from third-party organizations.  GDPR enforces strict disclosure of data privacy policy and how your data is being viewed and accessed.  Full disclosure seems to be the primary focus of GDPR and PHP Live! includes a feature to display your policy with an optional consent checkbox prior to starting a chat session.


The Privacy & GDPR feature is located at:
Setup Admin -> Interface -> Privacy & GDPR


This type of visible and clear consent checkbox will help your company be GDPR compliant, at the chat software level.  You will need to disclose how the chat data is stored and accessed in your policy text.


Additionally, the only cookies set by the PHP Live! system are (visitor facing chat interface):


phplive_vname - contains the visitor's name for pre-populate of the "name" form field for future chat requests (stored for 1 year)

phplive_vemail - contains the visitor's email for pre-populate of the "email" form field for future chat requests (stored for 1 year)

phplive_vid - The visitor unique session string generated by the system for improved visitor identification (stored for 10 years)


If you see any other cookies set, it is either operator or Setup Admin related or it is cookies set by other third-party services or perhaps your website.  If wanting to verify the cookies set, paste the chat icon HTML Code on a completely blank page and you will be able to see the cookies set.  The phplive_vname and phplive_vemail are only set when the visitor requests a chat, and only set if the name or email is provided.  The phplive_vid cookie is set when accessing the website that has the PHP Live! chat icon HTML Code on the page.


For the operator and the Setup Admin, there are additional cookies set but these cookies only pertain to the operator and Setup Admin and does not effect the visitor side.  The operator and Setup Admin cookies does not fall within the GDPR guidelines because it is not visitor effected and does not need to be disclosed to the visitor.


Download Clients:

To improve your GDPR compliance, we recommend Download clients to fully utilize HTTPS protocol.  This will help secure your PHP Live! system with all data encrypted during transit from visitor's browser to the server.  There are various areas of the software that is encrypted but there are other areas that are not for very specific reasons.  That is why HTTPS and also a secure server environment is crucial.  How data is accessed for Download clients differ from environment to environment.


On Demand Clients:

Our On Demand cloud platform is hosted by a GDPR compliant hosting company with all data accessed through secure methods.  All On Demand accounts are automatically set to utilize the HTTPS protocol for security.  The HTTPS protocol supports the latest encryption methods, including TLS.  The database is hosted on a separate environment from the web server to increase security and all access to the server is through secure methods, accessed only by authorized technicians.


For your visitors, if the visitor requests to have their chat data deleted, there are various methods to allow this:


  • Chat transcripts can be set to automatically be deleted after certain time.  The feature is located at Setup Admin > Transcripts.  Simply select a department to set the automatic delete setting.  Chat transcripts can also be manually deleted one at a time.  When deleting the chat transcript, all record of the visitor's information linked with the transcript will be deleted from the database.  However, the chat requests/accept/declined will not be effected because that data is simply an increment tally, not personal data.
  • Additionally, there is an option to set the PHP Live! system to skip the pre-chat form, not collecting any personal data from the visitor (name, email, etc).  This setting can be accessed at Setup Admin > Departments > Pre-Chat (department option for each department)

If your company requires additional GDPR measures, please contact with your additional requirements.

Was this helpful?
could be more helpful? send comment
back to top