When dealing with sensitive conversations we all know how important is to protect your users privacy and keep their information safe.
Chatbots are becoming ubiquitous and people are getting more and more used to trust them with private information, personal preferences and sometimes even account passwords and data.
Users may (and will!) share sensitive data during their conversations. How you handle this data and manage your trust relationship with you users is now of the utmost importance.
In the following sections, we’re going to see how Xenioo provides all the tools you need to guarantee privacy and data safeness for all the users of your chatbot.
1. Why you should use the privacy opt-in
If your chatbot is processing user data or you are going to send offers related (or not) to your products you may need to ask your users consent to do so. Additionally, you will need to make it in a way that can guarantee that your user choice cannot be altered in any way.
While it is still on your flow to honor any kind of privacy setting the user has requested, it has been proven that a chatbot asking for privacy permissions tends to put most users at ease with any conversation.
Out of the box, Xenioo offers a full privacy opt-in action, built exactly for this purpose.
Placing this action at the very first step of your chatbot will automatically create an opt-in request for your users asking for specific, privacy standard permissions.
User choices will enable specific conversation privacy flags that cannot be altered in any way by you and that secure the exact user response.
Users may (and will!) share sensitive data during their conversations.
2. The right to be forgotten
Additionally, your chatbot may offer your users the power to exercise their right to be forgotten.
The right to be forgotten is the right to have private information about a person be removed from Internet searches and other directories under some circumstances and it applies to chatbots too: your users may ask you to forget them and remove any conversation exchange you’ve had with them.
Again, Xenioo got you covered with a simple and effective action.
By using this action in any point of the conversation, or by using it directly from your conversation command center, you will instruct Xenioo to delete each and every information collected about the active user.
After this command is executed no information about this user will remain on any of the Xenioo services.
Please note that deleting user data is different from allowing your users to change their privacy preferences. In the first case you’re literally wiping any data that Xenioo has about your contact while in the latter you would ideally show again the privacy opt-in to allow changes in usage preferences.
3. Hiding conversations data
Everything your user says to your chatbot is recorded and readily made available in the conversations section.
Every operator that can access the conversation section to give support to your users can potentially see variables, inputs and detailed profile information.
While flow information like chosen product or current coupon points (just to name a couple) may be relevant from a support standpoint, there may be many other cases where information should never be disclosed, even to users that should help your customers.
Chatbots are becoming ubiquitous and people are getting more and more used to trust them
If this is your case, you can take full advantage of the fine-grained users permissions granted by the PRO Team package and hide conversation variables from your support team.
They will still be able to access and see any (and only) assigned conversation, but they won’t be able to access variables, tags and privacy settings in any way.
4. Volatile conversations
In some cases the data of shared during a conversation may be so sensitive that in no way it should be persisted.
No trace of the conversation should remain on Xenioo for any reason at any given time. Moreso, the conversation should not even temporarily be saved on any Xenioo medium as if it never really existed but temporarily, on Xenioo memory.
Nobody but the chatbot and the user should know about this conversation and nothing should remain after the conversation is finished.
How can this be possibly achieved? By using Volatile Conversations.
Xenioo Volatile Conversations are created using the Forget User action we’ve seen previously seen and by enabling the “Enable user activity until deletion” flag.
Putting this action at the very beginning of your chatbot will force Xenioo to run all the conversation in memory without ever saving anything anywhere.
When the conversation is considered offline (after about 5 minutes the user has said anything) Xenioo will just flush all the data from memory and totally forget it ever happened.
If the user comes back it will be threated as a brand new user, never seen before.
We’ve just seen a good number of different privacy options that can cover all of the possible needs your chatbot can have.
Or not? Does your chatbot have requirements that Xenioo is not yet covering? Join our Facebook group and let us know!