GDPR Compliance - Data Protection & Privacy

Guzli is committed to complying with the General Data Protection Regulation (GDPR) and protecting the privacy and personal data of users and customers in the European Union and beyond.

This page explains how we approach GDPR, the rights you have, and the safeguards we put in place when processing personal data through our AI chatbot platform.

At Guzli, data protection is a core design principle. We strive to:

Collect and process only the data that is necessary to provide our services.
Implement technical and organizational measures that protect personal data.
Support our customers in meeting their own GDPR obligations.

We also offer additional contractual protections, such as data processing agreements, for customers who require them.

If you are located in the European Economic Area (EEA), the United Kingdom, or another region with similar data protection laws, you may have the following rights with respect to your personal data:

Right of access - You can request a copy of the personal data we hold about you.
Right to rectification - You can request correction of inaccurate or incomplete data.
Right to erasure (“right to be forgotten”) - You can request deletion of your personal data in certain circumstances.
Right to restriction of processing - You can ask us to limit how we process your data in specific situations.
Right to data portability - You can request that we provide your personal data in a structured, commonly used, and machine-readable format.
Right to object - You can object to certain types of processing, including direct marketing.
Rights related to automated decision-making - Where applicable, you can request human review of significant automated decisions.

If we process your data on behalf of a customer (for example, the owner of a website that uses Guzli), you should contact that customer first. We will support them in responding to your request in accordance with our agreement and applicable law.

Lawful Bases for Processing

We only process personal data where we have a lawful basis under GDPR, which may include:

Contract: Processing necessary to provide the services you have requested and to perform our agreement with you or our customer.
Consent: Processing based on your explicit consent for specific purposes (for example certain types of marketing or optional integrations).
Legitimate interests: Processing necessary for our legitimate business interests, such as improving our services, preventing abuse, and ensuring security, where these interests are not overridden by your rights.
Legal obligations: Processing necessary to comply with legal or regulatory requirements.

You can contact us if you have questions about the lawful basis we rely on for specific processing activities.

Data Protection Measures

We implement a range of safeguards to protect personal data, including:

Encryption of data in transit and, where appropriate, at rest.
Strict access controls, role-based permissions, and audit logging.
Regular security reviews, vulnerability assessments, and improvements.
Policies and training for employees who may access customer data.
Procedures for detecting, investigating, and responding to potential incidents.

In the event of a data breach involving personal data, we will follow applicable legal requirements for notification, including notifying affected customers and regulators where required.

International Data Transfers

When personal data is transferred outside the EEA, UK, or other regions with similar rules, we use appropriate safeguards, which may include:

Standard contractual clauses (SCCs) approved by the European Commission or other competent bodies.
Data processing agreements with sub-processors that impose strong privacy and security obligations.
Additional technical and organizational measures designed to protect data during and after transfer.

We regularly review our data transfer mechanisms and relationships with sub-processors to ensure ongoing compliance.

Cookies and Tracking Technologies

We use cookies and similar technologies to operate and improve our website and services. Where required by law, we obtain consent before setting non-essential cookies, such as analytics or marketing cookies.

You can manage cookie preferences through your browser settings and, where implemented, through cookie banners or preference centers on our website.

For more information about how we use cookies, please refer to our Cookies page.

Working with Guzli as a Data Controller

If you use Guzli to process personal data about your customers or users, you are typically the data controller and we act as a data processor.

As a controller, you are responsible for:

Providing appropriate privacy notices to your users.
Obtaining necessary consents, where required.
Configuring the Service in a way that aligns with your legal obligations.

We support you by:

Offering data processing terms that describe our processor obligations.
Providing tools or support to honor data subject rights requests (for example exports or deletion of chat data).
Maintaining security practices that help protect the data you entrust to us.

If you operate in a regulated industry or require specific contractual commitments, please contact us to discuss your requirements.

Data Protection Officer and Contact

If you have questions about our GDPR compliance or wish to exercise your data protection rights, you can contact us:

Email: dpo@guzli.com
Or use the general contact options on our contact page.

Depending on your location, you may also have the right to lodge a complaint with your local data protection authority.

Keeping This Page Up to Date

We regularly review and update our GDPR practices to reflect changes in law, regulation, and our services.

Any significant changes to how we support GDPR compliance will be reflected on this page. For additional legal details, including our full privacy policy and contractual terms, please also see:

Our GDPR Commitment