Privacy Policy 

This privacy policy explains the specific ways we use and disclose the information we collect when you interact with us. By using or accessing the Services in any manner, you acknowledge that you accept the practices and policies outlined in this Privacy Policy, and you hereby consent that we will collect, use, and share your information in the following ways.

Bitbox SIA (Chatsper)

Legal address Krišjāņa Barona iela 94A-14, Rīga, LV-1024, 40203098731  (hereinafter referred to as “Bitbox”)

Contact email:

Effective date: May 25, 2018


Customer Data - any Personal Data that Bitbox processes on behalf of Customer as a Data Processor in the course of providing Services

Data Protection Laws - all data protection and privacy laws applicable to the processing of Personal Data under the Agreement, including, where applicable, EU Data Protection Law

Data Controller - an entity that determines the purposes for which and the means by which Personal Data is processed

Data Processor - an entity that processes Personal Data on behalf of the Data Controller

Data Subject - an identified or identifiable natural person

EU Data Protection Law - (i) prior to 25 May 2018, Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of Personal Data and on the free movement of such data ("Directive") and on and after 25 May 2018, Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (General Data Protection Regulation, hereafter - "GDPR"); and (ii) Directive 2002/58/EC concerning the processing of Personal Data and the protection of privacy in the electronic communications sector and applicable national implementations of it (as may be amended, superseded or replaced)

Personal Data - any information relating to a Data Subject

Services - any product or service provided by Bitbox to Customer pursuant to the Agreement

Subprocessor - any third party Data Processor engaged by Bitbox to assist in fulfilling its obligations with respect to providing the Services pursuant to the Agreement

  1. Processing of Customer Data

1.1. As between Bitbox and Customer, Customer is the Data Controller of Customer Data, and Bitbox shall process Customer Data only as a Data Processor acting on behalf of Customer. 

1.2. Customer acknowledged that Bitbox shall have a right to use and disclose data relating to the operation, support and/or use of the Services for its legitimate business purposes, such as billing, account management, technical support, product development and sales and marketing. To the extent any such data is considered personal Data under Data Protection Laws, Bitbox is the Data Controller of such data and accordingly shall process such data in accordance with the Bitbox Privacy Policy and Data Protection Laws.

2. Types of Data collected

2.1. Among the types of Personal Data that Bitbox collects (by itself or through third parties), there are: 

  1. Customer and Users: chat history, IT information (IP addresses, usage data, cookies data, navigation data, browser datai, other identification data through Intercom or other integrated third parties).

  2. Facebook Messenger Subscribers (if applicable): identification and publicly available social media profile information (full name, gender, geographic location, picture), chat history, navigation data (chatbot usage information) and other data submitted, stored, sent or received by end users and other personal information, the extent of which is determined and controlled by the Customer in its sole discretion. 

2.2. Other Personal Data collected may be described in other sections of this privacy policy or by dedicated explanation text contextually with the Data collection. The Personal Data may be freely provided by the Client, or collected automatically when using Data Controller services.

2.3. Failure to provide certain Personal Data may make it impossible for Data Controller to provide its services.

2.4. Data Controller is responsible for any Personal Data of third parties obtained, published or shared through this Application and confirm that they have the third party's consent to provide the Data to this Application.

3. The use of the collected Data

3.1. The Customers Data is collected to allow the Data Processor to provide its Services to Data Controller. 

3.2. Customer agrees that it shall comply with its obligations as a Data Controller under Data Protection Laws in respect of its processing of Customer Data and any processing instructions it issues to Bitbox, and it has provided notice and obtained (or will obtain) all consents necessary under Data Protection Laws for Bitbox to process Customer Data and provide Services pursuant to the Agreement. 

3.3. Bitbox does not process payments or collect payment-related information through the Services, yet it is executed by Subprocessor, if any. Any information you provide to the payment processor is governed by the Subprocessor’s privacy policy. 

3.4. Bitbox can use Customer's information if justified by legitimate interests. The usage of the information may also be necessary for our Company's business interests, including but not limited to evaluate and review Company's business performance, create financial statements, improve Services or to identify potential cyber security threats. Bitbox is obligated to retain certain information because of legal requirements, e.g, commercial or tax laws.

3.5. Bitbox may use Customer's email address and names for own email marketing campaigns. Customer can object to this use at any time by following the link to unsubscribe at the bottom of the marketing emails.

4. Subprocessing

4.1. Customer agrees that Bitbox may engage Subprocessors to process Customer Data. 

4.2. Information about Bitbox's Subprocessors is available in Appendix 1 below and may be updated by Bitbox from time to time. Customer hereby authorizes these specific Subprocessors.

4.3. When requested by the Customer, Bitbox shall make available to Customer current list of all Subprocessors used for the processing of Customer Data. 

5. Mode and place of processing the Data

5.1. The Data Controller processes the Data of prospective users in a proper manner and shall take appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data. 

5.2. The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Data Controller, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of the site (administration, sales, client customer manager) or external parties (such as third party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Data Controller. The updated list of these parties may be requested from the Data Controller at any time.

5.3. Customer acknowledges that in connection with the performance of the Services, Bitbox employs the use of cookies, unique identifiers and similar tracking technologies. 

6. Data Retention time

6.1. The Data is kept for the time necessary to fulfil the purposes for which we collect the personal information, in accordance with our legal obligations and legitimate business interests, or stated by the purposes outlined in this document, and the Customer can always request that the Data Controller suspend or remove the data.

7. Facebook permissions asked by this Application

7.1. Bitbox may ask for some Facebook permissions allowing it to perform actions with the Customer's Facebook account and to retrieve information, including Personal Data, from it, in order to provide services pursuant in the Agreement. For more information about the following permissions, refer to the Facebook permissions documentation and to the Facebook privacy policy.

8. The rights of Data subjects

8.1. Data Subjects have the right, at any time, to exercise their rights under the Data Protection Laws with respect to Personal Data (including access, rectification, restriction, deletion or portability of Personal Data, as applicable), to the extent permitted by the law. 

8.2. Bitbox will provide reasonable assistance, including by appropriate technical and organizational measures and taking into account the nature of the Processing, to enable Customer to respond to any request from Data Subjects.

8.3. Requests should be sent directly to the Data Controller, who shall be solely responsible for responding to any Data Subjects' requests. 

9. Data Breach

9.1. Bitbox shall, to the extent permitted by law, notify Customer upon Company or any Subprocessor becoming aware of a Data Breach affecting Customer Data. Company will reasonably investigate the situation and take other steps, in accordance with any applicable laws and regulations.

10. Additional information about Data collection and processing

10.1. The Customer's Personal Data may be used for legal purposes by the Data Controller, in Court or in the stages leading to possible legal action arising from improper use of this Application or the related services. The Customer declares to be aware that the Data Controller may be required to reveal personal data upon request of public authorities.

11. Additional information about Customer's Personal Data

11.1 In addition to the information contained in this privacy policy, this Application may provide Data controller with additional and contextual information concerning particular services or the collection and processing of Personal Data upon request.

11.2. For operation and maintenance purposes, Bitbox and any third party services may collect files that record interaction with the Application (System logs) or use for this purpose other Personal Data (such as IP Address).

11.3. This Application does not support “Do Not Track” requests. 

12. Changes to this privacy policy

12.1. The Company reserves the right to make changes to this privacy policy at any time by giving notice to its Customers. If a Customer objects to any of the changes to the Policy, the Customer must cease using this service and can request that the Data Controller removes the Personal Data. Unless stated otherwise, the then-current privacy policy applies to all Personal Data the Data Control.


For providing quality services to the Customer Bitbox engages carefully selected Subprocessors, who provide following services, but not limited to:

  1. Online social media and social networking services;

  2. Cloud communication services;

  3. Customer support software services;

  4. Email server and automation software services;

  5. Hosting services;

  6. Payment and billing software services;

  7. Communications software services;

  8. Issue tracking software services.