Everything you need to know about LiveAgent’s GDPR compliance

LiveAgent is committed to privacy, security, compliance and transparency. This approach includes supporting our customers’ compliance with EU data protection requirements, including those set out in the General Data Protection Regulation (GDPR), which became enforceable on May 25th, 2018.

What is GDPR?

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).

To Whom Does the GDPR Apply?

One way in which the personal data of an EU citizen could be collected when using LiveAgent is when you build a database of contacts, their information, and business dealings with them (i.e. a CRM system). Not all customers will be “data subjects”, as data subjects are only individuals. Some of your customers may be businesses or government organizations, which the GDPR does not apply to.

Is LiveAgent GDPR compliant?

Yes, LiveAgent is fully GDPR compliant as of May 2018.


  • Do you have any dedicated data protection officer (DPO) or compliance / security team working?
    Yes, we have both an internal team and a dedicated Data Protection Officer. Please direct all your questions related to GDPR compliance to info@liveagent.com
  • How will you verify to customers that you are in compliance with the new regulation?
    If you wish for formal verification, you can provide us with your data processing agreement template, which we can return filled and signed.
  • How is sensitive information stored and do you have processes in place in the event of a data breach?
    Sensitive information is stored securely, with limited access. We react to data breaches immediately, by notifying affected parties, DPOs and local institutions, according to our internal GDPR guidelines.
  • How long do you store customer data for?
    We store customers’ data only for the time of using our services or until they request to delete their data.
  • Where is your customer data physically stored?
    Data of our EU customers are stored in our European datacenters located in Germany, UK and Slovakia and are hosted by Linode, Inc. 
  • Which of your teams will have access to customer personal information?
    We access customer’s personal information only based on prior request by the customer or with the customer’s approval. In most common cases, it is the customer support team, development team or marketing team.
  • How does your organization handle instances when customers request their data to be removed from your system(s)?
    When a customer requests deletion of their data, we proceed with the deletion immediately, with no further delay.
  • How do you handle data protection requirements with any of your sub-processors?
    We sign data processing agreements with each of our sub-processors or sub-contractors.
  • What third party organizations (sub-processors) do you work with that may also have access to the data we share with you?
    See list of LiveAgent sub-processors and subcontractors.
  • What new safeguards or processes did you implement in order to meet the May 25 deadline?
    Most of the safeguards and processes have been in place before the deadline because we don’t take privacy of our customers’ data lightly. We were implementing more guidelines on how to handle sensitive data, how to react to incidents and data breaches and more.
  • What processing operations are done by the Data Processor (LiveAgent)?
    All actions necessary to provide adequate customer support and reliable service.
  • Who are the Data subjects?
    Persons whose data have been shared with the customer or with LiveAgent.
  • What are the Categories of Data?
    Name, Email, Phone number, Address, IP Address, Timestamps of actions, Browser Cookies, Additional data collected by customers.
  • Are there any Special Categories of Data?
    No, there aren’t any special categories of data.
  • How are cross border transfers handled, who is the data exporter and who is the data importer?
    Cross border transfers are done within EU or US grounds.

Additional security measures

Two-factor authentication

2-Step Verification adds more security to your LiveAgent account. When you have 2-Factor Authentication enabled, any attempt to log into your account must be accompanied by the code that you generated in Google Authenticator app. 2-Step Verification can help keep unknown people out, even if they have your password.

HTTPS Encryption

All LiveAgent hosted accounts run over a secure connection using the HTTPS protocol. Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to. It means all communication between your browser and LiveAgent is encrypted, including your chat and email communication.

Secure credential storage

We follow latest best practices to store and protect user login credentials and passwords in the cloud.

IP & network restrictions

Your LiveAgent Agent panel can be configured to only allow access from specific IP address ranges.

API Security

LiveAgent REST API is restricted to accredited users based on username and password or username and API tokens.

SPAM filtering

LiveAgent has an intelligent built in SPAM filter that learns and improves its filtering capabilities continuously.

Features/functionality to assist you with GDPR compliance program

LiveAgent provides customers the option to delete Service Data that may contain personal data, such as profiles, tickets, images, and attachments, in active LiveAgent accounts. Within the LiveAgent, Administrators and Agents (collectively described as “Users”) have profiles with hierarchical privileges, as described here.

Agent Profile Deletion
LiveAgent currently supports the deletion of Agent profile information as described here. Admins and Owner can delete profiles of all Users, including Agents. They can delete Agents in Configuration>Agents>Delete Agent. LiveAgent retains Account Owner information in order to continue to provide its service. When an account is terminated, LiveAgent follows its Data Deletion Policy for remaining profile information.

End-User Profile Deletion
LiveAgent currently supports the deletion of End-User profile information as described here. Owner, Administrators and Agents can delete End-User profiles. Following this deletion action, the End-User profile is removed from the User Interface and the End-User identity is deleted from the system, along with OAuth Tokens, Sessions and Saved Searches.

Ticket Deletion
Tickets can be deleted by following the steps outlined here. This article also addresses how to permanently delete tickets. 

Customer Portal Profile Deletion
Customers can delete their profiles from a Customer Portal by following steps described here (Customer Portal profile deletion is the same process as End user profile deletion).

Consent Acceptance for Providing Live Support via Live Chat
One of the requirements of GDPR is your obligation to inform your customers that you and/or a 3rd party processor will gather their personal data. When providing customer service via live chat, we suggest to place a consent acceptance in your pre-chat form.

Right to erasure (“Right to be forgotten”)

LiveAgent application allows you to delete all sensitive data about your customers upon their request directly in LiveAgent application by deleting all tickets and contact data related to your customer.

Additionally every LiveAgent account owner has full control over his account and can request to be deleted any time by mail to our support@liveagent.com. Liveagent cloud has also automatic procedures for deleting suspended accounts to make sure we don’t store permanently your data after you decide to stop using our services.

Automatic procedures

In case trial account is not upgraded to paid plan within 14 days or billing of already upgraded account is failing more than 7 days, account is suspended. Suspended account doesn’t allow user logins or access data either by account owner or his customers.

In case account owner doesn’t request to unsuspend his account by email or chat, within next 60 days is account terminated (domain stops to be active, we remove account configuration from cloud, but we keep data in storage).

Terminated accounts are deleted automatically from our cloud within next 30 days. From this point we don’t have any active data in LiveAgent cloud, we store for another 30 days just cold backup of database. Once backup expires, we don’t store any data from your  account anymore.

Additional resources

Do you have questions?

Contact us at info@liveagent.com.

Related Articles
Read more about EU General Data Protection Regulation. Its primary goal is to increase the level of protection around the personal data of EU citizens.


LiveAgent is committed to privacy, security, compliance, and transparency, and supports GDPR compliance. It offers an Interactive Voice Response (IVR) feature for call center software, with customizable options available in the Large plan starting at $49 per month per agent. Customers can request for their data to be deleted from the system, and LiveAgent has procedures in place to ensure inactive accounts are deleted within a set timeframe.

LiveAgent verpflichtet sich zu Datenschutz und Transparenz. Für mehr Informationen, sehen Sie sich bitte die GDPR-Compliance-Seite von LiveAgent an.

Einhaltung des GDPR bei LiveAgent

LiveAgent is committed to confidentiality, security, compliance, and transparency. They comply with EU data protection requirements, including GDPR regulations. GDPR protects the data of all individuals in the EU. LiveAgent collects personal data from EU citizens in various ways, such as contact databases. Not all customers are considered "data subjects," such as businesses or government agencies. LiveAgent is fully prepared to comply with GDPR and has a dedicated Data Protection Officer. They store confidential information securely, respond promptly to data losses, and delete customer data upon request. LiveAgent signs DPA agreements with its subcontractors and limits access to personal data. They implement policies for handling confidential information and responding to incidents. Personal data categories include name, email, phone, address, IP address, user activity logs, and additional customer data. LiveAgent executes necessary activities to provide adequate customer support and reliable service. They perform cross-border transfers only within the EU or US, and employ 2FA for added security.

General Data Protection Regulation is a regulation created to unify data protection inside the European Union. Learn more about GDPR in LiveAgent website.


The TEXT mentions LiveAgent, a customer service software that offers features such as VoIP phone systems, complaint management, client portal, and email management. The company also partners with VoIP providers and offers an affiliate program. The TEXT includes a message about building a LiveAgent dashboard after sign up, and the website uses cookies according to their privacy and cookies policy.

More than 17,000 customers trust LiveAgent with their data. Data security is of utmost importance for us. Liveagent servers are hosted at tier IV or III+, PCI DSS, SSAE-16, or ISO 27001 compliant facilities.

Security privacy policy

The given text promotes LiveAgent, a help desk software for startups. It offers various features and integrations, including customer service software, VoIP phone systems, and complaint management systems. The company also provides support, data migration, and a customer review portal. Sales contacts and social media links are provided for interested parties to reach out to them. The text also mentions the ongoing installation process for new users, and the use of cookies on their website.

Our website uses cookies. By continuing we assume your permission to deploy cookies as detailed in our privacy and cookies policy.

Schedule a one-on-one call and discover how LiveAgent can benefit your business.

We’re available on multiple dates

Schedule a demo