...
Chat-Tonic typically does not store sensitive user information such as Name, Surname, Email, ID, unless the chatbot needs it for its normal operation (and it has been validated with the Client), for lead generation or integrations with the client or third party APIs. In any case, there are several mechanisms that are available to the client to mitigate any problem or need for data privacy:
The data stored by the chatbot can be deleted by it after a time determined by the client, which can be seconds, up to days. It is important that the correct functioning of the chatbot is allowed with this data, and then it is deleted if required.
The conversation history could be used to infer user data. The customer can choose to have Chat-Tonic delete this information after a certain number of hours. It is important to be able to keep the history for at least 24 hours if the Customer Service module is enabled, so that human agents can have the proper context to resolve the query. After that time the information can be deleted.
The system's inactive conversations are considered such after 90 days of not having communication with the chatbot (although this can be configured to be anything from 1 day to 1 year), they are eliminated from the database and stored in a separate repository indefinitely (which can also be turned off if no recollection of past conversations needs to happen).
Leads and Checkpoints can be subject to the same configuration explained in point 3, for their archiving and expiration.
User authentication
Does the application employ user / password based authentication?
Yes
...