Last Updated: June 2026
Your privacy is important to us. This privacy statement explains our collection, use, and disclosure of personal information. This privacy statement applies to Chatlio LLC dba Chatlio and Roomlio (“Chatlio” and “we”, “us”, “our” etc). References to our “products” in this statement include our websites, apps, software, and services. This statement applies to our products that display or reference this statement, but it does not apply to any products that display or reference a different privacy statement.
Chatlio services are intended for and provided to businesses and other organizations, and not individual consumers or end-users. In some cases, in providing those services, we process personal information of customer end-users or visitors to our customers’ websites. When we do, we do so as a service provider or a “data processor” to those organizations, but we do not control and are not responsible for the privacy practices of those organizations. This privacy statement does not apply to personal information we process as a service provider or data processor on behalf of our customers. If you are a consumer end-user of one of those organizations, you should read that organization’s privacy statement and direct any privacy inquiries to that organization.
California consumers can find specific disclosures, including “Notice at Collection” details, by clicking here.
We collect and process personal information about you with your consent and/or as necessary to perform our contractual obligations, provide our services, meet our legal obligations, protect the security of our systems, or fulfill other legitimate interests.
Information you provide directly. If you are a customer or partner of Chatlio, we typically collect the personal information necessary to carry out our relationship with you, such as your name and contact information. We collect billing and payment information where appropriate, and retain only the last four digits of the credit card, as well as authorization or validation tokens. As a Chatlio customer, you may also choose to provide additional information about your own customers (“visitors”) using our API.
Information we collect automatically. When you visit our website or our customers’ websites that have integrated our products, or when you interact with our products, some information is collected automatically.
Identifiers and device information. Our web servers automatically log your Internet Protocol (IP) address and information about your device, including device type, operating system, browser type, and language. We may also collect identifiers used by third party service providers such as Segment and Google from our customers’ websites. For products running on the Slack platform, we also collect your Slack Team ID, Slack Channel IDs (for Chatlio related channels), and Slack User IDs (for Chatlio related users).
Geolocation data. We may derive additional information about your location based on your IP address.
Usage data. We automatically log your activity on our website, including the URL of the website you visited before ours, and your access times.
Content of chat messages. When chat message storage is enabled for your account, we store the content of chat messages exchanged between our customer and its visitors. This includes messages sent by visitors through the Chatlio widget and responses sent by our customer through Slack or other connected platforms. Chat history storage is currently available as a limited beta for selected accounts.
Third-party sources. We also obtain information from third-party data sources. Additionally, we may obtain data from other sources such as:
We protect data obtained from third parties according to the practices described in this statement, plus any additional restrictions imposed by the source of the data.
When you are asked to provide personal information, you may decline. But if you choose not to provide information that is necessary to enter into a contract or for certain services or features to function correctly, you will not be able to take full advantage of our offerings.
We may use cookies and similar technologies to operate our websites and online services and to help collect data. Cookies are small text files placed on your device to store data that can be recalled by a web server in the same domain that placed the cookie. The text in a cookie often consists of a string of numbers and letters that uniquely identifies your device, but it can contain other information as well.
We use cookies to store your preferences and settings, enable you to sign-in, combat fraud, analyze how our products perform, and fulfill other legitimate purposes.
Our web pages may contain electronic images known as web beacons (also called single-pixel gifs) that we use to help deliver cookies on our websites, count users who have visited those pages, and gather usage and performance data. We also include web beacons in our email messages or newsletters to determine whether you open and act on them.
Our websites may include web beacons and cookies from third-party service providers. In some cases, that is because we have hired the third party to provide services on our behalf, such as site analytics. In other cases, it is because our web pages contain content or ads from third parties, such as videos, news content, or ads delivered by other ad networks. Because your browser connects to those third parties’ web servers to retrieve that content, those third parties are able to set or read their own cookies on your device and may collect information about your online activities across websites or online services.
There are a range of cookie and related controls available through browsers, mobile operating systems, and elsewhere. See the “Choice and Control of Personal Information” section below for details.
We use each of the categories of personal information collected through our products for the business purposes described in this privacy statement or otherwise disclosed to you. For example, we use personal information to:
allow you to support your visitors via chat and email including custom data you provide via our API, data we collect about the visitor’s browser, location and current page, and, where enabled, stored chat message content for chat history retrieval and reporting;
connect to Slack on your behalf to manage slack resources specific to Chatlio like channels and messages;
connect to Slack on your behalf to show and export chat transcripts;
login to our dashboard and configure Chatlio, update billing, add users or run reports;
provide and deliver our products, including securing, troubleshooting, improving, and personalizing those products;
operate our business, such as improving our internal operations, securing our systems, and detecting fraudulent or illegal activity;
understand you and your preferences to enhance your experience and enjoyment using our Services;
provide customer support and respond to your questions;
send you information, including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages;
communicate with you about new products, offers, promotions, rewards, contests, upcoming events, and other about our products and those of our selected partners (see the Choice and Control section of this privacy statement for how to change your preferences for promotional communications); and
display advertising to you (see the Cookies section of this privacy statement for information about your advertising choices)
In carrying out these purposes, we combine data we collect from different sources to give you a more seamless, consistent and personalized experience.
We disclose personal information with your consent or as necessary to complete your transactions or provide the products you have requested or authorized. For example, when you provide payment data to make a purchase, we will share that data with banks and other entities as necessary for payment processing, fraud prevention, credit risk reduction, or other related financial services.
In addition, we also disclose personal information to vendors or agents working on our behalf for the purposes described in this statement. For example, companies we’ve hired to provide website analytics, customer service support, or assist in protecting and securing our systems and services may need access to personal information to provide those functions. In such cases, these companies must abide by our data privacy and security requirements and are not allowed to use personal information they receive from us for any other purpose. We may also disclose personal information as part of a corporate transaction such as a merger, transfer, divestiture, or sale of all or a portion of our business or assets.
Finally, we will access, transfer, disclose, and preserve personal information when we have a good faith belief that doing so is necessary to:
Please note that some of our services also include integrations, references, or links to services provided by third parties whose privacy practices differ from ours. For example, some of our products operate on the Slack platform. If you provide personal information to any of those third parties, or enable us to share personal information with them, that data is governed by their privacy statements.
Access, correction, and deletion. If you wish to request access to, or correction or deletion of, personal information about you that we hold, contact us at [email protected]. However, to the extent permitted by applicable law, we reserve the right to decline requests that are unreasonable, excessive, or prohibited by law, could adversely affect the privacy or other rights of another person, or where we are unable to authenticate you as the person to whom the data relates. If you receive a response from us informing you that we have declined your request, in whole or in part, you may appeal that decision by submitting your appeal [to our data protection officer] using the contact method described at the bottom of this privacy statement. If you are a visitor to the website or service of a Chatlio customer, you should first contact them to request access to, or correction or deletion of, any such personal information.
Communications preferences. You can choose whether you wish to receive promotional communications from us by email, SMS, physical mail, and telephone. If you receive promotional email, in-app messages, chat messages or SMS messages from us and would like to stop, you can do so by following the directions in that message. If you receive a sales call from us, you can ask to be placed on our do-not-call list. These choices do not apply to mandatory service communications that are part of certain of our products, or to surveys or other informational communications that may have their own unsubscribe method.
Cookie controls. Most web browsers are set to accept cookies by default, but you can set your browser to delete or reject cookies. Instructions for blocking or deleting cookies may be available in each browser’s privacy or help documentation. If you choose to delete or reject cookies, this could affect certain features or services of our website. See the “Cookies and Similar Technologies” section of this privacy statement for more details.
Do Not Track. Some browsers have incorporated “Do Not Track” (DNT) features that can send a signal to the websites you visit indicating you do not wish to be tracked. Because there is not a common understanding of how to interpret the DNT signal, our websites do not currently respond to browser DNT signals. Instead, you can use the range of other tools to control data collection and use, including the cookie controls and advertising controls described above.
Global Privacy Control. Some browsers and browser extensions support the “Global Privacy Control” (GPC) or similar controls that can send a signal to the websites you visit indicating your choice to opt-out from certain types of data processing, including data sales and/or targeted advertising, as specified by applicable law. Because we do not “sell” personal information as defined under the CCPA, or use personal information for targeted advertising, our website does not currently change its behavior in response to the “Global Privacy Control” (GPC) signals.
If the processing of personal information about you is subject to European Economic Area, United Kingdom or Switzerland data protection law, you have certain rights with respect to that data:
To make such requests, contact us at [email protected] or review https://chatlio.com/legal/eu-privacy-summary/ for more details on contact options. When we are processing data on behalf of another party that is the “data controller,” you should direct your request to that party. You also have the right to lodge a complaint with a supervisory authority, but we encourage you to first contact us with any questions or concerns.
We rely on different lawful bases for collecting and processing personal data about you, for example, with your consent and/or as necessary to provide the services you use, operate our business, meet our contractual and legal obligations, protect the security of our systems and our customers, or fulfil other legitimate interests.
If you are a California resident and the processing of personal information about you is subject to the California Consumer Privacy Act (“CCPA”), you have certain rights with respect to that information.
At or before the time of collection, you have a right to receive notice of our practices, including the categories of personal information and sensitive personal information to be collected, the purposes for which such information is collected or used, whether such information is sold or shared, and how long such information is retained. You can find those details in this statement by clicking on the above links.
You have a right to request access to, correction of or deletion of the personal information we have collected about you, and to receive additional information about our collection, use, disclosure, or sale of such personal information. To provide or delete specific pieces of personal information we will need to verify your identity to the degree of certainty required by law. We will verify your request by asking you to send it from the email address associated with your account or requiring you to provide information necessary to verify your account.
To make requests, please contact us at [email protected] or by using the contact information provided at the bottom of this policy. When we are processing visitor’s data as a service provider to a business that is a Chatlio customer, you should direct your request to that business. You may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights under the CCPA. Before accepting such a request from an agent, we will require the agent to provide proof you have authorized it to act on your behalf, and we may need you to verify your identity directly with us.
You also have a right to opt-out from future “sales” or “sharing” of personal information as those terms are defined by the CCPA. However, we do not “sell” or “share” personal information as defined by the CCPA and have not done so in the past 12 months. We do not knowingly sell or share the personal information of minors under 16 years of age.
You have a right to limit our use of sensitive personal information for any purposes other than to provide the services or goods you request or as otherwise permitted by law. Note that the sensitive data we collect, such as stored chat content, is not used for any purposes that would trigger a right to limit its use.
Finally, you have a right to not be discriminated against for exercising these rights set out in the CCPA.
We retain personal information for as long as necessary to provide the products and fulfill the transactions you have requested, or for other essential purposes such as complying with our legal obligations, resolving disputes, and enforcing our agreements. Because these needs can vary for different data types, actual retention periods can vary significantly based on criteria such as user expectations or consent, the sensitivity of the data, the availability of automated controls that enable users to delete data, and our legal or contractual obligations. For example, when chat message storage is enabled, message content is retained for as long as your account is active or as needed to provide the chat history service. To meet our legal compliance obligations, we maintain minimal account information for 7 years from the time your account is closed. This includes the email address of the user who signed up for Chatlio, and the billing information including invoices at our payment processor. For all other data we delete as soon as practicable. For example, we purge all web access logs in no more than 90 days, including records of visitors who did not start a chat conversation.
The personal information we collect may be stored and processed in your country or region, or in any other country where we or our service providers maintain facilities. Currently, we primarily use data centers in the United States of America. The storage location(s) are chosen in order to operate efficiently, to improve performance, and to create redundancies in order to protect the data in the event of an outage or other problem. We take steps designed to ensure that the data we collect under this statement is processed according to the provisions of this statement and applicable law wherever the data is located.
Chatlio transfers personal information from the United Kingdom, European Economic Area and Switzerland to other countries, some of which have not been determined by the European Commission or the UK Information Commissioner to have an adequate level of data protection. When we do so, we use a variety of legal mechanisms, including contracts, to help ensure your rights and protections. To learn more about the European Commission’s decisions on the adequacy of personal information protections, please visit: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en.
Chatlio also participates in the EU-U.S. Data Protection Framework (DPF), the Swiss-U.S. DPF, and the UK Extension to the EU-U.S. DPF. Chatlio complies with the DPF Principles with respect to personal data transferred from the EEA, Switzerland, and UK to the United States in reliance on the DPF. If there is any conflict between the terms in this privacy statement and the DPF Principles, the DPF Principles shall govern. To learn more about the DPF program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
Chatlio is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. If third-party agents process personal data on our behalf in a manner inconsistent with the DPF Principles, we remain liable unless we prove we are not responsible for the event giving rise to any damages. If you have a question or complaint related to our compliance with the DPF Principles, please contact us as indicated at the bottom of this privacy statement. For any complaints related to the DPF that cannot be resolved with us directly, you may refer the matter to Data Privacy Framework Services, operated by the BBB National Programs, an independent dispute resolution body based in the United States, at https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers. The services of BBB National Programs are provided at no cost to you. Finally, under limited circumstances and after other available dispute resolution mechanisms have been exhausted, binding arbitration is available to address certain residual complaints under the DPF not resolved by other means (see https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf for details).
We take reasonable and appropriate steps to help protect personal information from unauthorized access, use, disclosure, alteration, and destruction. All traffic and data is encrypted in transit and we leverage Hetzner Cloud and Amazon AWS for hosting Chatlio infrastructure. Access to internal systems are tightly controlled and only those people that require access are given access. Services only expose the ports that are necessary. We monitor logs for abuse and misuse. All backups are encrypted and purged after a short amount of time.
To help us protect personal data, we request that you use a strong password and never share your password with anyone or use the same password with other sites or accounts.
We will update this privacy statement when necessary to reflect changes in our products, how we use personal information, or the applicable law. When we post changes to the statement, we will change the “Last Updated” date at the top of the statement. If we make material changes to the statement, we will provide notice or obtain consent regarding such changes as may be required by law.
If you have a privacy concern, complaint, or a question for Chatlio LLC or our data protection officer, please contact us at [email protected].
Our address is 1329 N 47TH ST #31231, Seattle, WA 98103 United States. Telephone: +1 206-438-3846
This website is built using latest technogies. Unfortunately your browser doesn't support those. Please update your browser to view this website correctly. Thank you.Update my browser now