It’s live! Access exclusive 2026 AI live chat benchmarks & see how your team stacks up.
Unlock the insights
It’s live! Access exclusive 2026 AI live chat benchmarks & see how your team stacks up.
Unlock the insights
Comm100 meets the requirements of the EU General Data Protection Regulation, giving organizations that serve European customers the data protection assurances they need.
GDPR requires organizations that process the personal data of EU residents to implement appropriate technical and organizational measures to protect that data. When Comm100 customers collect and process personal data through the platform, Comm100 acts as a data processor, and the customer acts as the data controller.
Comm100 supports GDPR compliance through several mechanisms. Data processing agreements (DPAs) are available to all customers and formalize Comm100’s obligations as a data processor. Sub-processor transparency is maintained through a published sub-processor list that identifies every third party involved in processing personal data on Comm100’s behalf. Data subject rights are supported through platform features that allow customers to access, export, and delete personal data in response to individual requests. Data retention controls let administrators configure how long conversation data and personal information are stored before automatic deletion.
Comm100 is a Canadian company, and Canada holds an adequacy decision under GDPR, meaning the European Commission has recognized Canada as providing an adequate level of data protection. This makes data transfers between the EU and Comm100’s Canadian infrastructure lawful under GDPR without requiring additional transfer mechanisms like Standard Contractual Clauses (SCCs) for data processed under PIPEDA.
For organizations evaluating vendors across jurisdictions, Comm100’s Canadian status simplifies the data transfer analysis.
Yes. Comm100 complies with the EU General Data Protection Regulation. Compliance measures include data processing agreements, a published sub-processor list, data subject rights support, and configurable data retention policies.
Yes. Comm100 provides data processing agreements (DPAs) to all customers. The DPA formalizes Comm100’s obligations as a data processor under GDPR.
Yes. Comm100 maintains a publicly available sub-processor list on the Trust Center that identifies each third-party sub-processor, their purpose, the data they process, and their hosting location.
Yes. Comm100’s platform supports data subject access requests, including the ability to access, export, and delete personal data. Administrators can also configure data retention policies to automatically delete conversation data and personal information after a specified period.
Need Documentation for Your GDPR Review?
Access our Data Processing Agreement and Sub-processor List to support your privacy, compliance, and vendor assessment requirements.