Yes. In GDPR lingo, we take on the role of "data processor" and we abide by all the rules that follow from that. Because we can't tell when someone is sharing their shoe size or their most intimate secrets, we simply treat all message data as potentially "Personally Identifiable Information" and act accordingly.
Note that because we're a "data processor", our customers (i.e. you) are still responsible for getting your user's permission for collecting said data (depending on your reading of the law, this is implicitly given by their choice to use your messaging feature, or you'll have to ask for explicit consent).
In line with GDPR principles, we do not collect or store any data that is not needed for providing a good cross-device messaging service. Notably, we don’t “track” your users for marketing purposes. If a user files a "right to be forgotten" request, you can either user our REST API for irrevocably removing all their data, or ask us to do it for you.
CEO at Crowdyhouse
Whether you're building a marketplace, on-demand business, e‑commerce, crowdfunding, travel and events platform, TalkJS is the chat tool for you.