Warmly Compliance & Privacy
Maximus Greenwald avatar
Written by Maximus Greenwald
Updated over a week ago


Is This Privacy Aware?

Yes, Warmly is GDPR/CCPA Compliant. If customers are doing business in Europe, we recommend customers have a cookie policy in their privacy policy or terms of service. Additional details on privacy are at the end of this document.

Is This Secure?

Yes, Warmly takes security extremely seriously. We are SOC2 Type2 Compliant. Please see here for full transparency on our security posture: https://security.warmly.ai/.

What User / Browser Information Does The Snippet Send To Warmly?

Warmly receives the following pieces of information:

  • IP Address

  • URL and URL’s UTM parameters

  • Session cookie

  • Session status (active, idle, closed)

  • ClientId (so we know which client we’re processing traffic for)

  • Form fill information

  • User agent

  • Messages exchanged via chat

  • Pages visited

  • Time spent on page

  • Inbound widget interactions from the end user (e.g. requesting a call/chat)

Where Is This Data Stored By Warmly?

Google Cloud Platform


From a privacy perspective, it is our customer’s obligation as the data controller to ensure they have the right to provide the data to Warmly to perform the processing described above. While we do not provide legal advice to our customers on their EU or GDPR compliance, our customers should follow the EU ePrivacy Directive with respect to required opt-outs or opt-ins and also rely on legitimate interest for the use of business contact information for marketing purposes. As a general matter, the EU cookie policies have been in flux for a while. The EU has the ePrivacy Directive, which is implemented through individual country privacy laws. In general, the EU ePrivacy Directive requires informed consent for the placement of a cookie or use of another technology that stores or accesses information on a user’s device. There are exceptions to the consent requirements, for example, for technical storage and access purposes and where strictly necessary to provide a service requested by a subscriber. The scope of these exceptions (for example, whether it includes analytics cookies) differ among some member countries. Many of our customers follow the most restrictive approach, while others adopt different approaches based on the countries in which they do business and the types of services they provide to their subscribers. Some customers consider the collection of cookie data analytics as essential for running their business. This varies based on the customer and their use case.

Regardless of the above, there are two components to the Warmly snippet: (1) the JavaScript, and (2) the cookie. Features of the Warmly snippet provide our customers’ webmasters the ability to either: (1) place both the JavaScript and cookie behind a cookie banner, or (2) place just the cookie behind the cookie banner while allowing the JavaScript to fire. The Warmly JavaScript allows for account identification without dropping a cookie. In this case, while our customer will not collect cookie information to track a specific visitor’s journey, the JavaScript will be able to identify a specific account that has visited the customer’s website, and information such as date/time of access, browser used, etc. to provide value to the customer. Many customers consider this an important use-case because it allows for website personalization depending on the account that are visiting the website.

Note that all data displayed as a result of collection by the Warmly JavaScript is at the “company level,” and Warmly does not identify a person from the JavaScript data that we collect. Warmly cannot and does not identify individuals through this process as person level identification comes from other opt-in means.

This article was written by the Customer Success team at Warmly. Please feel free to reach out to your CSM directly or [email protected]

Did this answer your question?