What can you tell me about GDPR compliance?

LibraryH3lp has been designed as a privacy-first application, and so it is in agreement with GDPR.  The customer library is the main custodian of its data and controls its own internal users, queues, and transcript retention.  The default for newly created queues is to NOT store transcripts, but transcripts storage can be enabled by the customer.

Guests are anonymous by default and there is no requirement on LibraryH3lp's side to require them to enter any identifying information such as email address or name to begin the chat.  The guest's library may prompt for that information during the chat, or the guest may offer it, in which case it will only be stored if the library has opted to enable transcript storage.    

GDPR treats IP addresses as sensitive, but it also allows for storing such data if there is a business case for it.  IPs are used to support the "block" feature, and they are often used to help determine whether a guest is on campus when chatting about licensed resource access issues.  However, we have additional options for ongoing storage:

1. Save the IP indefinitely, until the chat is deleted or our "anonymize" feature is used.  This is the default.
2. Never save the IP, so it vanishes after the chat is completed.
3. Save only the subnet for the IP (all but the numbers after the last dot).  This allows continued analysis via geo-IP tools or on/off campus determinations, without ability to associate the IP with a specific individual.

We can automate routine, scheduled transcript and/or IP deletion if desired. Customer libraries can also implement routines like this independently using our API.

If a guest came directly to us at LibraryH3lp with a request to have their private information removed, we are able to comply with that request within a week.

Please contact us through our regular support channels with requests and further questions.

FAQ URL: