Taituri
← Blog

June 21, 2026

You're handling people's data: what GDPR forces you to build

The moment your bot receives its first message, you’re already handling personal data: the person’s number, their name, what they type, the images you generate from their input. That puts you squarely under GDPR. And it’s not a box you tick at the end — it’s infrastructure that must exist before the first conversation.

What you must have in place

  • A consent gate. Before you ask for anything, the person must know who handles their data, why, that you use AI, and their rights. And they must actively accept it. “By using this you agree” doesn’t cut it: it has to be explicit.
  • A real privacy policy, public and accessible (not hidden behind a login), naming the data controller, purposes, legal basis, retention periods and how to exercise rights.
  • Knowing who your data processors are. Your bot doesn’t live alone: data flows through Meta (WhatsApp), whoever generates the images, your hosting, your payment gateway. Each is a processor you must name, and many process data outside the EU → you must cover those transfers with appropriate safeguards.
  • Retention and deletion. Conversations aren’t kept forever: you need a mechanism that deletes them when they’re no longer needed.

And when you serve other shops, it levels up

If your assistant serves customers of other businesses, you become their data processor. That means data processing agreements (DPAs) with each one, documenting what you do with their data, where, and with what safeguards. That’s real legal work, not a PDF copied off the internet.

Why it matters (beyond the fine)

It’s not just about avoiding penalties. It’s that a shop won’t connect to an assistant that hasn’t sorted this out — because the liability would land on them. Compliance isn’t a cost: it’s a requirement to sell.

Getting this right — consent, policy, processors, deletion, DPAs — is weeks of work the end customer never sees, but without which no serious business lets you into their operation.

That’s why Taituri ships it built-in. You connect your WhatsApp; the legal wall is already up.

— The Taituri team