Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Ada is a conversational AI platform that powers automated customer service chatbots and voice agents through a JavaScript widget and the Ada Engine.
Ada (ada.cx) is a Canadian conversational AI platform that lets brands deploy AI driven customer service chatbots and voice agents. Ada combines proprietary AI with large language models from OpenAI, Anthropic and others, behind an embeddable chat widget. Used by retail, travel, fintech and SaaS companies to automate up to 70 percent of support interactions.
The Ada widget writes a chatter_token, an ada_anonymous_id and a conversation identifier in cookies and localStorage. It collects IP address, user agent, the chat transcript, page context, the authenticated identifier when you provide one, and any meta information passed through metaFields. Conversations are stored on Ada infrastructure and may be used (depending on contract) to improve the model.
Loading the Ada widget writes to the user device, so Article 5(3) of the ePrivacy Directive applies. Chat content is personal data under the GDPR, and AI driven automated decisions (eg automatic refund denial) fall under Art. 22 GDPR with a right to human intervention. The EU AI Act classifies many customer service AI uses as limited risk, with transparency obligations on the human or AI nature of the interlocutor.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
On a marketing or content site, get prior consent before loading the Ada widget. Inside an authenticated product, contract performance covers the customer support flow because helping the user is part of the service. Always disclose that the interlocutor is an AI bot, the categories of data processed, and the option to be transferred to a human agent.
Ada Support Inc. is headquartered in Toronto, Canada. Canada benefits from a partial adequacy decision under PIPEDA, so transfers to the default Canadian region need no additional safeguards for commercial data. Ada also operates pods in the US (covered by the EU US Data Privacy Framework) and an EU pod for residency sensitive customers; pick the region in the data processing addendum.
Pick the EU pod when residency matters. Disable model improvement on customer conversations in the contract. Configure clear AI bot disclosure with a name like Ada bot, the bypass to a human agent and a clear privacy notice. Mask credit card and ID numbers in transcripts. Set short retention for chat logs and audit who can access conversations.
Websites using Ada must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is recommended when Ada handles health, financial or legal queries, when minors interact with the bot, when conversations are used to train downstream LLMs, or when sentiment scoring drives routing or escalation decisions.
Sample consent text
We use Ada to provide an AI assistant. Ada writes cookies on your device, processes your messages and IP address, and shares them with Ada Support Inc. in Canada (which benefits from a GDPR adequacy decision). We only load the chatbot if you accept.
Third-party domains contacted
ada.supportstatic.ada.supportsdk.ada.supportada.cxCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| chatter_token | third_party | 1 year | Authentication token for the Ada chatter session |
| ada_anonymous_id | third_party | 1 year | Anonymous identifier used to recognise a returning chatter |
| ada_conversation_id | third_party | session | Identifier of the active conversation thread |
Ada uses cookies for user preferences — inform visitors with a consent banner.
Ada writes a chatter_token cookie, an ada_anonymous_id and a conversation identifier, plus localStorage entries for chat state. Some deployments also write a session cookie scoped to the customer subdomain.
On a public site, yes. The widget writes to the user device, processes IP addresses and chat messages, and Article 5(3) ePrivacy applies. Inside an authenticated product, contract performance covers the helpdesk feature.
Consent for embeds on public pages. Contract performance for authenticated customer support. Sensitive content (health, finance) requires Art. 9 GDPR coverage. AI Act transparency obligations always apply.
By default to Canada (covered by adequacy under PIPEDA). Optionally to the US (EU US Data Privacy Framework). An EU pod is available for customers with strict residency requirements.
Recommended when the bot handles health, financial or legal queries, when minors interact, when transcripts train downstream LLMs, or when AI decisions like refund denial happen without human review.
Pick the EU pod, disable model training on customer data, disclose the AI nature of the interlocutor, offer a path to a human agent, mask credit card and ID numbers, keep retention short, and run regular bias and accuracy checks.
European AI customer service options include Dialpad Ai (US), Crisp (France), Iadvize (France, now Iadvize AI), Ultimate.ai (Germany, acquired by Zendesk), Kustomer (US, Meta), Inbenta (Spain), and self hosted options like Rasa.
List the chatter_token cookie, the ada_anonymous_id and the conversation identifier with purpose and duration, plus the localStorage entries. State Ada is a sub processor in Canada or in the chosen region, and mention the AI Act transparency notice.