Privacy & Blocking
Handle spam, block abusive visitors, and manage privacy requests.
Protect your team and comply with privacy regulations by managing who can chat and how data is handled.
Blocking Visitors
When to Block
Block visitors who:
- Send spam or irrelevant messages
- Are abusive or harassing
- Attempt to exploit your AI
- Violate your terms of service
How to Block
Find the problematic conversation.
In the conversation menu or visitor info.
Choose block duration and confirm.
Block Options
| Duration | Use Case |
|---|---|
| 24 hours | Temporary cool-off |
| 7 days | Short-term issue |
| 30 days | Repeat offender |
| Permanent | Severe violations |
What Happens When Blocked
- Widget won't load for that visitor
- Or widget loads but messages aren't delivered
- Visitor can't start new conversations
- Existing conversations are archived
Managing Blocked Contacts
Viewing Blocked Contacts
- Go to Contacts
- Filter by Blocked
- See all blocked visitors
Unblocking
Use the blocked filter.
Click to view details.
Restore their access.
Consider unblocking after sufficient time has passed or if the block was a mistake.
Spam Protection
Automatic Detection
tahc includes spam protection:
- Rate limiting (messages per minute)
- Repetitive message detection
- Known spam patterns
- Bot detection
Handling False Positives
If legitimate users are flagged:
- Review their conversations
- Unblock if appropriate
- Adjust sensitivity settings
Privacy Compliance
GDPR Compliance
tahc helps you comply with GDPR:
| Right | How to Handle |
|---|---|
| Access | Export all user data |
| Erasure | Delete contact and conversations |
| Rectification | Edit contact information |
| Portability | Export in standard format |
Handling Data Requests
Customer requests their data or deletion.
Confirm they are who they claim to be.
Export data or delete as requested.
Notify customer when done.
Data Access Request
To export a user's data:
- Find their contact
- Click Export Data
- Download includes:
- Contact information
- All conversation transcripts
- Notes (if applicable)
- Custom field data
Data Deletion Request
To delete a user's data:
- Find their contact
- Click Delete
- Confirm deletion
- All data is removed
Deletion is permanent and cannot be undone. Consider exporting data first for your records.
Data Retention
Automatic Retention
Configure how long data is kept:
- Go to Settings > Privacy
- Set retention periods:
- Conversation transcripts
- Contact information
- Analytics data
Retention Options
| Period | Use Case |
|---|---|
| 30 days | Minimal storage |
| 90 days | Standard support |
| 1 year | Extended analysis |
| Forever | No auto-deletion |
Manual Cleanup
Delete old data manually:
- Go to Contacts or Conversations
- Filter by date
- Select items to delete
- Bulk delete
IP Blocking
Block by IP address for severe cases:
When to IP Block
- Coordinated spam attacks
- Technical exploitation attempts
- Persistent bad actors using multiple identities
Adding IP Blocks
- Go to Settings > Security > IP Blocks
- Enter the IP address or range
- Add a note explaining why
- Save
IP Block Considerations
- May affect legitimate users on shared IPs
- Consider geographic implications
- Review periodically
Cookie Consent
Widget and Cookies
tahc uses minimal cookies:
- Session identification
- Conversation continuity
- Basic analytics
Consent Integration
If you have a cookie consent banner:
- tahc widget loads after consent
- Or configure "essential only" mode
- Widget respects DNT (Do Not Track)
Configuring Cookie Behavior
- Go to Settings > Privacy
- Choose cookie mode:
- Essential Only — Minimal tracking
- Full — All features enabled
- Customize consent message if needed
Conversation Privacy
Team Access
Control who sees what:
- All agents see all conversations by default
- Configure role-based access
- Restrict sensitive conversations
Message Redaction
Redact sensitive information:
- Open the conversation
- Find the sensitive message
- Click Redact
- Information is hidden
Audit Logging
Track who accessed what:
- View in Settings > Audit Log
- See all data access events
- Export for compliance
Best Practices
Respond to Requests Promptly
- GDPR requires response within 30 days
- Faster is better for customer trust
- Document all requests and responses
Use Blocking Judiciously
- Block for legitimate reasons only
- Document why you blocked
- Review blocks periodically
Regular Privacy Audits
- Review data retention settings
- Clean up old data
- Update privacy policies
Train Your Team
- Ensure team understands privacy obligations
- Document procedures
- Regular refresher training
Troubleshooting
Can't Find Contact to Delete
- Search by email, not just name
- Check for typos
- May be anonymous visitor (no contact record)
Blocked User Can Still Chat
- Clear cache on their device
- May be using different device/IP
- Check block is still active
Data Export Incomplete
- Wait for export to fully generate
- Check for large file size
- Contact support for assistance
Next Steps
- Set up team roles for access control
- Configure compliance settings
- Review security best practices
Was this helpful?