N8N Chat UI

Data Processing Agreement

Data Processing Agreement for n8nchatui.com services.

This Data Processing Agreement ("DPA") forms part of the Terms of Service between n8nchatui.com ("Processor", "we", "us", or "our") and the user ("Controller", "you", or "your") of our services.

1. Definitions

  • "Personal Data" means any information relating to an identified or identifiable natural person.
  • "Processing" means any operation performed on Personal Data.
  • "Data Subject" means the individual to whom Personal Data relates.
  • "GDPR" means the General Data Protection Regulation (EU) 2016/679.

2. Scope and Purpose

This DPA applies only to Managed Widgets services where we act as a data processor. Standalone Widgets are self-managed and do not involve data processing by n8nchatui.com.

2.1 Data Processing Activities

We process Personal Data only to:

  • Provide and maintain managed widget services
  • Track service usage and credits
  • Ensure security and performance
  • Comply with legal obligations

3. Data Processing Details

3.1 Types of Personal Data

We may process:

  • Account information (email, authentication data)
  • Technical data (IP addresses, usage metrics)
  • Widget configuration settings
  • Webhook URLs

3.2 Duration of Processing

  • Account data: Until account deletion
  • Technical metrics: Until account deletion
  • Message data: Not stored (real-time processing only)

4. Data Security Measures

We implement appropriate technical and organizational measures to protect Personal Data, including:

  • Encryption in transit (TLS)
  • Secure authentication systems
  • Access controls and monitoring
  • Regular security updates

5. Sub-processors

We use sub-processors to provide our services. For a complete list of sub-processors, their purposes, and locations, see our GDPR Compliance page.

We will inform you of any intended changes concerning sub-processors and provide reasonable notice for objections.

6. Data Subject Rights

We will assist you in responding to Data Subject requests by:

  • Providing necessary information for compliance
  • Implementing appropriate technical measures
  • Responding to requests within 1-2 business days
  • Providing data in a structured, commonly used format

Contact: [email protected] (Data Protection Officer: Manoj Kumar)

7. Data Breach Notification

We will notify you without undue delay (within 72 hours) after becoming aware of a personal data breach, providing details about the nature, consequences, and measures taken.

8. Data Transfer

We process data in compliance with GDPR requirements, with primary processing within EU/EEA and appropriate safeguards for international transfers including Standard Contractual Clauses.

9. Return or Deletion of Data

Upon service termination, we will delete or return Personal Data as requested, unless legally required to retain copies.

10. Liability

Liability is limited as specified in our Terms of Service, subject to mandatory law requirements.

11. Modifications

We may update this DPA to reflect changes in our services, legal requirements, or security improvements.

Last updated: 4 September 2025.