Mevo is GDPR Compliant
At Mevo, user privacy and data protection are core values — not afterthoughts. As a user-centric platform, we're committed to full compliance with the General Data Protection Regulation (GDPR) and to providing our users with transparency, control, and security when it comes to their data.
✅ We use trusted, GDPR-conscious providers
We only work with third-party services that follow strict privacy and security practices:
- OpenAI – Powers chatbot AI. We don’t send personal data for model training.
- Stripe – Handles billing and subscriptions with full PCI-DSS compliance.
- Brevo – Sends transactional emails through GDPR-compliant infrastructure.
- DigitalOcean – Hosts our servers and databases in the Frankfurt (EU) region.
- Countly – Used for product analytics and error tracking.
- Google APIs – Used for login only, and only if the user opts in.
All subprocessors listed above maintain GDPR-aligned practices to the best of our knowledge.
🔐 Your data is never used to train AI
Mevo does not use your data to train any models, including those provided by OpenAI. Your content, flows, user messages, and uploaded materials stay private and are only used to operate your chatbot as configured by you.
🧾 Clear consent is required

Before a user begins a conversation with a Mevo-powered chatbot, they are presented with a simpleconsent message at the footer of the chatbot, and a link to our privacy policy letting them know that their inputs may be processed for the purpose of assisting their request.
You define what data your chatbot collects — Mevo doesn’t collect anything by default.
🗂️ You control your data

- You can request data deletion or export at any time by contacting us at hi@usemevo.com
- If your users request their data to be deleted, you can remove it yourself via the dashboard or ask us to delete it on your behalf.
- We respond to all GDPR-related requests within 30 days.
🧱 Secure by design
We take security seriously. Mevo is built with:
- Encrypted storage and transfer (TLS, at-rest encryption)
- Role-based access controls (RBAC)
- Self-hosted monitoring tools
- Hosting infrastructure located entirely within the European Union (Frankfurt, Germany)
📄 Want a DPA?
We offer a standard Data Processing Agreement (DPA)that outlines our responsibilities as a data processor under GDPR. If you're a business operating in the EU or handling EU citizens’ data, feel free to request it here.
✅ Summary
Whether you're a small business, a digital agency, or a large team operating in Europe, Mevo is designed to help you build powerful chatbots without compromising on privacy.
Have questions? Want to make sure your own usage of Mevo is GDPR-compliant?
Reach out to us at hi@usemevo.com — we’re happy to help.