← Вернуться к списку постов

Building a Legally Compliant Data-Collection Chatbot with Botman.one

Статья | 18 April 2025

1. Preparation: Goals, Data, and Legal Requirements

Before development, define:

  • Data to collect:

    • Basic (name, phone) → simple consent suffices.

    • Sensitive (passport, health data) → explicit consent + encryption required.

  • Processing purposes:

    • Marketing, orders, support → must be stated in the Privacy Policy.

Legal frameworks:

  • 152-FZ (Russia):

    • Publicly available Privacy Policy.

    • Roskomnadzor registration (if not exempt).

  • GDPR (EU):

    • Right to erasure.

    • Record of consent.

2. Building the Bot in Botman.one: Step-by-Step

Step 1. Designing the Conversation Flow

Example scenario for lead generation:

  1. Greeting:
    "Hello! May I have your name?" → Save as {{name}}.

  2. Phone request:
    "{{name}}, please share your phone number for contact." → Validate format (regex).

  3. Consent:

    • Button: "I agree to data processing" + Privacy Policy link.

    • Alternative: Checkbox + text:
      "By clicking ‘Submit’, you agree to our <a href='...'>Privacy Policy</a>."

Key points:

  • If consent is denied → bot terminates the conversation.

  • Data without consent is not stored.

Step 2. Data Storage Integration

Botman.one supports:

  • Google Sheets:

    • Columns: Name, Phone, Consent Date.

  • CRM (AmoCRM, Bitrix24):

    • Use APIs to transfer data + consent status.

Automation:

  • New contact → consent check → CRM entry.

Step 3. Privacy Policy and Consent Proof

  • Privacy Policy:

    • Host on your website → link in the bot.

    • Template content:

      Copy

      1. Data collected: Name, phone.  
2. Purpose: Order processing.  
3. Retention: 3 years.  
4. User rights: Revoke consent via /optout.

  • Consent logs:

    • Botman.one saves chat logs → use as legal proof.

3. Legal Compliance Checklist

Before launch, verify:

  • Explicit consent (checkbox/button).

  • Privacy Policy accessible via bot and website.

  • Data encryption (HTTPS/SSL).

  • Internal documentation:

    • Data Processing Officer appointment order.

    • Data processing register.

  • Opt-out mechanism (e.g., /stop command).

4. Case Studies

Case 1: E-Commerce Store

  • Goal: Collect callback requests.

  • Botman.one implementation:

    1. Bot asks for name and phone.

    2. Displays "I agree" button + Policy link.

    3. Data sent to AmoCRM tagged "Consent obtained."

  • Result:

    • 25% higher conversion (vs. website forms).

    • No regulatory penalties.

Case 2: Medical Clinic

  • Challenge: Sensitive health data.

  • Solution:

    • Two-step consent:

      1. General: "Do you consent to data processing?"

      2. Specific: "May we use this for doctor appointments?"

    • Encrypted storage.

5. Common Pitfalls & Fixes

  1. No consent records

    • Fix: Enable Botman.one chat logging.

  2. Overly complex dialogs

    • Rule: Max 5 fields + consent.

  3. Ignoring opt-outs

    • Solution: Add /optout command for data deletion.

Pre-Launch Verification

  1. Test run: Complete the dialog as a user → check:

    • Email/SMS confirmation.

    • CRM consent tagging.

  2. Legal review: Have a lawyer verify Policy compliance.

Key Benefits

  • Speed: Botman.one bots deploy in 1–3 days.

  • Security: Built-in compliance tools.

  • Efficiency: Saves up to 70% of staff time.

Getting started:

  1. Sign up at Botman.one → select "Data Collection" template.

  2. Design dialog + CRM integration.

  3. Add consent and Privacy Policy.

Critical: Even simple bots must comply with laws. Spend 2 hours on legal setup to avoid $4,000+ fines.