Learn what is the Crisp Cookie Policy.

The website, Crisp.chat, does not collect personal identifiable cookies when you visit us. We do collect anonymous information, such as, for example, how often website visitors engaged with our website.

Crisp collects only the necessary and functionality cookies related to its software app and chatbox in order to make those products available to the users. 

By default, Crisp does not collect any tracking cookies. Not via its own website, nor through its applications. The cookies that are collected via the chatbox and app are for messaging and functionality purposes, as described below. 

However, as a Crisp customer you may be able to use the Crisp software products and chatbox for tracking your users (e.g. via segments you push from the $crisp JavaScript SDK). Note that each customer using Crisp software products or Chatbox are responsible for obtaining the appropriate consent from your users. 

**The Crisp chatbox, that is running on our own website, as well as on the websites of our customers and app uses the following cookies : **

• Cookies are necessary for chatbox functionalities; they are needed to restore the chat session and messages of a chatbox user when browsing between website pages and/or coming back on the website a few days after.
• We chose cookies over LocalStorage or SessionStorage because this is the only technical solution allowing us to keep the chat consistent across your domain and subdomains
• Cookies have a default expiration time of 6 months, which is renewed if and when the user comes back to the website and loads the chatbox.
• Cookies bind an user to a single session. If that session contains messages, it is permanent (unless deleted by a website agent); otherwise the session is temporary and is destroyed 30 minutes after the last website access.
• Cookies are not used for tracking purposes. They are solely used to bind an user to a server-side session storage, which is then used for messaging purposes, in the event either the user or a website agent starts a conversation.
• The user IP address is stored in the server-side session storage that's bound to the cookie. If the user leaves without using the chatbox messaging features, the session (and thus the IP address) will be automatically removed from Crisp servers upon session expiration (ie. 30 minutes after last access; as stated above).

The user IP address is kept indefinitely in the event the user started a chat session with a website on Crisp. We are legally required by the law of France to log those IPs in the event of a legal request (for a minimum duration of 1 year). Though, we keep those IP address longer as we need to aggregate them to protect our chatbox service against botnets and spam attacks, which occur frequently. The Crisp service could not function at the level our customers expect from us without statistics on those collected IP.

Cookie name and expiration

Crisp Chatbox cookies use the crisp-client/* prefix. They are required to restore the visitor's message history and avoid creating a new conversation on every page view.

By default, Crisp cookies expire after 6 months. The expiration is renewed when a visitor with an existing cookie returns to a page where the chatbox loads.

You can customize the cookie expiration with the CRISP_COOKIE_EXPIRE variable. See the Cookie Policies developer guide for implementation details.

Note that we do not set any tracking cookie, all the cookies with the prefix crisp-client/ are used for technical or chatbox service purposes only.

IP address handling

When a visitor loads the chatbox, Crisp can bind the visitor session to server-side session storage. If the visitor does not start a conversation, temporary session data is removed after session expiration. If the visitor starts a conversation, the session and related technical information are kept so the conversation can be operated, secured, and audited.

Crisp also uses technical information such as IP addresses to help protect the chatbox service against abuse, bot traffic, and spam.

Total Privacy Mode

Some entities may have stricter data privacy guidelines or regulations in place. To help them enforce and comply with these policies, a Total Privacy mode can be found in:

• Settings > Chatbox Settings > Chatbox Security

This setting defers initialization of the session until the user manually opens the chatbox to start a conversation. When enabled, Crisp will not set any cookie on the user's session until they've interacted with the chatbox.

Alternatively, teams can also freely lock the loading of the chatbox behind cookie-consent management tools (such as "Cookiebot" and alikes) to delay the loading until users have given their consent.

For more information about the privacy rights of the customers and access rights related to cookies, please read the privacy policy. 

Where to go next

Use the developer documentation below when you need to tune chatbox cookie behavior or explain Crisp networking requirements internally.

Useful resources:

• Cookie Policies developer guide → configure cookie domain and expiration
• Session Continuity developer guide → associate conversations with authenticated users
• Whitelisting Crisp systems → review Crisp domains, IPs, and user agents

Updated on: 04/05/2026