Privacy Policy

This policy covers two groups of people:

• Account holders — people who sign in and build bots. For your data, we are the data controller.
• Widget visitors— people who chat with a bot embedded on a customer's website. For conversations and leads, the site owner who deployed the widget is the controller and we process the data on their behalf.

Account data. When you sign in with Google we receive your name, email address, and profile picture. We use this to create and secure your account and to send you transactional email (e.g. a welcome message or lead alerts).

Content you train on.Pages you crawl, text you paste, files you upload, and Q&A pairs are stored in our database along with vector embeddings of that content, so your bot can answer questions from it.

Conversations and leads. Messages exchanged with your bots (in the dashboard playground or the embedded widget) are stored so you can review them. If you enable lead capture, visitor names and email addresses are stored and emailed to you.

Billing data. Paid subscriptions are handled by Dodo Payments. We store your plan, subscription status, and a subscription identifier — never your card details.

Usage analytics. We run lightweight first-party analytics on our own site: page path, referrer, IP address, country, browser user agent, and device type. We use this to understand traffic to our site. Pages on our site also load a small indexing pixel from IndexerNow (see below); we do not use advertising trackers.

• Operate the service: train bots, answer chat questions, render the widget.
• Secure the service: rate limiting, abuse prevention, debugging.
• Communicate with you: transactional email such as lead alerts and transcripts.
• Bill paid plans through our payment processor.
• Understand site traffic via first-party analytics.

We do notsell personal data, and we do not use your content or your visitors' conversations to train our own machine-learning models.

We share data with a small set of providers, only to run the service:

• OpenAI— your trained content is embedded, and chat questions (with relevant excerpts of your content) are sent to OpenAI's API to generate answers. Per OpenAI's API terms, this data is not used to train their models.
• Google — sign-in via Google OAuth.
• Dodo Payments — subscription billing and payment processing.
• Mailroo — transactional email delivery.
• IndexerNow— an indexing pixel on our site's pages that receives the URL of the page you visit, used to help search engines and AI crawlers discover our content.
• Hosting and network infrastructure — the servers and proxy layer that run the app and database.

We use only essential cookies: a session cookie to keep you signed in and a CSRF token to protect the sign-in flow. There are no advertising or cross-site tracking cookies. The embedded widget does not set cookies on visitors' browsers for tracking.

• Training sources and embeddings are deleted when you delete the source or the bot.
• Conversations and leads are deleted when the bot they belong to is deleted.
• Account data is kept while your account exists. To delete your account and everything in it, email us at the address below.
• Analytics records are retained for internal trend reporting.

Depending on where you live (e.g. under GDPR or CCPA), you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. Email us and we'll honor verified requests. If you chatted with a bot on someone else's website, contact that site's owner first — they control that data — and we'll assist them in fulfilling your request.

Data is stored in a managed Postgres database, transmitted over HTTPS, and access to production systems is restricted. No system is perfectly secure, but if we learn of a breach affecting your personal data we'll notify you as required by law.

The service is not directed at children under 16, and we don't knowingly collect their personal data. If you believe a child has provided us data, contact us and we'll delete it.

We may update this policy as the service evolves. Material changes will be posted here with a new “last updated” date. See also our Terms of Service.

Privacy questions or requests: [email protected].