Privacy Policy

1. Introduction

AI Chat for Business ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered chatbot platform and related services.

This policy applies to our website, SaaS platform, mobile applications, and all related services (collectively, the "Services").

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, password, organization details
• Profile Data: Display name, avatar, bio, preferences
• Payment Information: Billing address, payment method details (processed by Stripe)
• Content Data: Documents, knowledge base content, chatbot configurations
• Communication Data: Support tickets, feedback, correspondence

2.2 Automatically Collected Information

• Usage Data: Feature usage, session duration, interaction patterns
• Technical Data: IP address, browser type, device information, operating system
• Performance Data: Response times, error logs, system performance metrics
• Analytics Data: Page views, click paths, user flows

2.3 Third-Party Integration Data

• Google Drive: File metadata, access tokens, account information
• Notion: Workspace data, page content, user permissions
• HubSpot: Contact data, lead information, CRM integration data
• Shopify: Store information, product catalog, order data, customer information
• OAuth Providers: Profile information from connected accounts

3. How We Use Your Information

• Service Provision: Operate, maintain, and improve our AI chatbot platform
• Account Management: Create and manage user accounts, authentication, billing
• AI Training: Improve chatbot responses and platform functionality
• Customer Support: Respond to inquiries, provide technical assistance
• Communication: Send service updates, security alerts, marketing communications
• Analytics: Analyze usage patterns, measure performance, generate insights
• Security: Detect fraud, prevent abuse, ensure platform security
• Legal Compliance: Meet regulatory requirements, respond to legal requests
• Referral Tracking: Process referral codes to attribute new signups and calculate commissions
• Channel Delivery: Route messages through external platforms (Meta, Telegram, Slack, Discord)
• Shopify Actions: Execute store actions on your behalf (discounts, order management)
• Long-Term Memory: Store conversation context for improved bot continuity

4. Information Sharing and Disclosure

4.1 We Do Not Sell Personal Data

We do not sell, rent, or trade your personal information to third parties for monetary consideration.

4.2 Permitted Disclosures

• Service Providers: Trusted third parties who assist in service delivery
• Business Transfers: In connection with mergers, acquisitions, or asset sales
• Legal Requirements: When required by law, court order, or government request
• Safety and Security: To protect rights, property, or safety of users and others
• Consent: With your explicit consent for specific purposes

5. Data Storage and Security

5.1 Data Storage

Your data is stored securely using industry-standard cloud infrastructure provided by Supabase and hosted on secure servers. We implement encryption at rest and in transit.

5.2 Security Measures

• End-to-end encryption for sensitive data
• Multi-factor authentication (MFA) support
• Regular security audits and penetration testing
• Access controls and role-based permissions
• Continuous monitoring and threat detection
• AI Conversation Safeguards: AI-powered conversations include built-in protections to prevent the disclosure of system configurations (such as bot instructions and settings). While these safeguards are effective against most extraction attempts, they cannot guarantee absolute prevention due to inherent limitations of AI technology. See our Terms of Service, Section 6 for full details.

6. Data Retention

• Account Data: Retained while your account is active
• Usage Data: Typically retained for 2 years for analytics purposes
• Content Data: Retained until you delete it or close your account
• Referral Data: Retained while your account is active plus 2 years for tax and audit purposes
• Legal Hold: May be retained longer if required by law or legal proceedings
• Backups: May persist in backups for up to 90 days after deletion
• Plan Downgrade Data: When you downgrade to a lower plan, resources exceeding the new plan's limits are deactivated and retained for 30 days before permanent deletion
• Cancelled Account Data: Upon subscription cancellation, your data is retained during a reasonable transition period, then deactivated resources are held for 30 days before permanent deletion
• Team Member Data: If team members lose access due to a plan change, their personal profiles are retained independently; only their organizational access and role data are removed
• Channel Data on Downgrade: External channel configurations deactivated due to a plan change follow the same 30-day retention period before permanent deletion

7. Your Privacy Rights

7.1 Access and Control

• Access: Request copies of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your personal data
• Portability: Export your data in a machine-readable format
• Restriction: Limit how we process your data
• Pre-Cancellation Export: Export your data before cancelling your subscription; post-cancellation export availability may be limited to the transition period

7.2 Regional Rights

GDPR (EU/EEA): Right to data portability, right to be forgotten, right to object

CCPA (California): Right to know, right to delete, right to opt-out of sale

Other Jurisdictions: Additional rights may apply based on your location

8. Cookies and Tracking

8.1 Types of Cookies

• Essential: Required for basic platform functionality
• Analytics: Help us understand how you use our services
• Preference: Remember your settings and preferences
• Marketing: Deliver relevant advertisements and content

8.2 Cookie Management

You can control cookies through your browser settings. However, disabling certain cookies may affect platform functionality.

9. Meta Platform Integration (Instagram, Messenger & WhatsApp)

9.1 Meta Platform Data

Our platform integrates with Meta's APIs to provide AI-powered customer service automation on Instagram, Facebook Messenger, and WhatsApp. When you connect your Meta Business accounts, we access and process the following data:

• Message Content: Text of messages sent to your business accounts
• Sender Information: User IDs, phone numbers (WhatsApp), usernames (not personal profile data)
• Conversation Metadata: Timestamps, message counts, conversation IDs
• Page/Account Information: Connected Business Account IDs and linked Page IDs

9.2 How We Use Meta Platform Data

• AI Response Generation: Process incoming messages to generate automated chatbot responses
• Conversation Management: Maintain conversation context for coherent multi-turn dialogues
• Analytics: Provide aggregated, anonymized insights on chatbot performance (response times, conversation volume)
• Service Improvement: Improve AI response quality based on de-identified interaction patterns

9.3 Meta Data Retention and Deletion

• Active Conversations: Retained while your channel is connected
• Disconnection: When you disconnect a Meta channel, associated message data is deleted within 30 days
• User Deletion Requests: We honor Meta's data deletion callbacks and remove user data promptly
• Deauthorization: When users revoke access via Meta, all associated data is automatically purged

9.4 Meta Data Sharing

We do not share, sell, or transfer Meta user data to any third parties. Data is only used for the purposes described above and is processed solely to provide AI chatbot services to your Business Accounts.

9.5 Your Rights Regarding Meta Data

• Access: Request a copy of conversation data associated with your account
• Deletion: Request deletion of all Meta-related data at any time
• Disconnection: Revoke access through your Meta settings or our platform
• Portability: Export conversation transcripts in standard formats

9.6 Compliance with Meta Platform Terms

Our use of Meta Platform data complies with Meta's Platform Terms and Developer Policies. We undergo regular reviews to maintain compliance with Meta's data handling requirements.

10. Multi-Channel Data Processing

When you deploy bots across multiple channels, we collect and process data specific to each platform:

Channel data is stored separately per organization and is never shared across tenants. You can disconnect any channel at any time, which triggers data deletion within 30 days.

11. Shopify Integration Data

11.1 Data We Access

When you connect your Shopify store, we access the following data:

• Store Information: Store name, domain, timezone, currency settings
• Product Catalog: Product titles, descriptions, prices, inventory status
• Order Data: Order IDs, statuses, shipping information (for customer inquiries)
• Customer Information: Names, emails (only for order-related bot interactions)

11.2 How We Use Shopify Data

• Enable bots to answer product questions accurately
• Provide order status updates to customers
• Apply discount codes when configured
• Process shipping inquiries
• Log bot-initiated actions for audit purposes

11.3 Shopify Data Sharing

We do not share Shopify data with third parties except as necessary for AI processing (OpenAI) under strict data processing agreements. Your store data is never used to train general AI models.

11.4 Shopify Data Deletion

You can disconnect Shopify at any time through your dashboard. Upon disconnection, all Shopify-related data is deleted within 30 days, except for audit logs which may be retained for compliance purposes. Shopify's Privacy Policy also applies to data processed through their API.

12. Referral Program Data

12.1 Data We Collect

When you participate in our referral program, we collect and process:

• Referrer Information: Your user ID, referral code, tier status
• Referral Attribution: Referred user ID, signup date, subscription status
• Commission Data: Commission amounts, credit balances, clawback history
• Statistics: Total referrals, conversion rates, earnings history

12.2 How We Use Referral Data

• Track and attribute new signups to referrers
• Calculate commission credits based on tier and payment amount
• Apply credits to your invoices
• Detect and prevent referral fraud or abuse
• Provide referral statistics in your dashboard

12.3 Referral Data Retention

Referral data is retained for as long as your account is active plus 2 years for tax and audit purposes. Aggregate, anonymized referral statistics may be retained indefinitely for program analysis.

13. AI Memory and Knowledge Processing

13.1 Document Processing

Files you upload (PDF, DOC, TXT, etc.) are processed to extract text and generate embeddings for semantic search. This enables your bot to find relevant information from your knowledge base.

• Document content is processed by our AI providers (OpenAI) to generate embeddings
• Embeddings are stored in our database for fast semantic search
• Document content is never shared with other organizations
• You can delete documents at any time; they are removed from search indexes within 24 hours

13.2 Long-Term Memory

Our platform may use external services (Supermemory) to store conversation context for improved bot continuity across sessions:

• Conversation summaries may be stored to provide context in future interactions
• Memory is isolated per bot and organization
• You can clear bot memory at any time through your dashboard

13.3 Bot Memory Facts

Static facts you configure (business hours, policies, FAQs) are stored and included in bot responses. These facts are stored in our database and are fully under your control.

14. Other Third-Party Services

14.1 Integrated Services

• Stripe: Payment processing (subject to Stripe's privacy policy)
• OpenAI: AI processing for chat responses and embeddings
• Google: Drive integration, authentication services
• Notion: Content import and synchronization
• HubSpot: CRM integration and lead management
• Resend: Transactional email delivery (invitations, alerts, notifications)
• Supermemory: Long-term conversation memory storage
• Mixpanel: Usage analytics and performance monitoring
• Sentry: Error monitoring and debugging

14.2 Data Processing Agreements

We maintain data processing agreements with third-party processors to ensure your data is handled according to applicable privacy laws and our standards.

15. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) for EU data transfers
• Adequacy decisions by relevant data protection authorities
• Certification schemes and codes of conduct
• Other legally recognized transfer mechanisms

16. Children's Privacy

Our services are not directed to children under 13 (or 16 in the EU). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

17. Privacy Policy Changes

We may update this Privacy Policy periodically. Significant changes will be communicated through:

• Email notification to registered users
• Prominent notice on our platform
• Updated "Last Modified" date

Continued use of our services after changes constitutes acceptance of the updated policy.

18. Data Breach Notification

In the event of a data breach that poses a risk to your personal data, we will notify affected users within 72 hours of discovery, as required by applicable law. Notifications will include details about the breach, potential impact, and steps being taken to address it.

19. Contact Information

20. Supervisory Authority

If you are located in the EU/EEA, you have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights. Contact information for EU data protection authorities can be found at https://edpb.europa.eu/about-edpb/board/members_en