privacy policy

What we collect, and what we don't.

The short version: we collect what's needed to run your chatbot, we never sell it, and you can ask for your data or its deletion at any time. We act as a data processor for end-user data managed by our business customers. The full version follows. Last updated October 27, 2025.

What Data We Collect

Account Holders (Businesses/Users)

  • Name, email, phone, company details
  • Payment information (processed through secure providers)
  • Usage data (login IP, browser type, session ID)

End-Users (Chat Interactions)

  • Chat content (messages and responses)
  • Metadata (timestamps, device info, session ID, IP address)
  • Inferred data (conversation intent)
  • No sensitive data collected unless specifically configured

Automatic Collection

  • Cookies for analytics
  • Session IDs and IP addresses for monitoring
  • We never sell this data

How We Use Your Data

  • Deliver and improve our services (routing chats, personalizing AI responses)
  • Send important communications (updates, support, billing)
  • Enhance platform through de-identified, aggregated usage data
  • Prevent fraud and comply with legal obligations

Data Storage & Retention

Storage

  • Google Cloud servers with AES-256 encryption
  • Encrypted at rest and in transit
  • Session IDs and IP addresses collected as metadata

Retention Policy

  • Account data: Active subscription period
  • Chat logs: 12-24 months for service delivery
  • Inactive accounts: Deactivated after 6 months
  • Early deletion available upon request

Third-Party Vendors

  • AI/Processing: OpenAI, DeepSeek
  • Storage/Search: Pinecone, Google Cloud
  • Payments: Razorpay

Your Rights & Control

  • Access & Correction: Request your data copy or corrections
  • Deletion & Opt-Out: Delete data or opt out of analytics (30-day processing)
  • Data Portability: Export data in standard format
  • No Penalties: Exercise rights freely without consequences

Security Measures

  • AES-256 encryption (at rest & in transit)
  • Role-based access controls
  • Regular security audits
  • 72-hour breach notifications

Questions