Privacy Policy
Last updated: December 14, 2024
1. Introduction
ChattyBox ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.
2. Information We Collect
2.1 Account Information
When you create an account, we collect:
- Name and email address
- Profile picture (if provided via OAuth)
- Authentication credentials (managed by Clerk)
2.2 Billing Information
When you subscribe to a paid plan, we collect:
- Payment card details (processed securely by Stripe)
- Billing address
- Transaction history
Note: We do not store your full credit card number. Payment processing is handled by Stripe.
2.3 Content You Provide
When using our service, we collect:
- Website URLs you choose to scrape
- Scraped content from your websites
- Chat conversations from your chatbot widgets
- Widget customization settings
2.4 Automatically Collected Information
We automatically collect:
- IP addresses and device information
- Browser type and version
- Usage patterns and feature interactions
- Error logs for debugging
3. How We Use Your Information
We use collected information to:
- Provide, operate, and maintain the Service
- Process transactions and send billing communications
- Generate AI responses based on your scraped content
- Improve and personalize your experience
- Communicate about updates, security alerts, and support
- Detect and prevent fraud or abuse
- Comply with legal obligations
4. Third-Party Services
We share data with the following third-party services:
| Service | Purpose | Data Shared |
|---|---|---|
| Clerk | Authentication | Email, name, OAuth tokens |
| Stripe | Payment processing | Billing details, payment methods |
| Mistral AI | AI chat responses | Chat messages, scraped content context |
| Convex | Database & backend | All application data |
| Cloudflare | Hosting & CDN | IP addresses, request logs |
Each third party has their own privacy policy governing their use of your data.
5. Data Retention
We retain your data as follows:
- Account data: Until you delete your account
- Scraped content: Until you delete the project or account
- Chat conversations: 90 days, or until project deletion
- Billing records: As required by law (typically 7 years)
- Logs: 30 days for operational logs
6. Your Rights
Depending on your location, you may have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate data
- Erasure: Request deletion of your data ("right to be forgotten")
- Portability: Receive your data in a machine-readable format
- Object: Object to certain processing of your data
- Restrict: Request limited processing of your data
To exercise these rights, contact us at [email protected]
7. Data Security
We implement security measures including:
- Encryption of data in transit (TLS) and at rest
- Secure authentication via Clerk
- Regular security audits and updates
- Access controls and monitoring
However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.
8. Cookies
We use cookies for:
- Essential cookies: Authentication and session management
- Analytics cookies: Understanding usage patterns (if applicable)
You can control cookies through your browser settings. Disabling essential cookies may affect Service functionality.
9. Children's Privacy
The Service is not intended for users under 16 years of age. We do not knowingly collect data from children. If we learn we have collected data from a child, we will delete it promptly.
10. International Data Transfers
Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers, including standard contractual clauses where applicable.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification. The "Last updated" date at the top indicates when the policy was last revised.
12. Contact Us
For privacy-related inquiries:
- Email: [email protected]
- Data Protection Officer: [email protected]
13. GDPR (EU Users)
If you are in the European Economic Area, we process your data under the following legal bases:
- Contract: To provide the Service you requested
- Legitimate interest: To improve our Service and prevent fraud
- Consent: Where you have given explicit consent
- Legal obligation: To comply with applicable laws
You have the right to lodge a complaint with your local data protection authority.