Skip to main content

Privacy Policy

1. Overview

This Privacy Policy explains how BotSupport.ai (“we”, “us”, “our”) collects, uses, shares and protects personal data when:

(a) you visit our website (botsupport.ai) or contact us; and/or

(b) you use our BotSupport.ai software-as-a-service platform (the “Service”).

This policy is written for UK/EEA style privacy requirements, including UK GDPR and the Data Protection Act 2018. If you are located outside the UK, additional rights and rules may apply.

This Privacy Policy should be read alongside our Terms of Service and, where applicable, our Data Processing Addendum (DPA) for the Service.

2. Roles: when we are a controller and when we are a processor

2.1 Website and sales enquiries. We act as a data controller for personal data collected through our website, marketing activities, and sales/support enquiries.

2.2 Customer accounts. We act as a data controller for personal data relating to customer users who create and administer accounts (for example names, work emails, billing details and support communications).

2.3 End User chat data (most important). When you (a customer) deploy the chat widget on your website, you decide what personal data is collected and why (for example via chat messages and lead forms). In that context, you are generally the data controller for End User personal data and we act as a data processor on your behalf, processing that data only under your instructions (as set out in our DPA and configured settings/integrations).

3. What personal data we collect

3.1 Website visitors and enquiries (controller data)

  • Contact details you provide (for example name, email address, company name, phone number) when you request a demo, book a call, submit a form or email us.
  • Communications content (for example messages you send us and our replies).
  • Basic usage data about how you interact with our website (for example pages viewed and link clicks).
  • Marketing attribution data, such as UTM parameters in links (where used).

3.2 Service account and billing data (controller data)

  • Account information for Authorised Users (for example name, email, role/permissions).
  • Customer organisation details (for example company name and address).
  • Billing and payment-related information (for example invoices and subscription status). We do not intend to store full payment card details; payments are typically handled by third-party payment processors.
  • Support tickets and communications about the Service.

3.3 End User chat data and leads (processor data)

  • Chat messages submitted by End Users through the widget on your website.
  • Lead form data collected in chat (for example name, email, phone and any custom fields you configure).
  • Chat transcripts and related metadata needed to provide the Service (for example timestamps and conversation identifiers).
  • Product and content data you provide to build the Service knowledgebase (for example product catalogue fields, website text, PDFs and policy pages). This may include personal data if you include it in those sources.

Please do not submit special category data (for example health information) or payment card data in the chat unless you and we have agreed appropriate safeguards and configurations in writing.

4. How we use personal data and our lawful bases

4.1 Website and enquiry data (controller)

We use this data to:

  • provide demos, respond to enquiries and communicate with you (lawful basis: legitimate interests and/or steps prior to entering a contract);
  • operate and improve our website and services (legitimate interests);
  • send service-related messages and, where permitted, marketing communications (legitimate interests and/or consent, depending on the channel and jurisdiction).

4.2 Account and billing data (controller)

We use this data to:

  • create and manage customer accounts, provide access to the Service, and provide support (contract);
  • administer subscriptions, invoices and payments (contract and legal obligation);
  • prevent fraud, misuse and security incidents (legitimate interests and legal obligation where applicable).

4.3 End User chat data (processor)

We process End User chat data only to provide, maintain, secure and improve the Service, and to carry out the Customer’s documented instructions, such as:

  • generating chat responses and product recommendations based on the Customer’s configured knowledgebase and product data;
  • capturing and delivering leads and transcripts to destinations configured by the Customer (for example email and webhooks);
  • providing transcripts and analytics in the dashboard;
  • detecting and preventing abuse, spam, fraud, and security issues.

5. Cookies, analytics and tracking

We may use cookies and similar technologies on our website and within the Service to operate the site, remember preferences, measure performance, and attribute marketing. Where required by law (for example in the UK/EEA), we will ask for your consent before placing non-essential cookies on your device.

If you do not accept non-essential cookies, some functionality may be limited.

  • How to control cookies: you can use your browser settings to block or delete cookies. If we use a cookie banner, you can also manage preferences there.
  • UTM tracking: links may include UTM parameters to help attribute marketing and understand performance.

6. How we share personal data

We may share personal data with:

  • Service providers (sub-processors) who help us operate the Service (for example hosting, monitoring, email delivery and AI model providers).
  • Third-party integrations and webhook destinations that you, the Customer, choose to connect to the Service (for example CRM or automation platforms). In that case, you instruct us to transmit data to those destinations.
  • Professional advisers (for example legal, accounting) where necessary.
  • Authorities where we are legally required to do so.

We do not sell personal data.

7. International data transfers

Some of our suppliers and sub-processors may be located outside the UK (and/or may process data outside the UK). Where personal data is transferred internationally, we will use appropriate safeguards as required by law, such as the UK International Data Transfer Agreement (IDTA) and/or the UK addendum to the EU Standard Contractual Clauses.

8. Data retention

We retain personal data only for as long as needed for the purposes described in this policy, including to provide the Service, comply with legal obligations, resolve disputes and enforce agreements.

Retention for End User chat data and transcripts is controlled in part by Customer configuration and deletion requests (as described in the DPA). Backups (if any) may be overwritten on a rolling basis.

9. Security

We use reasonable administrative, technical and organisational measures designed to protect personal data against unauthorised access, loss, alteration or disclosure. However, no method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.

Customers are responsible for securing their own websites, integrations, webhook endpoints and email inboxes that receive transcripts/leads, and for ensuring End Users do not submit sensitive information unless appropriate safeguards are in place.

10. Your rights

Depending on your location and our role (controller or processor), you may have rights including:

  • Access: request a copy of personal data we hold about you.
  • Rectification: request correction of inaccurate or incomplete data.
  • Erasure: request deletion (in some circumstances).
  • Restriction: request limitation of processing (in some circumstances).
  • Objection: object to processing based on legitimate interests (in some circumstances).
  • Portability: receive certain data in a structured, commonly used format (in some circumstances).
  • Withdraw consent: where processing is based on consent.

How to exercise rights:

(a) If you are a website visitor or a Service account user, contact us using the details below.

(b) If you are an End User interacting with a Customer’s chat widget, you should contact the Customer directly (as they are typically the controller). We will assist Customers, as required, to respond to such requests under the DPA.

11. Complaints

If you have concerns, please contact us first so we can try to resolve them. If you are in the UK, you also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

12. Children

Our website and Service are not directed at children and are intended for business users. We do not knowingly collect personal data from children.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If changes are material, we will provide reasonable notice (for example by posting the updated policy on our website or notifying account administrators). The effective date at the top indicates when this policy was last updated.

E-commerce, finally simplified. No more scrolling through hundreds of filters or losing hours to search results. Just ask for what you want, and let our AI chat do the heavy lifting.

BotSupport.ai

Close Menu
Get my free demo