Terms & Conditions
1. About these Terms
1.1 These Terms of Service (the “Terms”) govern access to and use of the BotSupport.ai software-as-a-service platform, including the AI chat widget, dashboard, knowledgebase tooling, analytics, product recommendation features, lead capture, transcripts, and any related services (the “Service”).
1.2 By creating an account, installing the widget, starting a free trial, signing up via the pricing page, or otherwise using the Service, you agree to be bound by these Terms on behalf of the organisation you represent (“Customer”, “you”). If you do not agree, you must not use the Service.
1.3 These Terms are intended for business users only. You must not use the Service as a consumer.
1.4 If you have signed an order form, statement of work, or similar document that references these Terms (each an “Order”), the Order and these Terms form the agreement between you and BotSupport.ai (the “Agreement”). If there is a conflict, the Order prevails for the conflicting topic only.
2. Definitions
In these Terms:
“AI Output” means text, recommendations, product suggestions, summaries, links or other responses generated by the Service.
“Authorised Users” means your employees, contractors and agents permitted to access the Service under your account.
“Customer Data” means any data, content or information you or your End Users provide to the Service, including chat messages, website content, product catalogue data, PDFs, lead form entries and chat transcripts.
“End Users” means visitors to your website or other properties where you deploy the Service.
“Fees” means the subscription fees and any other charges payable for the Service to BotSupport.ai (excluding any third-party fees such as OpenAI usage fees).
“Personal Data” has the meaning given in UK GDPR.
“Platform Integrations” means third-party platforms and services you connect to the Service (for example Shopify, WooCommerce, WordPress, Wix, Squarespace, Webflow, CRMs, webhook receivers, automation tools, email delivery providers and analytics providers).
“Security Incident” means a confirmed breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Customer Personal Data processed by us on your behalf.
3. Eligibility and your responsibilities
3.1 Authority. You confirm that you have authority to bind the Customer to these Terms.
3.2 Account security. You are responsible for maintaining the confidentiality of credentials and for all activity under your account. You must promptly notify us of any unauthorised use.
3.3 Compliance. You are responsible for:
(a) your use of the Service and compliance with all applicable laws and regulations;
(b) obtaining all required consents and providing all required notices to End Users (including for cookies, tracking, and collection of Personal Data via chat, lead forms, transcripts and analytics);
(c) ensuring that your website content, policies and instructions to the Service are accurate, lawful and up to date; and
(d) implementing and maintaining your own appropriate security, backups and disaster recovery.
3.4 End Users. You are responsible for your relationship with End Users. We have no contractual relationship with End Users unless expressly stated.
3.5 Prohibited use. You must not (and must ensure Authorised Users and End Users do not) use the Service in breach of the Acceptable Use Policy in Schedule 1.
4. The Service
4.1 Service description. The Service provides an AI chat assistant that can answer questions using your website content and other sources you provide (such as product data and PDFs), recommend products, capture leads, send transcripts, and provide analytics.
4.2 Changes and updates. We may change, update, add or remove features or functionality to the Service from time to time, including to maintain security, comply with law, improve performance, or reflect product development. Updates may cause planned or unplanned downtime, degradations, bugs, regressions, or changes to behaviour, including changes in AI Output.
4.3 Trials and beta features. Free trials and beta features are provided “as is” and may be changed, suspended or withdrawn at any time.
4.4 Service communications. You agree we may send you operational emails relating to the Service (for example security notices, billing notices, maintenance notices, and product communications). You may opt out of marketing emails.
5. Subscription, Fees and payment
5.1 Fees and billing. Fees, billing frequency and any included usage limits will be as set out on our pricing page or in an Order. If there is any conflict, the Order prevails.
5.2 Third-party usage fees (OpenAI). Certain parts of the Service may use third-party AI model APIs (for example OpenAI). Where your plan requires you to pay OpenAI (or another provider) directly for AI responses, you are solely responsible for those third-party charges, billing arrangements, and any disputes with the third party. We do not provide any guarantee as to third-party pricing, availability, response quality, or continued access.
5.3 Taxes. Fees are exclusive of VAT and other taxes, which you must pay where applicable.
5.4 Payment. You must pay invoices by the due date. We may suspend access for late payment.
5.5 Price changes. We may change Fees for future billing periods by giving reasonable notice.
5.6 No refunds. Except where required by law or stated in an Order, all Fees are non-refundable and non-cancellable.
6. Licence and restrictions
6.1 Licence. Subject to your compliance with the Agreement and payment of Fees, we grant you a non-exclusive, non-transferable right to access and use the Service during the subscription term for your internal business purposes, and to deploy the chat widget on websites and domains you control and have registered within the Service.
6.2 Restrictions. You must not:
(a) copy, modify, or create derivative works of the Service (except to the extent permitted by law);
(b) reverse engineer, decompile or attempt to extract source code, models or underlying ideas;
(c) access the Service to build, benchmark, or train a competing product;
(d) use the Service to transmit malware, attempt unauthorised access, or probe, scan or test the vulnerability of any system (except with our prior written permission under a coordinated vulnerability disclosure); or
(e) bypass any access controls, rate limits, domain restrictions or other protective measures.
7. Customer Data and content
7.1 Your content. You retain all rights in Customer Data. You grant us a worldwide licence to host, copy, transmit, process, display and use Customer Data solely to provide, maintain, secure and improve the Service, and as otherwise permitted by the Agreement.
7.2 Instructions and accuracy. You are responsible for the completeness, quality and accuracy of Customer Data and for configuring the Service appropriately, including prompts, knowledgebase sources, topic restrictions and lead capture settings.
7.3 Backups and retention. You are responsible for maintaining your own backups of Customer Data. We do not guarantee that Customer Data will be recoverable, complete, or retained for any specific period, and you acknowledge that backups (if any) may be overwritten on a rolling basis.
7.4 Deletion. You can request deletion of Customer Data as described in the Data Processing Addendum (Schedule 2), subject to applicable law and reasonable operational constraints.
7.5 Feedback. If you provide suggestions or feedback, you grant us a perpetual, irrevocable licence to use it without restriction or compensation.
8. AI-specific terms and disclaimers
8.1 Probabilistic outputs. The Service uses AI technology that generates responses based on probabilities and patterns. AI Output may be inaccurate, incomplete, misleading, outdated, biased, or otherwise incorrect, and may occasionally produce content that is not appropriate for your use case.
8.2 No reliance. You must not rely on AI Output as a substitute for professional advice (including legal, medical, financial, compliance or safety advice). You are responsible for verifying AI Output before using it, publishing it, acting on it, or allowing End Users to act on it.
8.3 Product recommendations and pricing. Product recommendations, prices, availability, shipping information, returns details and other commercial information presented in AI Output may be wrong or outdated. You are responsible for ensuring that the Service does not misrepresent your products, prices or policies and for implementing appropriate checks, disclaimers and escalation paths.
8.4 Customer-controlled instructions. You control what sources are used, what the Service is allowed to answer, and what actions it takes (such as lead capture and webhooks). Misconfiguration may increase the risk of errors, inappropriate responses, data leakage, or unintended actions.
8.5 Safety controls. The Service may include content filtering and safety controls, but you acknowledge that no filtering is perfect. You remain responsible for monitoring and configuring outputs to your risk tolerance.
9. Third-party services and integrations
9.1 Third-party dependencies. The Service may depend on third-party services, including AI model providers, hosting providers and email delivery providers. Certain features may require Platform Integrations. We do not control third-party services and are not responsible for their acts or omissions.
9.2 Your relationship with third parties. Your use of Platform Integrations is governed by your agreements with those third parties. You are responsible for complying with their terms and for maintaining any required accounts, licences and permissions.
9.3 Data transfer to third parties. Where you enable an integration (including webhooks, email delivery, analytics, and ecommerce platform connections), you instruct us to transfer Customer Data to those third parties as part of providing the Service.
10. Availability, maintenance and support
10.1 No guaranteed uptime. Unless an Order expressly includes a service level agreement (SLA), the Service is provided without any guaranteed uptime, availability, performance, response times or support levels.
10.2 Maintenance windows. We may carry out planned maintenance, updates and upgrades. Planned maintenance may reduce or temporarily suspend availability.
10.3 Suspension. We may suspend access to the Service (in whole or part) immediately if we reasonably believe:
(a) your use poses a security risk to the Service or any third party;
(b) you are in material breach of the Agreement;
(c) required by law; or
(d) to prevent or mitigate a Security Incident, vulnerability exploitation, abuse or excessive load.
11. Security
11.1 Security measures. We maintain reasonable administrative, technical and organisational measures designed to protect Customer Data against unauthorised access, loss, alteration or disclosure. Details are described at a high level in Schedule 2.
11.2 No security guarantee. You acknowledge that no system is completely secure. We do not warrant that the Service will be free from vulnerabilities, uninterrupted, error-free, or immune from attack, exploitation, or unauthorised access.
11.3 Customer responsibilities. You must implement appropriate security on your side, including:
(a) secure administration of your website and platforms;
(b) least-privilege access to your BotSupport account;
(c) secure handling of leads and transcripts sent by email or webhook; and
(d) ensuring End Users do not submit sensitive information via chat (unless you have configured the Service and your policies accordingly).
11.4 Security features. The Service may include mechanisms such as domain-restricted embedding, rate limiting, and a password-protected dashboard. You acknowledge these are not guarantees of security and must be combined with your own controls.
12. Security incidents and vulnerability handling
12.1 Incident response. If we become aware of a confirmed Security Incident affecting Customer Personal Data processed by us on your behalf, we will notify you without undue delay and provide information reasonably necessary for you to meet your obligations under applicable law, in accordance with Schedule 2.
12.2 Remediation. We will use reasonable efforts to contain, investigate and remediate a Security Incident. You acknowledge that remediation may require temporary suspension, feature limitation, emergency maintenance or other changes.
12.3 Vulnerability disclosure. If you discover a potential vulnerability, you must notify us promptly and refrain from public disclosure until we have had a reasonable opportunity to investigate and address it.
13. Confidentiality
13.1 Confidential Information. Each party may receive the other party’s confidential information. Confidential Information includes non-public technical and business information, security details, pricing (unless public), and Customer Data.
13.2 Obligations. Each party will:
(a) use the other party’s Confidential Information only as needed to perform under the Agreement; and
(b) protect it using reasonable care, at least equivalent to the care it uses to protect its own confidential information.
13.3 Exceptions. Confidential Information does not include information that is public through no fault of the receiving party, independently developed, or rightfully received from a third party.
13.4 Compelled disclosure. A party may disclose Confidential Information where required by law, provided it gives notice where legally permitted.
14. Intellectual property
14.1 Our IP. We and our licensors own all rights, title and interest in and to the Service, including software, UI, models, algorithms, documentation, and any improvements.
14.2 Customer IP. You own Customer Data and your trademarks and branding.
14.3 Branding. We may identify you as a customer and use your name and logo for marketing unless you opt out in writing.
15. Warranties and disclaimers
15.1 As-is. To the maximum extent permitted by law, the Service (including any AI Output) is provided “as is” and “as available”.
15.2 No warranties. We disclaim all warranties, whether express, implied or statutory, including implied warranties of merchantability, fitness for a particular purpose, satisfactory quality, non-infringement and accuracy.
15.3 No guarantee of outcomes. We do not warrant that using the Service will increase sales, conversion rate, customer satisfaction, or reduce support workload, or that AI Output will be correct or suitable for any purpose.
16. Limitation of liability
16.1 Nothing in the Agreement limits or excludes liability for:
(a) death or personal injury caused by negligence;
(b) fraud or fraudulent misrepresentation; or
(c) any other liability that cannot lawfully be limited or excluded.
16.2 Subject to clause 16.1, to the maximum extent permitted by law, we will not be liable for any:
(a) loss of profits, revenue, business, contracts, goodwill, anticipated savings or opportunity;
(b) indirect or consequential loss;
(c) loss, corruption or unavailability of data;
(d) security vulnerabilities, data breaches, data exploits, service downtime, business interruption, failed integrations, or third-party failures; or
(e) any decisions, actions or omissions taken by you or any End User based on AI Output,
in each case arising out of or in connection with the Agreement, whether in contract, tort (including negligence), misrepresentation, restitution or otherwise.
16.3 Liability cap. Subject to clause 16.1, our total aggregate liability arising out of or in connection with the Agreement (including for Security Incidents) will not exceed the Fees paid or payable by you for the Service in the 12 months immediately preceding the event giving rise to the claim. If no Fees have been paid, our total liability will not exceed GBP 100.
16.4 Basis of bargain. You agree that the exclusions and limitations in this clause 16 reflect the allocation of risk and form an essential basis of the Agreement.
17. Indemnities
17.1 Customer indemnity. You will indemnify and hold us harmless from and against any claims, damages, losses, liabilities, costs and expenses (including reasonable legal fees) arising from or related to:
(a) Customer Data or your website content, products, policies, and instructions to the Service;
(b) your use of the Service in breach of the Agreement or applicable law;
(c) allegations that your use of the Service infringes third-party rights; or
(d) your relationship with End Users, including any claims by End Users.
18. Term and termination
18.1 Term. The Agreement starts when you first accept these Terms and continues until terminated.
18.2 Termination for convenience. Either party may terminate at the end of the current billing period by giving notice in accordance with account settings or an Order. Fees already paid are non-refundable (except as required by law).
18.3 Termination for cause. Either party may terminate immediately by notice if the other party commits a material breach and fails to cure within 14 days of notice (or immediately if not capable of cure).
18.4 Effect of termination. On termination:
(a) your licence to access the Service ends;
(b) you must stop deploying the widget;
(c) you remain responsible for all Fees owed; and
(d) we will handle Customer Data in accordance with Schedule 2.
19. Changes to the Terms
We may update these Terms from time to time. If changes are material, we will provide reasonable notice (for example by email or within the Service). Continued use after the effective date of the updated Terms constitutes acceptance.
20. Governing law and jurisdiction
These Terms and any disputes arising out of or in connection with them are governed by the laws of England and Wales. The courts of England and Wales have exclusive jurisdiction, except that either party may seek injunctive relief in any jurisdiction.
21. General
21.1 Entire agreement. The Agreement is the entire agreement between the parties regarding its subject matter and supersedes prior discussions.
21.2 Severability. If any provision is held invalid, the remaining provisions will remain in effect.
21.3 Assignment. You may not assign the Agreement without our prior written consent. We may assign the Agreement in connection with a merger, acquisition or sale of assets.
21.4 Force majeure. Neither party is liable for delay or failure to perform due to events beyond reasonable control.
21.5 No third-party rights. A person who is not a party to the Agreement has no rights under the Contracts (Rights of Third Parties) Act 1999.
21.6 Notices. Notices must be given by email to the addresses on file (or as specified in an Order) and are deemed received when sent, unless a bounce-back or delivery failure notice is received.
Schedule 1: Acceptable Use Policy
You must not (and must ensure Authorised Users and End Users do not) use the Service to:
- violate any applicable law or regulation, or any third-party rights;
- submit or process Special Category Data (such as health data) or payment card data unless you have our written approval and you implement appropriate controls;
- collect Personal Data from End Users without appropriate notice and a lawful basis (including consent where required);
- transmit malware, spam, or any content that is unlawful, harmful, threatening, abusive, harassing, defamatory, obscene or otherwise objectionable;
- impersonate any person or misrepresent affiliation;
- attempt to gain unauthorised access to the Service or related systems, or to test or scan systems without permission;
- interfere with or disrupt the Service, including by circumventing rate limits or using automated scraping;
- use the Service in high-risk activities where errors could reasonably be expected to lead to death, personal injury, or severe physical or environmental damage (for example, emergency response, medical diagnosis, critical infrastructure).
We may suspend or terminate access for violations of this policy.
Schedule 2: Data Processing Addendum (UK GDPR)
This Schedule applies where we process Personal Data on your behalf as a processor.
1. Roles
1.1 You are the controller (or processor acting on behalf of a controller) of Customer Personal Data. We are the processor of Customer Personal Data.
2. Processing details
2.1 Subject matter: provision of the Service.
2.2 Duration: the subscription term plus any period required for lawful retention or to support deletion workflows.
2.3 Nature and purpose: hosting, retrieval, AI-assisted answering, product recommendations, lead capture, analytics, and sending transcripts/leads to destinations you configure.
2.4 Types of Personal Data: may include names, emails, phone numbers, chat messages, and any Personal Data End Users provide in chat.
2.5 Categories of data subjects: your End Users and your staff users.
3. Processor obligations
We will:
(a) process Customer Personal Data only on your documented instructions (including those set by configuring the Service and integrations);
(b) ensure personnel are bound by confidentiality;
(c) implement appropriate technical and organisational measures;
(d) not engage another processor without meeting the requirements of UK GDPR;
(e) assist you (to the extent reasonably possible) with data subject requests, DPIAs, and security consultations;
(f) notify you of a Security Incident without undue delay;
(g) at your choice, delete or return Customer Personal Data at the end of the provision of services, unless law requires retention; and
(h) make available information reasonably necessary to demonstrate compliance, subject to reasonable confidentiality and security restrictions.
4. Sub-processors
4.1 We may use sub-processors (for example, hosting providers, AI model providers, and email delivery providers).
4.2 Current sub-processors (fill in and keep updated):
| Sub-processor | Purpose | Location(s) |
| Digital Ocean | Hosting and storage | US |
| OpenAI | AI model inference | US |
| smtp.com | Authenticated email delivery (transcripts/leads) | US |
| [Customer-configured webhook destination] | Lead/transcript delivery via webhook | [Varies] |
4.3 We will maintain a list of sub-processors and provide notice of material changes.
4.4 You may object to a new sub-processor on reasonable grounds within 10 days of notice; if we cannot reasonably accommodate the objection, either party may terminate the affected Service.
5. International transfers
5.1 Where Customer Personal Data is transferred outside the UK, we will ensure appropriate safeguards are in place (for example the UK IDTA and/or addendum to SCCs), as required by law.
6. Security measures (high level)
6.1 Measures may include (as appropriate): access controls; authentication; encryption in transit; monitoring; rate limiting; logical separation of customer data; and secure backups for our operational needs.
6.2 You acknowledge that certain security mechanisms may be described in product documentation, including domain-restricted embedding, rate limiting, and a password-protected dashboard.
7. Audit
7.1 You may audit our compliance no more than once per year upon 30 days’ notice, during business hours, and subject to confidentiality. Audits must not unreasonably disrupt our operations. You will bear your own costs and reimburse our reasonable costs for time spent supporting the audit.
8. Deletion and retention
8.1 We will delete or return Customer Personal Data in accordance with your instructions and our retention policies, subject to legal requirements and reasonable operational constraints (for example backups that are overwritten on a rolling basis).