Chatbot Builder
English
Version 3.0 — GDPR-aligned AI SaaS framework. This document is not legal advice.
This Privacy Policy describes how Kitebots (“we,” “us”) processes personal data, including in accordance with the EU/UK General Data Protection Regulation (GDPR). It is provided for informational purposes; you should have a licensed attorney review it for your jurisdiction. By using the Service, you acknowledge this Policy.
Account (client) data: For personal data of the account owner, administrators, and team members of a Kitebots subscription, Kitebots acts as the data controller and determines how that data is processed to operate the Service.
End-user conversation data: For chat messages, inputs, and related metadata from visitors who interact with chatbots you deploy, you (the customer) are typically the data controller and Kitebots acts as a data processor, processing that data on your documented instructions. A Data Processing Addendum (DPA) governs that relationship and is available at /dpa.
Data Protection / Privacy contact: privacy@kitebots.com.
Account data: name, email address, billing details, authentication identifiers (e.g. Cognito user id), and configuration you provide.
End-user data from deployed chatbots: chat message content, visitor identifiers, IP address and approximate location, device/browser signals, referrer, timezone, locale, and any details a visitor submits in a lead form (such as name, email, phone, company).
Usage and technical data: log data, feature usage, and diagnostic information used to operate, secure, and improve the Service.
Contract: to provide the Service you (or your organization) have signed up for, including account management and billing.
Legitimate interests: to secure, maintain, troubleshoot, and improve the Service, prevent abuse, and communicate about the Service, balanced against your rights and freedoms.
Consent: for non-essential cookies/local storage and optional marketing communications. Where we rely on consent, you may withdraw it at any time without affecting prior processing.
Legal obligation: to comply with applicable law, tax/accounting requirements, and lawful requests from authorities.
No foundation model training: Kitebots does not use your account data, Knowledge Base uploads, or end-user conversation content to train, improve, or fine-tune foundational large language models operated by us, and we do not sell that content for model training. Processing through third-party LLM APIs is performed solely to fulfill each request and is subject to those providers’ API terms and safeguards.
Sub-processors: We use industry-standard providers to run the platform, including Amazon Web Services (AWS) for hosting, OpenAI and similar LLM API providers for response generation, Upstash for vector indexing, Razorpay for payment processing, and Meta for optional WhatsApp/messaging integrations you enable. A current list of material sub-processors is available on request and summarized at /gdpr.
Chat and diagnostic logs: End-user conversation data and related operational logs are retained on a limited schedule (chat sessions and messages expire automatically, typically within ~30 days for the deployed widget, and analytics-style logs up to 90 days or as configured for your plan), after which they are deleted or anonymized.
Leads and account data: Lead records and account data are retained for the life of your account and a limited period afterward as required for legal, tax, and dispute-resolution purposes, then deleted or anonymized.
Knowledge Base purging: When you delete content from your dashboard, we remove it from active use and delete corresponding vector embeddings and indexes in the ordinary course. Backups may persist for a limited period consistent with our backup rotation before expiry.
Subject to applicable law, you have the right to: access your personal data; rectify inaccurate data; erase your data (“right to be forgotten”); restrict or object to processing; data portability (receive your data in a structured, machine-readable format); and withdraw consent.
Self-service: Account owners can export their data and request deletion of their account and associated data from Account → Your Data & Privacy in the dashboard. You may also email privacy@kitebots.com.
End-user requests: Requests regarding data collected by a chatbot you deployed are normally directed to you as the controller; we will assist our customers in fulfilling such requests as their processor.
We respond to verifiable requests within the timeframe required by law (generally within one month under GDPR). You also have the right to lodge a complaint with your local supervisory authority.
Data in transit is protected using TLS 1.2 or higher where applicable. Data at rest is protected using industry-standard encryption (for example AES-256) within our cloud environments, including encryption of databases that hold personal data. We apply workspace isolation, access controls, and point-in-time recovery on key data stores. No method of transmission or storage is 100% secure; we continuously work to maintain appropriate safeguards.
We use cookies and similar technologies (including browser local storage) for authentication, security, preferences, the chat widget, and—only with your consent—analytics and marketing. You can review categories and change your choice at any time via the “Cookie Preferences” link in the footer. See our Cookie Policy at /cookie-policy.
Where personal data is transferred outside your country or the EEA/UK, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) or equivalent mechanisms, together with our sub-processors’ certifications and contractual commitments.
We may update this Privacy Policy periodically. We will post the revised Policy and update the “Last updated” date. Material changes may be communicated by email or in-product notice where appropriate.
Privacy and data protection inquiries, including data-subject requests: privacy@kitebots.com.