Privacy Policy

Last updated: January 2025

1. Introduction

Chatbotn Ltd ("Chatbotn", "we", "us", or "our") is committed to protecting your privacy and ensuring you have a positive experience when using our AI safety monitoring platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website chatbotn.com and use our services.

We are a company registered in the United Kingdom and comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable data protection laws.

2. Information We Collect

2.1 Information You Provide

We collect information that you voluntarily provide to us, including:

  • Account registration information (name, email address, company name)
  • Contact form submissions
  • Communication with our support team
  • Payment information (processed securely by our payment provider)
  • Preferences and settings within your account

2.2 Information Collected Automatically

When you access our website or services, we automatically collect:

  • Device information (browser type, operating system, device type)
  • Usage data (pages visited, time spent, features used)
  • IP address and approximate location
  • Cookies and similar tracking technologies

2.3 Conversation Data

Our service analyses AI conversations for safety monitoring. We process this data with strict privacy controls:

  • User messages are encrypted and cannot be read by Chatbotn staff
  • AI responses are analysed in plaintext for safety evaluation
  • No personally identifiable information (PII) from conversations is stored
  • Conversation IDs link to your systems but contain no user data

3. How We Use Your Information

We use the collected information for the following purposes:

  • Providing and maintaining our AI safety monitoring service
  • Processing your transactions and managing your account
  • Sending service-related communications and alerts
  • Improving our products and developing new features
  • Responding to your enquiries and providing customer support
  • Complying with legal obligations and enforcing our terms
  • Detecting and preventing fraud or abuse

4. Legal Basis for Processing

Under UK GDPR, we process your personal data on the following legal bases:

  • Contract: Processing necessary to perform our contract with you
  • Consent: Where you have given explicit consent for specific processing
  • Legitimate Interest: Processing necessary for our legitimate business interests
  • Legal Obligation: Processing required by law

5. Data Sharing and Disclosure

We may share your information with:

  • Service Providers: Third parties who assist in operating our service (hosting, analytics, payment processing)
  • Legal Requirements: When required by law, court order, or government request
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • With Your Consent: When you have explicitly agreed to sharing

We do not sell your personal information to third parties.

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Account information: Retained while your account is active and for 2 years after closure
  • Conversation analysis data: Retained according to your plan (7-30 days, or as agreed for Enterprise)
  • Financial records: Retained for 7 years as required by UK law
  • Marketing preferences: Until you opt out

7. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data in certain circumstances
  • Right to Restrict Processing: Request limitation of how we use your data
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw previously given consent at any time

To exercise these rights, please contact us at privacy@chatbotn.com.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encryption of data in transit (TLS 1.3) and at rest (AES-256)
  • Regular security assessments and penetration testing
  • Access controls and authentication requirements
  • Employee training on data protection
  • Incident response procedures

9. International Transfers

Your data may be transferred to and processed in countries outside the UK. When we transfer data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the UK ICO.

10. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

  • Email: privacy@chatbotn.com
  • Data Protection Officer: dpo@chatbotn.com

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.