Chatcot Logo

Privacy Policy

This Privacy Policy explains how Chatcot collects, uses, stores, discloses, and protects information in connection with the Chatcot Platform. It applies to all visitors, account holders, customers, administrators, and End Users who interact with Chatcot or a chatbot powered by Chatcot.

Last updatedMay 3, 2026
Websitehttps://www.chatcot.com
Supportchatcotsupport@gmail.com

01Introduction

Chatcot is operated by an Australian sole trader trading as Chatcot. In this Policy, "Chatcot", "we", "us", and "our" refer to the operator of the Chatcot service. This Privacy Policy governs how we handle information when you visit our website, create an account, use our dashboard, deploy a chatbot, interact with a Chatcot-powered chatbot as an End User, or otherwise use the Services.

By accessing or using Chatcot, creating an account, installing a Chatcot widget, embedding Chatcot code, using a chatbot powered by Chatcot, or otherwise using the Services, you acknowledge and agree to the practices described in this Privacy Policy.

IMPORTANT: If you do not agree with this Privacy Policy, you must not access, use, install, deploy, integrate, or interact with Chatcot. If you are using Chatcot on behalf of a company or other entity, you represent that you have authority to bind that entity to this Policy.

This Privacy Policy should be read together with our Terms of Service, Data Processing Addendum (where applicable), and any other agreements that govern your use of the Services.

02Who We Are

Chatcot is operated by an Australian sole trader trading as Chatcot. Chatcot does not publish the sole trader's personal legal name, ABN, or physical address in this Policy. The official public contact for privacy, data protection, access, correction, deletion, objection, consent withdrawal, security, and regulatory requests is:

EntityChatcot (Australian sole trader)
Privacy & Supportchatcotsupport@gmail.com
Websitehttps://www.chatcot.com

No physical mailing address is provided in this Policy. All privacy requests should be sent to the email address above.

03Information We Collect

Chatcot may collect or process the following categories of information, depending on how you interact with the Services:

  • Website visitor information;
  • Account information (name, email, organisation details);
  • Authentication information (login credentials, session tokens);
  • Billing and subscription information;
  • Payment metadata (processed by Stripe; Chatcot does not store full payment card numbers);
  • Customer Content (data, text, documents, files, URLs, prompts, instructions, knowledge base material uploaded to Chatcot);
  • Uploaded files, pasted text, and URLs;
  • Knowledge base information and embeddings;
  • Chatbot prompts and AI Output;
  • End-User Chat Data (messages, conversation transcripts);
  • Session identifiers and page URLs;
  • IP addresses, browser and device information;
  • Log data, analytics information, and error reports;
  • Support communications;
  • Human hand-off records (where enabled);
  • Security and audit records.

Information You Provide Directly

You provide information directly when you create an account, configure a chatbot, upload content to a knowledge base, contact support, subscribe to a paid plan, or submit information through forms.

Information Collected Automatically

We and our service providers may automatically collect certain information when you use the Services, including log data, device information, session identifiers, and usage data. We do not currently use first-party analytics cookies for our own analytics.

Information from End Users

When a Customer deploys a Chatcot chatbot on their website, we may collect End-User Chat Data, including messages, transcripts, session data, and device information, as necessary to operate the chatbot and provide the Services.

04How We Use Your Information

Chatcot processes information for the following purposes:

  • To provide, operate, and maintain the Services;
  • To authenticate users and manage accounts;
  • To process payments and subscriptions;
  • To operate Chatbots and generate AI responses;
  • To ingest, index, retrieve, and process knowledge base content;
  • To store transcripts where enabled by Customer configuration;
  • To provide analytics and usage reporting;
  • To provide customer support;
  • To secure the Services and prevent fraud and abuse;
  • To troubleshoot errors and maintain logs;
  • To comply with applicable laws and enforce agreements;
  • To resolve disputes and protect rights and safety;
  • To improve performance using aggregated or de-identified data.

We do not use identifiable Customer Content or End-User Chat Data to train general-purpose AI models operated by Chatcot unless you expressly opt in through a separate written or in-product mechanism.

05Sensitive Information

Sensitive Data Warning

Chatcot does not request Sensitive Information by default. Customers and End Users must not submit Sensitive Information unless legally authorised and necessary.

Sensitive Information includes health information, biometric information, genetic information, children's information, government identifiers, financial account credentials, payment card numbers, passwords, precise geolocation, racial or ethnic origin, political opinions, religious beliefs, union membership, sexual orientation, criminal records, and any other information treated as sensitive, special category, protected, or high risk under applicable law.

Where Sensitive Information is submitted without request, Chatcot may process it only as necessary to provide the Services, protect security, comply with law, follow Customer instructions, or delete or restrict it.

Chatcot may delete, restrict, quarantine, or refuse to process Sensitive Information that appears to be unauthorised, unnecessary, unlawful, or inconsistent with this Policy or our Terms of Service.

06Legal Basis for Processing

Chatcot generally acts as controller or equivalent responsible party for Personal Information processed for its own purposes, including website operation, account administration, billing, support, security, analytics, fraud prevention, legal compliance, and business operations.

For End-User Chat Data processed through a Customer Website, Customer generally acts as controller, business, or equivalent responsible party, and Chatcot generally acts as processor, service provider, or equivalent vendor.

Our legal basis for processing depends on the context and applicable law, and may include:

  • Performance of a contract (providing the Services you requested);
  • Legitimate interests (security, fraud prevention, service improvement, business operations);
  • Compliance with legal obligations;
  • Consent (where required and obtained).

Where Customer is the controller for End-User data, Customer is solely responsible for identifying, documenting, and maintaining a valid legal basis for collecting and processing End-User Chat Data. Customer must provide all required notices and obtain all required consents before deploying Chatcot.

07Data Retention

Chatcot retains data only as long as reasonably necessary for the purposes described in this Policy, unless longer retention is required for legal, security, tax, accounting, dispute, provider-side compliance, abuse monitoring, or other lawful purposes.

Our retention practices include:

  • If Customer deletes an agent, Chatcot deletes all data provided to that agent from active Chatcot-controlled systems;
  • Chatcot does not intentionally maintain separate backup copies of deleted agent data as of the Last updated date of this Policy;
  • Short default retention for chat transcripts where transcript storage exists;
  • Configurable retention settings where available in the product;
  • Deletion of Customer Content after account closure, subject to lawful retention exceptions;
  • Limited retention of security logs;
  • Longer retention of billing records where required by law;
  • De-identification or aggregation where practical before retention.

Third-Party Retention

Customer acknowledges that third-party providers (Subprocessors) may retain limited logs, security records, billing records, abuse-monitoring records, or transient technical records according to their own infrastructure, legal, and security requirements.

Customer must not publish a retention promise to End Users unless Customer has confirmed that the relevant Chatcot configuration supports it.

08International Transfers

Customer acknowledges that Personal Information may be processed outside Australia, including in the United States, the European Union, the United Kingdom, and other countries where Chatcot or its Subprocessors operate.

Chatcot will use commercially reasonable measures designed to support lawful cross-border transfers, including contractual safeguards where required. Where mandated by applicable Data Protection Laws, the parties will use appropriate safeguards such as data processing agreements, standard contractual clauses, UK transfer addenda, transfer risk assessments, Data Privacy Framework participation, contractual controls, and other lawful transfer mechanisms.

09Your Privacy Rights

Where Chatcot is the controller of your Personal Information, you may have rights under applicable law, which may include:

  • The right to access your Personal Information;
  • The right to request correction of inaccurate information;
  • The right to request deletion of your information;
  • The right to object to or restrict certain processing;
  • The right to withdraw consent where processing is based on consent;
  • The right to data portability;
  • The right to lodge a complaint with a supervisory authority.

To exercise these rights, please contact us at chatcotsupport@gmail.com. We will respond to valid requests as required by applicable law.

Where Customer is the controller for End-User Chat Data (for example, where a business deploys a chatbot on their website), Customer is responsible for responding to End-User requests, and Chatcot may assist as processor according to the DPA and applicable law.

10Cookies & Tracking

Chatcot does not currently use first-party analytics cookies for its own analytics on Chatcot-controlled services. However, strictly necessary cookies, authentication cookies, security cookies, session technologies, local storage, or similar technologies may be used by Chatcot or service providers such as Clerk where needed for login, authentication, fraud prevention, security, account management, or core functionality.

Customer is responsible for all cookie, tracking, recording, analytics, electronic communications, and consent obligations on Customer Websites. If Customer deploys Chatcot on a Customer Website, Customer must clearly disclose the use of Chatcot, AI processing, and any tracking technologies, and must obtain all consents required for non-essential cookies, analytics, advertising pixels, session replay, chat recording, or marketing technologies.

11AI Processing & Chatbots

Chatcot uses Gemini API through Google AI Studio / Gemini APIs to provide AI-powered functionality. By using Chatcot or interacting with a Chatcot-powered chatbot, you acknowledge that your messages, prompts, context, and related data may be transmitted to and processed by Google or related AI Provider services as necessary to generate responses.

Chatbot Notice

Customers who deploy Chatcot chatbots should display a clear and accessible notice at or before the point where an End User interacts with the chatbot. A recommended notice is:

You are chatting with an AI assistant powered by Chatcot. Your messages may be processed to provide a response and may be stored or reviewed if enabled by this website. Do not share sensitive information unless necessary. AI responses may be inaccurate. Please review this website's Privacy Policy for details.

File Upload Notice

Customers should also display a notice for file uploads substantially similar to:

Files, URLs, and text you add to Chatcot may be processed to build and operate your chatbot knowledge base. Do not upload personal, confidential, regulated, or sensitive information unless you are authorised to do so and it is necessary for your use case.

AI Output Limitations

AI Accuracy Warning

This AI assistant may generate incorrect, incomplete, misleading, or outdated responses. Please verify important information before relying on it. AI Output does not constitute professional advice.

No Training by Default

Unless Customer expressly opts in through a separate written or in-product mechanism, Chatcot will not intentionally use identifiable Customer Content or End-User Chat Data to train general-purpose AI models operated by Chatcot.

AI Providers may use safety, security, abuse-monitoring, reliability, rate-limiting, and legal-compliance systems that may process prompts, responses, metadata, or related information for limited periods.

12Contact Forms

Chatcot may use information submitted through contact forms to respond to enquiries, manage support, keep business records, and follow up about the Services. Information submitted through contact forms is handled in accordance with this Privacy Policy.

13Marketing Communications

Marketing communications will be sent only where legally permitted. Recipients can unsubscribe from marketing communications at any time by following the unsubscribe instructions in the communication or by contacting us at chatcotsupport@gmail.com.

14Data Processing Addendum

Where Chatcot processes Personal Information on behalf of Customer as processor, service provider, or equivalent role, the following terms apply:

Roles

Customer is the controller, business, or equivalent responsible party for Customer Personal Data. Chatcot is the processor, service provider, or equivalent vendor processing Customer Personal Data on Customer's behalf.

Subject Matter & Duration

The subject matter is Chatcot's provision of AI chatbot, knowledge base, website widget, dashboard, hosting, analytics, support, and related SaaS services. Processing continues for the term of Customer's use of the Services and any additional period required for deletion, backup expiry, legal compliance, security, dispute resolution, or legitimate retention.

Nature and Purpose

Processing includes hosting, storing, transmitting, retrieving, indexing, embedding, analysing, generating AI responses, displaying outputs, logging, securing, supporting, deleting, and otherwise processing data to provide the Services.

Categories of Data Subjects

Data subjects may include Customer personnel, administrators, developers, support users, End Users, website visitors, prospects, and individuals whose information appears in Customer Content.

Categories of Personal Information

Personal Information may include names, emails, account identifiers, device data, IP addresses, chat messages, files, business information, support messages, transcript data, metadata, and any Personal Information included in Customer Content or End-User Chat Data.

Customer Obligations

Customer must:

  • Provide lawful documented instructions;
  • Ensure all data is collected lawfully;
  • Provide required notices to data subjects;
  • Obtain required consents;
  • Respond to data subject rights requests;
  • Avoid unnecessary Sensitive Information;
  • Ensure use is not prohibited;
  • Ensure its users comply with the Terms and this Policy;
  • Maintain appropriate Customer Website security.

Chatcot Obligations

Chatcot will:

  • Process Customer Personal Data only for permitted purposes;
  • Use reasonable security measures;
  • Impose confidentiality obligations on personnel with access;
  • Use Subprocessors as needed to provide the Services;
  • Assist Customer with rights requests where required and reasonably possible;
  • Assist Customer with security incident obligations where required;
  • Delete or return Customer Personal Data as required by law and contract, subject to permitted retention.

Security Incidents

Chatcot will notify Customer without undue delay after becoming aware of a confirmed security incident affecting Customer Personal Data, where required by law or contract.

Audits

Customer may request information reasonably necessary to verify Chatcot's compliance with this Annex. On-site audits are not permitted unless legally required and separately agreed in writing.

15Acceptable Use Policy

Customer must use the Services lawfully, safely, and responsibly. Customer must not use the Services for:

  • Unlawful conduct;
  • Harmful AI generation;
  • Deception or impersonation;
  • Hidden surveillance;
  • Malware distribution;
  • Spam or phishing;
  • Harassment or discrimination;
  • Exploitation of minors;
  • Sexual content involving minors;
  • Extremist or terrorist content;
  • Self-harm encouragement;
  • Evasion of safety systems;
  • Credential theft;
  • Unauthorised scraping;
  • Regulated professional advice without safeguards;
  • High-Risk Use Cases without approval;
  • Sensitive Information processing without authorisation;
  • Unlawful tracking or recording;
  • Infringement of rights;
  • Activities that violate AI Provider policies.

Chatcot may investigate and suspend any use that appears to violate this Acceptable Use Policy.

16Security Measures

Chatcot will use commercially reasonable technical and organisational measures designed to protect the Services and Personal Information. Such measures may include:

  • HTTPS/TLS encryption in transit;
  • Access controls and least-privilege access;
  • Multi-factor authentication for administrative access;
  • Provider security controls (Vercel, Clerk, Google Cloud);
  • Logging, monitoring, and backups;
  • Vulnerability management;
  • Vendor review and security assessments;
  • Incident response planning.

No Encryption Guarantee

Chatcot does not represent or warrant that Customer Content, End-User Chat Data, chatbot transcripts, uploaded files, prompts, AI Output, account data, or stored data is encrypted by Chatcot. Chatcot also does not provide end-to-end encryption because Chatcot-controlled systems and authorised service providers must be able to process data to provide the Services, including chatbot operation, authentication, payment processing, hosting, security, and AI response generation.

Customer is responsible for securing Customer Websites, Customer systems, Customer credentials, Customer devices, Customer administrators, Customer integrations, and Customer-side configurations.

17Subprocessors

Customer authorises Chatcot to use Subprocessors to provide the Services. Subprocessors may include Clerk, Stripe, Vercel, Google, Google AI Studio, Gemini APIs, Google Cloud, hosting providers, authentication providers, payment providers, analytics providers, support providers, email providers, security providers, and other service providers.

Chatcot will use commercially reasonable efforts to ensure Subprocessors are subject to appropriate contractual, security, confidentiality, and data protection obligations. Chatcot may replace or add Subprocessors as needed to provide the Services.

18Changes to This Policy

Chatcot may update this Privacy Policy from time to time. If changes are material, Chatcot will use reasonable efforts to notify Customers and users through the website, dashboard, email, or other reasonable channels.

Continued use of the Services after an updated Privacy Policy takes effect constitutes acceptance of the updated Policy. If you do not agree to the updated Policy, you must stop using the Services.

19Contact Us

If you have any questions about this Privacy Policy, or if you wish to exercise your privacy rights, please contact us:

CompanyChatcot (Australian sole trader)
Privacy & Legalchatcotsupport@gmail.com
Websitehttps://www.chatcot.com