Chatmoat

Privacy Policy

Last Updated: April 2025

Welcome to Chatmoat, a service provided by Innovation Institute of Sweden AB, org.nr. 559290-7603 ("we," "us," or "our"). We respect your privacy and are committed to protecting your personal data. This Privacy Policy ("Policy") explains how we collect, use, store, disclose, and protect your information when you use Chatmoat's services, including chatbots created through our platform and embedded on third-party websites (the "Services"), as well as when you visit our website.

1. Who We Are

Chatmoat provides tools enabling individuals and businesses ("Customers") to build AI-powered chatbots, train them on the Customer's chosen content (e.g., website data, documentation), and embed these chatbots on their own websites. When visitors ("End Users" or "Chatbot Visitors") interact with those embedded chatbots, Chatmoat processes the interactions.

If you have any questions or concerns about this Policy or about your personal data, please contact us via our contact page at contact.

2. Scope of This Privacy Policy

This Policy covers:

  • Customers who sign up for an account at Chatmoat (creating and managing chatbots).
  • Visitors to the Chatmoat website itself.
  • End Users/Chatbot Visitors who interact with chatbots embedded on a Customer's website.

Important: For data collected by a chatbot on a Customer's site, the Customer may act as the data controller and Chatmoat as the processor on the Customer's behalf. If you are an End User/Chatbot Visitor, the Customer's own privacy policy may also apply. If you have questions regarding how your data is handled, you can contact the Customer (the website owner).

3. Information We Collect

3.1 Customer Data

If you create a Chatmoat account to build chatbots, we collect:

  • Identification & Contact Details: Name, email address, and other basic profile details.
  • Payment Information: Billing address and relevant transaction details if you subscribe to paid services. Payment processing is handled via third-party providers like Stripe; we do not store your full payment card details.
  • Account Usage Information: Data on when you log in, the features you use, and your account settings to help us provide and improve the Services.

3.2 Chatbot Visitor Data

When an End User/Chatbot Visitor interacts with a Chatmoat-embedded chatbot on a Customer's website, we do store and process:

  • Chat Interactions: The messages or prompts typed by the End User, plus any corresponding chatbot responses.
  • Metadata: Time of interaction, basic device/browser information (e.g., IP address, browser version), and usage statistics for analytics and troubleshooting.

We process these chat logs for the following reasons:

  • Analytics & Usage Insights
  • Service Improvement (e.g., to enhance chatbot performance, address errors, refine AI models)
  • Customer Support (e.g., to help resolve technical issues)

4. How We Use Your Information

We may use the data we collect for:

Providing and Improving Services

  • Hosting and operating chatbots created by our Customers.
  • Processing payments through secure third-party gateways (e.g., Stripe).
  • Ensuring the reliability and performance of the embedded chatbots.
  • Enhancing chatbot accuracy and functionality based on aggregated, anonymized insights from stored interactions.

Analytics and Reporting

  • Using tools like Google Analytics on our website or analyzing chatbot usage logs to understand trends and improve user experience.
  • Generating usage metrics for internal metrics and feature development.

Service Development

  • Using the content of chat interactions (messages and prompts) to improve our Services, troubleshoot errors, and develop new features (e.g., training or fine-tuning AI models, subject to necessary safeguards).

Customer Support & Communications

  • Responding to requests, questions, or feedback you submit via contact or other channels.
  • Sending important updates or information about our Services.

Legal & Security

  • Detecting, preventing, or addressing fraud, security vulnerabilities, or illegal activities.
  • Complying with legal obligations or lawful requests.

Where required under applicable law (e.g., the General Data Protection Regulation (GDPR)), we may rely on your consent, our contractual obligations, or our legitimate interests as the legal basis for processing your personal data.

5. Cookies and Tracking Technologies

We use cookies and similar technologies on our own website (e.g., Google Analytics) to enhance functionality, track usage patterns, and improve user experience. Cookies may collect information such as IP address, device type, browsing actions, and pages visited on our website.

  • Consent: You can manage your cookie preferences via our cookie banner or through your browser settings.
  • Third-Party Analytics: We may use Google Analytics or other providers; they may set their own cookies. You can opt out by installing browser add-ons or adjusting your preferences.

Please note that disabling certain cookies may limit some features on our website.

6. Data Sharing and Sub-Processors

We do not sell or rent personal data. We only share data in the following circumstances:

Service Providers (Sub-Processors):

  • Hosting & Database: We use providers like Supabase (with servers in the EU, headquartered in Singapore) for database storage of chat logs and Customer info.
  • Website Hosting: Our website is hosted on Netlify (US-based).
  • Payment Processing: Stripe handles billing details and transactions.
  • Analytics: Google Analytics or similar tools may collect information about site usage.

These partners may process data on our behalf subject to confidentiality and data protection requirements.

International Transfers:

When transferring data outside the European Economic Area (EEA), we rely on lawful mechanisms (e.g., Standard Contractual Clauses) to ensure adequate protection of personal data.

Compliance with Law:

We may disclose information to comply with legal obligations or in response to valid requests by public authorities.

Business Transactions:

If Chatmoat is involved in a merger, acquisition, or asset sale, personal data may be transferred as part of that transaction; we will notify you as required by law.

7. Data Retention

  • Customer Account Data: We retain your account details and billing information as long as your account is active or as needed to provide the Services. If you request deletion, we will delete or anonymize your data unless retention is needed to comply with legal requirements.
  • Chatbot Interaction Logs: We store chat content (prompts, responses, etc.) for analytics and service improvement purposes. Retention periods for chatbot logs may vary depending on our needs and the Customer's instructions. Generally, we keep these logs until they are no longer necessary for the purposes for which they were collected.
  • Analytics Data: Any analytics or site usage data (including cookies) is generally retained in aggregate form or for a limited period consistent with your browser settings, our internal policies, or legal requirements.

8. Your Rights (GDPR & Other Jurisdictions)

If you are located in or are a resident of the EU/EEA, you have rights under the General Data Protection Regulation (GDPR), including:

  • Right to Access: Obtain confirmation about how we process your personal data and a copy of it.
  • Right to Rectification: Request that we correct inaccurate or incomplete data.
  • Right to Erasure ("Right to be Forgotten"): Under certain circumstances, request that we delete personal data.
  • Right to Restrict Processing: Ask us to suspend processing your personal data in specific situations.
  • Right to Data Portability: Receive your personal data in a machine-readable format.
  • Right to Object: Object to our processing based on legitimate interests or for direct marketing.
  • Right to Withdraw Consent: If you provided consent, you can withdraw it anytime without affecting the lawfulness of processing before withdrawal.

Residents of California may have additional rights under the California Consumer Privacy Act (CCPA) or California Privacy Rights Act (CPRA), such as the right to know, delete, or opt-out of certain data sharing.

To exercise any of these rights, or if you have any other privacy-related request or question, please contact us via our contact page at contact. We may request proof of identity to verify your request.

9. Security Measures

We take reasonable steps to protect your personal data from unauthorized access or disclosure. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. You should also take measures to safeguard your credentials and devices.

10. Children's Privacy

Our Services are not intended for children under 13 (or 16 where applicable). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us so we can delete it promptly.

11. Changes to This Policy

We may update or modify this Policy at any time in response to evolving legal, technical, or business changes. When we update the Policy, we will revise the "Last Updated" date above. If changes are material, we will notify you as required by law.

12. Contact Us

If you have questions or concerns about this Privacy Policy, our data practices, or wish to exercise your rights, please reach out via contact.