ChatBotAPP

Privacy Policy

Last updated: April 28, 2026

ChatBotAPP ("we", "us", "our") operates the ChatBotAPP platform accessible at app.chatbotapp.rs and related services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

1. Information We Collect

1.1 Account Information

When you register for an account, we collect:

  • Full name and email address
  • Password (stored in encrypted/hashed form)
  • Phone number (optional)
  • Business name, address, and tax identification number
  • Country and preferred language

1.2 Chatbot Configuration Data

When you set up and customize your chatbot, we store:

  • Bot name, logo, and appearance settings
  • AI instructions, persona, and custom prompts
  • Knowledge base content (uploaded documents, FAQs, website data)
  • Integration credentials for Google Calendar, Google Sheets, and social media channels (encrypted)
  • Business type and service-specific settings

1.3 Conversation & Message Data

When end-users interact with chatbots built on our platform, we process:

  • Message content (text sent and received)
  • Conversation metadata (timestamps, duration, channel used)
  • User identifiers provided by the messaging channel (session IDs, phone numbers for WhatsApp/Viber, or social media account IDs)
  • Message feedback ratings (thumbs up/down)

1.4 Voice Data

If voice features are enabled:

  • Voice recordings are processed in real-time for speech-to-text conversion and are not permanently stored by us
  • Voice session metadata (duration, provider used, characters processed)

1.5 Analytics Data

  • Chatbot usage events (opens, closes, button clicks, message counts)
  • Aggregated performance metrics
  • Channel-specific analytics (web, WhatsApp, Viber, Instagram, Messenger)

1.6 Billing Information

  • Subscription plan and usage data
  • Invoice records and payment history
  • Billing address and email

2. How We Use Your Information

We use the collected information to:

  • Provide, operate, and maintain the ChatBotAPP platform
  • Process and deliver AI-powered chatbot responses to end-users
  • Enable integrations with third-party services (Google Calendar, Sheets, social media channels)
  • Generate analytics and performance reports for your chatbot
  • Process billing, subscriptions, and invoices
  • Send account-related notifications (verification, password resets, billing alerts)
  • Provide customer support via our ticket system
  • Improve and optimize our platform and AI responses
  • Ensure security and prevent fraud or abuse

3. Third-Party Services

To deliver our services, we share data with the following third-party providers:

3.1 AI & Language Processing

  • OpenAI — Message content is sent to OpenAI's API for generating chatbot responses. OpenAI processes this data according to their Privacy Policy.

3.2 Voice Services

  • ElevenLabs — Voice data is processed for text-to-speech and speech-to-text features, per their Privacy Policy.
  • OpenAI Realtime API — Used for real-time voice conversations.

3.3 Social Media & Messaging Platforms

  • Meta (Facebook, Instagram, WhatsApp) — When you connect these channels, messages are exchanged via Meta's APIs. Meta's Data Policy applies to data processed on their platforms.
  • Viber — Messages via Viber are processed through Viber's API.

3.4 Google Services

  • Google Calendar API — Used for booking and scheduling features. Calendar data is accessed only with your explicit authorization.
  • Google Sheets API — Used for reading and writing product/service data. Sheet access is limited to the specific spreadsheet you authorize.

3.5 Email Services

  • Mailgun — Used to send transactional emails (verification, notifications, invoices). Email addresses and message content are processed by Mailgun.

4. Data Storage & Security

  • All data is stored on secure servers located in the European Union
  • Passwords are hashed using bcrypt with a cost factor of 12
  • Sensitive credentials (API tokens, access tokens) are encrypted using AES-256-CBC before storage
  • Two-factor authentication (2FA) is available for additional account security
  • All connections use HTTPS/TLS encryption in transit
  • We implement access controls and regular security reviews

5. Data Retention

  • Account data: Retained for as long as your account is active, plus 30 days after deletion request
  • Conversation data: Retained for as long as your account is active. You may request deletion at any time.
  • Analytics data: Retained for up to 12 months
  • Verification codes: Automatically deleted after 1 hour
  • Two-factor codes: Automatically deleted after 10 minutes
  • Voice recordings: Processed in real-time and not permanently stored
  • Billing records: Retained as required by applicable tax and accounting laws

6. Your Rights

Under applicable data protection laws (including GDPR), you have the right to:

  • Access — Request a copy of the personal data we hold about you
  • Rectification — Request correction of inaccurate data
  • Erasure — Request deletion of your personal data ("right to be forgotten")
  • Restriction — Request restriction of processing in certain circumstances
  • Portability — Request your data in a structured, machine-readable format
  • Objection — Object to processing based on legitimate interests
  • Withdraw consent — Withdraw previously given consent at any time

To exercise any of these rights, contact us at support@chatbotapp.rs.

7. End-User Data (Chatbot Visitors)

ChatBotAPP processes data from end-users (visitors who interact with chatbots built on our platform) on behalf of our clients (chatbot owners). In this capacity:

  • Our clients are the data controllers for end-user data
  • ChatBotAPP acts as a data processor
  • End-users should refer to the chatbot owner's privacy policy for information about how their data is handled
  • We process end-user data only as instructed by our clients and as necessary to provide the service

8. Cookies & Tracking

Our platform uses:

  • Session cookies — Essential for authentication and maintaining your login state
  • CSRF tokens — For security against cross-site request forgery
  • Local storage — The chatbot widget uses browser local storage to maintain conversation history

We do not use third-party advertising or tracking cookies.

9. Children's Privacy

Our platform is not directed to children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us for immediate removal.

10. International Data Transfers

Some of our third-party service providers (OpenAI, ElevenLabs, Meta) may process data outside the European Economic Area (EEA). In such cases, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) where applicable.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of significant changes via email. The "Last updated" date at the top indicates when the policy was last revised.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data protection rights, contact us at: