Anybot, Inc. Privacy Policy

We collect information in the following categories:

Information You Provide Directly. When you create an account we collect full name, email address, password (stored in hashed form), organization name, job title, phone number (optional), and profile photo. When setting up chatbots we collect chatbot names, descriptions, system prompts, custom instructions, knowledge base documents (PDFs, text files, website URLs you connect), and branding assets such as logos, colors, and welcome messages. For payment and billing we collect billing name, address, VAT/GST/tax ID, and payment method details. Full card numbers are never stored by us; they are tokenized and processed by our payment processor. We also collect communications such as support tickets, emails, feedback, survey responses, and marketing preferences.

Information Collected Automatically. Usage and interaction data including pages viewed, features used, time spent on the platform, number of chatbots created, message volume, conversation success metrics, error logs, and feature adoption rates. Device and technical data includes IP address, browser type and version, operating system, device type and identifiers, screen resolution, language settings, referring and exit pages, and approximate geolocation derived from IP. Chatbot performance data includes aggregated and anonymized metrics such as response times, user satisfaction ratings, and common query topics.

Information from Third Parties. If you sign in with Google we receive your name, email, profile picture, and Google user ID (minimum scopes only). Our payment processor (for example Stripe) provides payment confirmation, last four digits of card, billing address verification, and subscription status. Analytics and infrastructure providers may supply pseudonymized usage insights.

Information from End-Users of Your Chatbots. When people interact with chatbots you deploy, we process the messages, questions, uploaded files, and any personal information they voluntarily provide. You are generally the data controller for End-User personal data; Anybot acts as a data processor.

To provide and operate the Services (account creation, authentication, chatbot hosting, AI response generation, payment processing, customer support) on the legal basis of performance of contract. For personalization and improvement, remembering preferences, suggesting templates or features, and improving the platform. For AI model development and safety using de-identified, aggregated interaction data to train, fine-tune, and improve our AI models, reduce hallucinations and bias, and develop new capabilities. For security, fraud prevention, and abuse detection. For essential transactional communications and, with consent, marketing. For legal and compliance obligations. For analytics and product development.

We do not use End-User conversation content to train general-purpose AI models for third parties. Any use for model improvement is limited to de-identified and aggregated data and is subject to the opt-out described below.

Prompts, knowledge base content, custom instructions, and conversation histories are processed by us and our sub-processors (leading large language model providers) solely to deliver responses and operate the Services.

We may use de-identified and aggregated data derived from platform-wide interactions to improve model quality, safety, and capabilities.

Opt-out of model training: Organization owners may request that their data not be used for future model improvement by emailing zefsbusiness@gmail.com with the subject line "AI Training Opt-Out [Organization Name]". Previously processed data cannot be retroactively removed from trained models.

Generated outputs: You generally own the outputs produced by your chatbots, subject to these Terms and any applicable third-party model provider terms. AI outputs can sometimes be similar to existing content or contain inaccuracies; always review before use in high-stakes contexts.

We use Strictly Necessary cookies (authentication, session, CSRF protection), Performance and Analytics cookies (with IP anonymization where possible), Functional cookies (language, theme, editor state), and, if enabled, Advertising or Retargeting cookies for our own marketing. We honor Global Privacy Control (GPC) signals and Do Not Track where technically feasible and legally required.

You can manage cookies through your browser settings or our Cookie Preferences center. Some features may not function properly if essential cookies are blocked.

We do not sell personal information. We share information only in the following circumstances:

Service providers and sub-processors under data processing agreements, including cloud infrastructure, payment processing (Stripe), AI model providers, analytics platforms, email delivery, and customer support tools. Legal requirements (law, regulation, subpoena, court order, or to protect rights, safety, or property). Business transfers (merger, acquisition, financing, or sale of assets). With your consent or at your direction. Aggregated or de-identified data that does not identify individuals or organizations.

We implement industry-standard safeguards including encryption in transit (TLS 1.3) and at rest (AES-256), access controls with multi-factor authentication, regular security assessments, penetration testing, and an incident response plan.

No method of transmission or storage is 100% secure. You are responsible for maintaining the confidentiality of your account credentials. Notify us immediately if you suspect a breach.

Active account data is retained while your account is active. After an account deletion request, most personal data is deleted or anonymized within 30 days (backups overwritten within 60 days). Billing and tax records are retained for at least 7 years. Conversation histories are retained while your account is active or per your auto-delete settings. Marketing data is retained until you unsubscribe or for up to 2 years of inactivity. Anonymized or aggregated data used for model improvement may be retained indefinitely (subject to opt-out).

Universal rights include access, correction, deletion, data portability, restriction of processing, and objection to processing (including direct marketing).

California residents (CCPA/CPRA) have the right to know, delete, correct, opt-out of sale or sharing (we do not sell), and limit use of sensitive personal information. We do not discriminate against users who exercise these rights.

EEA, UK, Switzerland and equivalent regimes (GDPR) have additional rights to object to automated decision-making and to lodge complaints with your supervisory authority.

How to exercise your rights: Email zefsbusiness@gmail.com or use in-app tools (Account Settings then Privacy). We respond within the timeframes required by law (typically 30-45 days).

International transfers: Your data may be transferred to and processed in the United States and other countries. We use appropriate safeguards such as Standard Contractual Clauses.

Our Services are not directed to children under 13 (or 16 in certain jurisdictions). We do not knowingly collect personal information from children. If you believe we have done so, contact us immediately so we can delete the information.

Our website and Services may contain links to third-party sites or integrations. We are not responsible for their privacy practices. Review their policies before providing information.

We may update this Policy from time to time. Material changes will be announced via email, in-app notification, or prominent notice on our website at least 30 days in advance where practicable. Continued use after the effective date constitutes acceptance.

For privacy questions, requests, or complaints: Anybot, Inc. Email: zefsbusiness@gmail.com Attn: Privacy Team.

EEA or UK users may also contact their local data protection authority.