BotChata
Get started

LEGAL

Privacy Policy

Last updated: May 2026

Who we are

BotChata ("we", "us", "our") provides an AI chatbot platform that allows website owners to create chatbots trained on their own content. Our service is available at botchata.net.

What data we collect

We collect: (1) Account data — your email address and encrypted password when you register. (2) Website content — pages crawled from URLs you provide, stored as vector embeddings to power your chatbot. (3) Chat logs — messages exchanged between your website visitors and your chatbot, associated with your account. (4) Usage data — basic analytics such as message count, error logs, and feature usage to improve the service. (5) Billing data — your payment method details are processed and stored by Paddle, our payment provider. We do not store full card numbers.

How we use your data

Your data is used to: deliver and operate the chatbot service; process payments via Paddle; send transactional emails (account creation, weekly digest) via Resend; improve the platform based on aggregate usage patterns. We do not sell, rent, or share your personal data with third parties except as described below.

Data sharing

We share data only with: (1) Paddle — payment processing. (2) OpenAI — chat messages are sent to OpenAI's API to generate responses. OpenAI processes data in accordance with their Data Processing Addendum, available at openai.com/policies/data-processing-addendum. (3) Resend — email delivery. (4) Hetzner — infrastructure hosting (servers located in Germany, EU). We require all sub-processors to implement appropriate data security measures.

Data retention

Account data is retained for as long as your account is active. If you delete your account, we delete all associated data within 30 days. Chat logs and indexed content are deleted immediately when you delete a chatbot. You can request deletion of your data at any time by contacting us.

Your rights

You have the right to: access the personal data we hold about you; correct inaccurate data; request deletion of your data; object to or restrict processing; receive a machine-readable copy of your data (data portability). To exercise these rights, contact us at nik.mogun@gmail.com.

Cookies

We use a minimal set of cookies: a session cookie to keep you logged in, and a preference cookie for theme (light/dark). We do not use tracking cookies or third-party advertising cookies.

Security

We use HTTPS for all data in transit. Passwords are hashed using bcrypt. API keys and OAuth tokens are encrypted at rest using Fernet symmetric encryption. We regularly review our security practices.

Changes to this policy

We may update this policy from time to time. We will notify registered users by email of any material changes. The date at the top of this page indicates when it was last updated.

Contact

If you have questions about this privacy policy or how we handle your data, email us at nik.mogun@gmail.com.