Privacy Policy

DEFINITION AND SCOPE

Thank you for visiting ChatWidgetPro or using any of our products and services (the "Platform"), operated by ChatWidgetPro ("we," "our," or "us"). We respect the privacy of every individual who visits or uses the Platform and are sensitive to privacy issues on the Internet. We believe it is important that you know how we deal with information received about you.

This Privacy Policy (the "Privacy Policy") explains how we collect, use, disclose, and protect the personal information of our customers, website users, and end users who interact with chat widgets powered by our Platform ("you"). It describes the types of information we may collect from you or that you may provide to us, and our practices for collecting, using, maintaining, protecting, and disclosing that information.

ChatWidgetPro is a Software-as-a-Service (SaaS) platform that enables businesses to create, configure, and deploy customizable chat widgets with AI-powered responses on their websites. This Privacy Policy applies to both our customers who use the Platform to create and manage widgets, and to end users who interact with those widgets on third-party websites.

We will only use your personal information in accordance with this Privacy Policy unless otherwise required by applicable law. We take steps to ensure that the personal information we collect about you is accurate, adequate, relevant, not excessive, and used for limited purposes. We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA), Quebec's Act respecting the protection of personal information in the private sector (Law 25), and the General Data Protection Regulation (GDPR) for users in the European Economic Area. Privacy laws in Canada generally define "Personal Information" as any information about an identifiable individual, which includes information that can be used on its own or with other information to identify, contact, or locate a single person.

We do not knowingly collect personal information directly from children under the age of 13 (or 16 in the European Economic Area). The Platform is for general business audiences and is not specifically targeted to or intended for use by children.

By accessing or using the Platform, you are accepting the practices described in this Privacy Policy, and you are consenting to our processing of your information as set out herein. We may modify or update this Privacy Policy from time to time; if we change this Privacy Policy in a manner that materially impacts your privacy rights, we will provide notice to you. Your continued use of the Platform or our services after any modification to this Privacy Policy will constitute your acceptance of such modification. However, when required by law, we will confirm your consent to the revised Privacy Policy terms. This Privacy Policy is incorporated into and considered a part of the Terms of Service.

WHAT INFORMATION WE COLLECT

We collect and use several types of information from and about you, including:

Personal Information

Information that we can reasonably use to directly or indirectly identify you, such as your name, email address, password (stored in encrypted form using bcrypt hashing), telephone number, Internet Protocol (IP) address used to connect your device to the Internet, company name, website URL, billing and account information processed through Stripe (we do not store full credit card numbers), and any other identifier we may use to contact you online or offline.

Non-Personal Information

Information that does not directly or indirectly reveal your identity or directly relate to an identified individual, such as demographic information, or statistical or aggregated information. Statistical or aggregated data does not directly identify a specific person, but we may derive non-personal statistical or aggregated data from Personal Information. For example, we may aggregate Personal Information to calculate the percentage of users accessing a specific Platform feature, or to analyze chat widget usage patterns across our customer base.

Usage Information

Information about your interaction with the Platform, including your login information, Internet Protocol (IP) address, browser type and version, time zone setting, browser plug-in types and versions, operating systems and platform, device information, or information about your Internet connection and the equipment you use to access the Platform.

Chat Interaction Data

Messages exchanged through chat widgets powered by our Platform, including text content, timestamps, visitor identifiers, consent status, file attachments (when file upload is enabled), and metadata associated with chat sessions. This data is collected for the purpose of providing AI-powered chat responses, analytics, and service improvement.

Widget Configuration Data

Settings, customizations, appearance preferences, behavioral configurations, knowledge base content, and other data our customers provide when creating and configuring their chat widgets.

Analytics Data

Non-personal details about your Platform interactions, including page views, feature usage, click patterns, session durations, chat widget interaction metrics (such as messages sent, response times, satisfaction ratings), and other behavioral data used to improve our services.

HOW WE COLLECT THE INFORMATION

Information You Provide to Us

The information we collect directly from you may include:

• Account Registration: When you sign up for a ChatWidgetPro account, we collect your name, email address, and password. You may optionally provide a company name, website URL, and profile picture.
• Widget Configuration: When you create and configure chat widgets, we collect the settings, customizations, knowledge base content, AI instructions, and other configuration data you provide.
• Payment Information: When you subscribe to a paid plan, your payment information is collected and processed directly by Stripe, our PCI-DSS compliant payment processor. We receive only payment confirmation, subscription status, and basic billing details — we never store your full credit card number.
• Chat Messages: When end users interact with chat widgets on third-party websites, the messages they send are transmitted to our Platform for processing and AI-powered response generation. End users are notified of data collection through a consent notice displayed in the widget.
• Support Communications: When you contact us for customer service or support, we collect the content of those communications and any additional information about the method of communication.
• Marketing Communications: If you opt in to receive marketing communications from us, we collect your email address to send relevant updates and promotional materials.

Information We Collect Through Cookies and Automatic Data Collection Technologies

As you navigate through and interact with the Platform, we may use cookies or other automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns. For detailed information about the cookies we use, please see our Cookie Policy.

The technologies we use for automatic data collection may include:

• Cookies (Browser Cookies): Small files placed on your device. You may refuse to accept browser cookies by adjusting your browser settings. However, if you do so, you may be unable to access certain parts of the Platform.
• Web Beacons: Small electronic files (also known as clear gifs, pixel tags, and single-pixel gifs) that allow us to count users who have visited certain pages and for other related website statistics.
• Analytics Tools: Google Analytics with IP anonymization enabled to collect anonymized usage statistics about how you interact with the Platform.
• Session Data: Information about your browsing session, including pages visited, features used, and interactions with the Platform interface.

Information Collected Through Chat Widgets

When our customers embed ChatWidgetPro widgets on their websites, the following information may be collected from end users who interact with those widgets:

• Chat messages and their content
• Visitor identifiers (generated for session tracking)
• Consent status (whether the end user has accepted the consent notice)
• Timestamps of interactions
• File attachments (when file upload is enabled by the widget owner)
• Device and browser information
• IP address

Information from Third Parties

We may receive Personal Information about you from various third parties, including:

• Payment Processor (Stripe): Payment confirmation, subscription status, and fraud prevention data.
• Authentication Providers: If you sign in using third-party authentication services, we may receive basic profile information.
• Integration Partners: Data from services you connect to your widgets, such as n8n workflows or custom backend integrations.

HOW WE USE YOUR INFORMATION

We use your information, including your Personal Information, to manage our business and to maintain and develop commercial relationships with you. We will collect, use, and disclose such information only to the extent that is necessary for those purposes.

We use information that we collect about you or that you provide to us, including any Personal Information:

• To present the Platform and its contents to you.
• To provide, maintain, and improve our chat widget services, including AI-powered chat responses.
• To create and manage your account, process payments, and manage subscriptions.
• To fulfill the purposes for which you provided the information or that were described when it was collected.
• To provide you with notices about your account, including subscription and billing notifications.
• To carry out our obligations and enforce our rights arising from any contracts with you, including billing and collection.
• To notify you about changes to the Platform or any products or services we offer.
• To improve the Platform, products or services, marketing, or customer relationships and experiences.
• To process and deliver chat messages through widgets, including generating AI-powered responses using the knowledge base and instructions configured by widget owners.
• To provide analytics and reporting to widget owners about their chat widget performance, including message volumes, response times, and visitor engagement metrics.
• To detect fraud, prevent abuse, and ensure the security and integrity of the Platform.
• To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant communications.
• To comply with applicable laws and regulations.
• For marketing purposes, with your consent, including sending promotional content (you can opt out at any time).
• For any other purpose with your consent.

Your Personal Information is also accessible to our employees or representatives who require it in the performance of their duties. Employees or representatives must maintain the confidentiality of your Personal Information at all times and are required to follow our internal policies on security and the protection of personal information.

HOW WE SHARE YOUR INFORMATION

We will not rent or sell your information to third parties without your consent. We only share your data as specifically provided in this Privacy Policy.

Sharing With Our Service Providers

We may provide your data, including your Personal Information, to third-party service providers who assist us in operating the Platform and delivering our services:

• Supabase: Database hosting, authentication, and backend infrastructure services. Your account data, widget configurations, and chat message history are stored on Supabase's secure servers.
• Stripe: Payment processing for subscriptions and credits. Stripe is PCI-DSS compliant and handles all payment card data directly.
• AI/LLM Providers: Chat messages may be processed by third-party AI language model providers to generate responses. Messages are sent to these providers for processing and are subject to their respective data handling practices.
• Google Analytics: Anonymized usage analytics with IP anonymization enabled.
• Email Service Providers: For transactional and marketing communications.
• Cloud Hosting (Vercel): Application hosting and content delivery services.

Sharing With Widget Owners

When end users interact with a chat widget, the messages, analytics data, and interaction details are made available to the ChatWidgetPro customer who owns and operates that widget. Each widget owner is responsible for their own handling of end-user data in accordance with their own privacy policies and applicable laws.

Other Disclosures

In addition to any disclosure you may have consented to or permitted under the terms of this Privacy Policy, we may transfer your data, including Personal Information, to third parties in the following limited circumstances:

• Information you expressly consent to be shared.
• When relating to anonymized information (individuals cannot be identified by it).
• To satisfy any applicable law, regulation, legal process or enforceable governmental request within or outside your country of residence when we have a good faith belief that the law requires it.
• To enforce this Privacy Policy, the Terms of Service, or an agreement, including investigation of potential violations thereof.
• To detect, prevent, or otherwise address fraud, security or technical issues, or protect our operations or you.
• To protect our rights, property or safety as well as yours, the public, or others.
• In connection with an acquisition, merger, change in control, debt financing, reorganization, sale of assets, bankruptcy or other change of our corporate structure or status.
• As necessary in connection with the performance of requested services or solutions, or as otherwise appropriate in connection with a legitimate need.

HOW WE STORE AND SECURE YOUR INFORMATION

Information Security

We are committed to protecting the confidentiality, integrity, availability, and privacy of your Personal Information. We have implemented appropriate physical, technological, and procedural security measures designed to help prevent your Personal Information from being lost, used, modified, or accessed in an unauthorized way, or improperly disclosed.

Our security measures include:

• Encryption of data in transit using TLS/SSL protocols.
• Encryption of data at rest on our database servers.
• Secure password hashing using bcrypt algorithm.
• Infrastructure hosted on Supabase with enterprise-grade security.
• Restricted access controls and authentication requirements.
• Regular security audits and vulnerability assessments.
• Regular backups and disaster recovery procedures.
• Widget embedding via isolated iframes to ensure separation from host website data.
• Row-Level Security (RLS) on database tables to ensure data isolation between customers.

We also limit access to your Personal Information to those employees, agents, contractors, and other third parties who have a legitimate business reason for accessing your Personal Information. They are required to process your Personal Information only on our instructions and are subject to an obligation of confidentiality. Our service providers are required to maintain adequate security protections and are not permitted to use your Personal Information for any purpose other than fulfilling services to us.

Information Retention

We will retain your Personal Information for as long as reasonably necessary to fulfill the purposes we collected it for, including:

• To provide the products and services that you have requested.
• To communicate with you about a purchase or request you have made to us.
• To manage your choices and rights you have exercised pursuant to this Privacy Policy.
• To enable you to maintain an account with us.
• To comply with our legal and regulatory obligations and to demonstrate compliance.
• To resolve disputes and to enforce our rights and agreements.

After account deletion, we retain certain data for 30 days for recovery purposes, then permanently delete all personal information, except as required by law for tax, legal, or audit purposes (up to 7 years). Chat message history may be retained in accordance with the widget owner's configured retention settings.

We may retain non-personal information that has been sufficiently aggregated or anonymized for a longer period.

International Data Transfers

As a Canadian company, we process data in Canada and the United States. By providing us with Personal Information, you understand that it may be communicated to or stored outside your country of residence by us or one of our service providers or partners.

If you are located in the European Economic Area (EEA), your data may be transferred to countries outside the EEA. We ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission, to protect your data during international transfers.

THIRD-PARTY WEBSITES AND SERVICES

The Platform may contain links to other websites and services. They are provided for reference purposes only and may have practices and policies of confidentiality that are different from ours. We are not responsible for, and this Privacy Policy does not address, the privacy practices of these other third parties.

ChatWidgetPro widgets are embedded on third-party websites operated by our customers. While we are responsible for the data collected through our widgets, each website on which a widget is embedded has its own privacy policy that governs data collection on that website. We encourage you to review the privacy policy of each website you visit.

Our customers may integrate their widgets with third-party services such as n8n workflows, custom backend APIs, or other automation tools. Data shared through these integrations is governed by the respective third party's privacy policies and the widget owner's own data handling practices. We do not control how widget owners or their integration partners use the data collected through their widgets.

The Platform may include links to third-party websites, plug-ins, services, social networks, or applications. Clicking on those links or enabling those connections may allow the third party to collect or share data about you. If you follow a link to a third-party website or engage a third-party plugin, please note that these third parties have their own privacy policies and we do not accept any responsibility or liability for these policies.

ACCESSING AND CORRECTING YOUR PERSONAL INFORMATION

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes. By law you have the right to request access to and to correct the personal information that we hold about you.

You can review and change your personal information by logging into the Platform and visiting your Account Settings page. From there, you can update your profile information, manage your subscription, and configure your privacy preferences.

Under PIPEDA and GDPR, you have the following rights regarding your personal data:

• Access: Request a copy of your personal data.
• Correction: Update or correct inaccurate information.
• Deletion: Request deletion of your personal data ("right to be forgotten").
• Portability: Receive your data in a machine-readable format.
• Objection: Object to processing of your data for certain purposes.
• Restriction: Request limitation of processing in certain circumstances.

If you want to review, verify, or correct the use of your personal information, you may also contact us in accordance with the "How to Contact Us" section below.

We may request specific information from you to help us confirm your identity and your right to access, and to provide you with the personal information that we hold about you or make your requested changes. Applicable law may allow or require us to refuse to provide you with access to some or all of the personal information that we hold about you, or we may have destroyed, erased, or made your personal information anonymous in accordance with our record retention obligations and practices. If we cannot provide you with access to your personal information, we will inform you of the reasons why, subject to any legal or regulatory restrictions.

WITHDRAWING YOUR CONSENT

Where you have provided your consent to the collection, use, and transfer of your personal information, you may have the legal right to withdraw your consent under certain circumstances. To withdraw your consent, if applicable, contact us in accordance with the "How to Contact Us" section below.

Please note that if you withdraw your consent, we may not be able to provide you with a particular product or service. We will explain the impact to you at the time to help you with your decision.

For end users interacting with chat widgets: you may cease using the widget at any time. If you wish to request deletion of chat messages you have sent through a widget, please contact the website operator (the widget owner) or reach out to us directly.

We also provide an opportunity for any user to unsubscribe from our marketing email communications or opt out of contact for marketing or informational purposes on an ongoing basis using the unsubscribe mechanism at the bottom of our emails.

HANDLING OF COMPLAINTS

Reception

Any person wishing to make a complaint concerning the application of this Privacy Policy or, more generally, the protection of his or her Personal Information, must do so by writing to the Privacy Officer at the email address indicated below. The individual must provide his or her name, contact information, including a telephone number, as well as the subject of the complaint and the reasons for it, giving sufficient details to allow the complaint to be evaluated. If the complaint is not specific enough, the Privacy Officer may request any additional information deemed necessary to assess the complaint.

Treatment

We undertake to treat all complaints received confidentially.

Within 30 days of receipt of the complaint, or of receipt of any additional information deemed necessary and required by the Privacy Officer in order to process the complaint, the Privacy Officer shall assess the complaint and provide a reasoned written response by email to the complainant. The purpose of this assessment will be to determine whether the processing of personal information complies with this Privacy Policy, any other policies and practices in place within the organization, and applicable legislation or regulations.

If the complaint cannot be processed within this timeframe, the complainant must be informed of the reasons for the extension, the status of the complaint, and the reasonable time required to provide a definitive response.

You may also file a complaint with the relevant privacy oversight body:

• Canada: Office of the Privacy Commissioner of Canada (www.priv.gc.ca)
• Quebec: Commission d'acces a l'information du Quebec
• EU/EEA: Your local data protection authority

However, we invite anyone interested to first contact the Privacy Officer and wait until the processing is complete.

HOW TO CONTACT US

We welcome your questions, comments, complaints, and requests regarding this Privacy Policy and our privacy practices. Please contact us at: