Privacy Policy

Collected data is used for the following purposes:

• Generating AI responses to visitor questions in real time.
• Providing the business operator (our customer) with analytics — most-asked questions, language breakdown, session counts, and engagement trends.
• Improving the quality of AI responses across the platform through aggregated, de-identified pattern analysis (cross-bot learning).
• Where the operator has enabled AI training and the widget has displayed a consent banner — using conversation data to improve AI model behaviour. This only applies when both conditions are met simultaneously.

All AI responses are generated by Anthropic's Claude API. Conversation messages are transmitted to Anthropic's servers for processing. Anthropic is a named sub-processor under this policy.

Anthropic's use of data submitted through its API is governed by Anthropic's own privacy policy and API usage policies. We have a Data Processing Agreement (DPA) in place with Anthropic for business use of the API.

By interacting with a chat widget powered by Support Bot Pro, users acknowledge that their messages are processed by the Anthropic Claude API.

Conversations may be used to improve the AI model only when both of the following conditions are met:

• The widget operator has enabled the AI Training setting in their bot configuration.
• The widget has displayed a consent notice banner to the visitor before the conversation begins, and the visitor has actively dismissed it by clicking "I understand — start chatting".

If the consent banner has not been shown, no conversation data will be used for AI training purposes, regardless of the operator's settings. This is enforced at the API level.

Conversation logs are retained for 365 days from the date of the conversation. After this period, conversations are automatically deleted from our servers. Aggregated, de-identified analytics (question counts, topic trends, language distribution) may be retained indefinitely as they contain no conversation-level data.

Website scan cache (used to provide the AI with business context) is retained for up to 24 hours per domain, then automatically purged.

You have the right to request a copy of, or the permanent deletion of, any conversation data associated with your use of a Support Bot Pro widget. To exercise these rights, contact us at:

We will respond to deletion and access requests within 30 days. Because conversation logs do not include names or email addresses by default, requests must include enough context (approximate date, business widget used, and a sample of what was discussed) to locate the relevant records.

The Service is operated from Israel and may serve users located in the European Union. Where EU data protection law (GDPR — Regulation (EU) 2016/679) applies, we rely on the following legal bases for processing:

• Legitimate interests (Article 6(1)(f)) — for processing conversation data to generate AI responses and provide analytics to the operator. Our interest is providing the contracted service; this interest is not overridden by user rights because no sensitive personal data is collected and users can opt out by not using the widget.
• Consent (Article 6(1)(a)) — for any AI training use, obtained through the explicit consent banner described in Section 4.

EU users have the right to access, rectify, erase, restrict, and port their personal data, and to object to processing. To exercise these rights, contact us at supportbotsaas@gmail.com.

Israel has been recognised by the European Commission as providing an adequate level of data protection for personal data transfers from the EU.

Users located in Israel are covered under the Privacy Protection Law 5741–1981 and its regulations, including the Privacy Protection Regulations (Data Security) 5777–2017.

We maintain appropriate technical and organisational security measures as required under these regulations. The database of conversation logs constitutes a "database" under the law and is operated in compliance with its requirements.

Israeli users may exercise rights of access and correction under the law by contacting us at supportbotsaas@gmail.com.

Conversation data is stored on Vercel's infrastructure. Access to raw conversation logs is restricted to the platform administrator account. Data in transit is protected by TLS. We do not sell, rent, or share conversation data with third parties other than Anthropic (sub-processor) and Vercel (infrastructure provider).

Support Bot Pro does not use advertising cookies or third-party tracking pixels. The chat widget does not set any cookies. Anonymous session analytics (widget open/close events) are collected via a first-party API endpoint and do not involve any third-party analytics service.

To improve response quality over time, the Service may analyse anonymised conversation Q&A pairs and automated test results using the Anthropic Claude API. This process generates candidate style-rule updates; a rule is only applied automatically when its confidence score reaches 0.85 or higher as assessed by the model.

No personally identifiable information is retained during this analysis. All conversation data used for improvement purposes is anonymised before being passed to the Anthropic API, and raw conversation files are subject to the retention limits described in Section 5.

A log of every improvement run — including which rules were applied or rejected and the confidence scores — is stored in data/improvement-log.json and is accessible to the platform administrator.

The Service runs an automated quality test suite before each production deployment. Tests include static file analysis (navigation, legal compliance, API security) and live bot-response evaluations that call the Anthropic API with sample questions.

Test results are recorded in data/test-scores.json with a timestamp, per-category scores, and a list of failed test IDs. No end-user data is used in quality tests; all evaluation prompts are synthetic and authored by IaHaI.

We use the following third-party sub-processors to deliver the Service. Each sub-processor is bound by a data processing agreement or equivalent contractual protections.

• Anthropic, PBC — AI language model inference (conversation responses and quality improvement analysis). Data is processed under Anthropic's usage policies and data processing addendum.
• LemonSqueezy (Lemon Squeezy Inc.) — payment processing and subscription management. Payment method data (card numbers, billing address) is processed and stored exclusively by LemonSqueezy; IaHaI does not receive, store, or have access to your payment method details. Billing data (invoices, subscription status) is held by LemonSqueezy and subject to their privacy policy.
• Vercel Inc. — cloud infrastructure, hosting, and serverless compute. All Service data at rest resides on Vercel's infrastructure and is subject to their data processing addendum.

If we add, replace, or remove a sub-processor we will update this section and the "Last updated" date.

The Bot Teaching feature allows business owners to correct bot answers by submitting a preferred response. This data is handled as follows:

• Per-bot store — corrections are saved to the business owner's individual teaching file and are used to improve responses for that bot only. This data is accessible only to the account owner and the platform administrator.
• Global (anonymised) teaching store — corrections are also contributed anonymously to a cross-bot teaching store. The original question pattern and corrected answer are stored; no business name, bot ID, or user identity is retained in the global store.
• Usage — global teaching entries with a confidence score of 0.6 or higher are injected as style-reference context into all bots on the platform to improve overall answer quality.
• Deletion — business owners may delete any of their own teaching entries at any time via the Bot Teachings tab in their dashboard. Deletion of a per-bot entry does not retroactively remove anonymised data already contributed to the global store.

Teaching data is not used to train or fine-tune any AI foundation model. It is used solely to steer existing model responses via prompt injection.

We may update this Privacy Policy from time to time. Material changes will be communicated by updating the "Last updated" date above. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy. If you do not agree to the updated policy, you must stop using the Service.

For privacy-related questions, data requests, or to report a concern:

General support: support@iahia.net