chatsuno
Start free

Legal

Privacy policy

Last updated: May 2026

This privacy policy explains how Chatsuno ("we", "us") collects, uses, and protects personal data when you use our website, dashboard, and chatbot widget. We are the data controller for personal data we collect about you as a Chatsuno customer, and a data processor for personal data your visitors share with chatbots you operate.

1. Data we collect

From customers

  • Account data: name, email, organisation name, password hash.
  • Billing data: company name, billing address, VAT ID, last 4 digits of payment method (full payment details are processed by Paddle).
  • Usage data: pages visited, feature interactions, error logs.

From chatbot visitors (on behalf of customers)

  • Chat transcripts and timestamps.
  • Email address and other lead-form fields the customer has configured.
  • Approximate location derived from IP, user agent, and referrer.

2. How we use it

  • To provide and improve the service.
  • To bill you and prevent fraud.
  • To send transactional and product emails (you can opt out of non-essential emails).
  • To respond to your support requests.

We do not use your data — or your visitors' data — to train AI foundation models. Conversations are only sent to LLM providers for the sole purpose of generating a reply for your visitor.

3. Legal basis (GDPR)

  • Performance of contract: delivering the service you signed up for.
  • Legitimate interest: security, fraud prevention, product analytics.
  • Consent: optional cookies and marketing emails.
  • Legal obligation: tax records and lawful disclosure requests.

4. Where data lives

All customer data, chat transcripts, and embeddings are stored on EU servers. We do not transfer customer data outside the European Economic Area, except where strictly required to deliver an LLM-generated reply through an approved sub-processor. See the DPA for details.

5. Sub-processors

We use a small number of vendors to deliver the service: payment processor, transactional email, error monitoring, and the LLM provider that generates chatbot replies. The current list and their roles are published in our Data Processing Agreement.

6. Retention

  • Account data: retained while your account is active and 30 days after closure.
  • Conversations and leads: retained per the retention setting you choose, up to 24 months by default.
  • Billing records: retained for the period required by law (typically 7–10 years).

7. Your rights

Under GDPR, you have the right to access, rectify, erase, restrict, port, and object to the processing of your personal data. Most of these can be actioned directly from the dashboard. For others, email privacy@chatsuno.com. You also have the right to lodge a complaint with your local data protection authority.

8. Cookies

We use a small set of essential and analytics cookies. See our cookie policy for the full list and opt-out controls.

9. Changes

Material changes to this policy are announced by email at least 14 days before they take effect.

10. Contact

Email privacy@chatsuno.com with any privacy questions or to exercise your rights.

Privacy policy — Chatsuno