Privacy Policy

Last updated: 2026

1. Information We Collect

When you create an account, we collect:

  • Full name - to identify your account
  • Email address - for login and communication
  • Password - stored in hashed form (not readable by us)
  • IP address - for security and rate limiting

When you create a chatbot, we collect:

  • The knowledge content you upload (documents, text, FAQs)
  • Your chatbot configuration (name, colors, settings)
  • Your website URL (if provided)

When visitors interact with your chatbot, we collect:

  • The messages sent by visitors
  • The chatbot's responses
  • The visitor's IP address and browser info (for security)
  • Daily interaction counts for your usage dashboard

2. How We Use Your Information

We use your information to:

  • Create and manage your account
  • Power your chatbot with the knowledge you provide
  • Track your usage against your plan limits
  • Display usage statistics on your dashboard
  • Send verification codes and password reset codes to your email
  • Process payments through Stripe
  • Prevent abuse and secure our platform

3. Data Storage

Your data is stored in Supabase, a secure cloud database. Your password is hashed using bcrypt and cannot be read by anyone, including us. Knowledge content you upload is stored to power your chatbot.

4. Third-Party Services We Use

To provide our service, we use the following third-party services:

  • Google Gemini API- Your knowledge content and visitor questions are sent to Google's Gemini AI to generate chatbot responses. Only relevant portions of your knowledge are sent, not the entire document.
  • Stripe - Payment processing. Your payment information is handled entirely by Stripe and is never stored on our servers.
  • Resend - Email delivery for verification codes and password resets.
  • Supabase - Database hosting for all your data.

Each of these services has its own privacy policy.

5. Cookies

We use one essential cookie:

  • mychatbot_session - This keeps you logged in. It contains an encrypted token with your user ID and email. It expires after 7 days.

We do not use tracking cookies, advertising cookies, or any third-party cookies.

6. Visitor Data from Your Chatbot

When a visitor interacts with your chatbot on your website, we store their messages, the chatbot's responses, and their IP address. This data is used for:

  • Generating chatbot responses
  • Counting daily interactions for your usage dashboard
  • Security and rate limiting

You are responsible for informing your website visitors about data collection through your own privacy policy.

7. Data Retention

We retain your data as long as your account is active. If you delete your account or a chatbot, the associated data is permanently deleted. Visitor conversation data is retained for as long as the chatbot exists.

8. Security

We implement security measures including:

  • Password hashing with bcrypt
  • Rate limiting on authentication endpoints
  • IP-based restrictions on account creation
  • Email verification required before account use
  • Secure session management with encrypted tokens

9. Children's Privacy

Our service is not intended for children under 13. We do not knowingly collect data from children.

10. Changes to This Policy

We may update this privacy policy. We will notify you of significant changes by email.

11. Contact

For privacy-related questions, contact us at support@pocketreply.tech