Privacy Policy

1. Who we are

ChatForger operates the chatforger.com website and white-label AI chatbot platform. For privacy questions or data requests, contact us at support@chatforger.com or use our contact form.

2. Data we collect

We collect the following categories of personal data:

• Account data: name, email address, and agency name when you sign up
• Bot configuration: settings, branding, and knowledge base content you provide
• Uploaded documents: PDFs, URLs, and text used to train bots
• Conversation data: chat messages and session data from widget interactions
• Lead data: visitor name, email, and phone captured by your bots
• Billing data: payment information processed and stored by Stripe (we do not store card numbers)
• Usage data: message counts, login timestamps, and feature usage for service operation

3. Legal basis for processing (GDPR)

For users in the EU/EEA, we process your personal data on the following legal bases:

• Contract: processing necessary to provide the Service you signed up for
• Legitimate interests: security monitoring, fraud prevention, and service improvement
• Legal obligation: compliance with applicable laws and regulations
• Consent: where we have obtained your explicit consent (e.g., marketing communications)

4. How we use your data

We use your data to: provide and improve the Service; process payments; send transactional emails (trial expiry reminders, payment receipts, handover alerts); detect and prevent fraud; comply with legal obligations; and communicate service updates. We do not sell your personal data to third parties. We do not use your data for advertising.

5. Third-party processors

We share data with the following service providers who process it on our behalf. Each is bound by a Data Processing Agreement and may only use your data to provide their specific service:

• Supabase — database hosting and user authentication (Privacy Policy)
• Anthropic — AI chat completions via the Claude API (Privacy Policy)
• Voyage AI — text embedding for knowledge base search (Privacy Policy)
• Stripe — payment processing (Privacy Policy)
• Resend — transactional email delivery (Privacy Policy)
• Vercel — application hosting and edge infrastructure (Privacy Policy)

These providers may process data outside the EU/EEA. Where they do, we rely on Standard Contractual Clauses or other approved transfer mechanisms.

6. Data retention

• Chat messages: retained for 90 days, then automatically deleted
• Lead data: retained until you delete it or close your account
• Account data: retained for the duration of your account plus 30 days after deletion, unless a longer retention period is required by law
• Billing records: retained for 7 years for tax and legal compliance

7. Agency responsibility (data controller / processor)

When you use ChatForger to deploy chatbots for your clients, you act as the data controller for your clients' website visitor data. ChatForger acts as a data processor on your behalf. As the controller, you are responsible for: (a) having a lawful basis for collecting visitor data; (b) informing visitors that a chatbot is active and may collect their name, email, or other information; and (c) handling data subject requests from visitors. Agencies operating under GDPR should contact us at support@chatforger.com to request a Data Processing Agreement (DPA).

8. Your rights (GDPR — EU/EEA users)

If you are in the EU or EEA, you have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you
• Rectification: correct inaccurate or incomplete data
• Erasure: request deletion of your data (subject to legal retention requirements)
• Data portability: receive your data in a structured, machine-readable format
• Restriction: request that we limit how we process your data in certain circumstances
• Objection: object to processing based on legitimate interests
• Withdraw consent: where processing is based on consent, withdraw it at any time

To exercise any of these rights, email support@chatforger.com or delete your account directly from the Settings page. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection authority (e.g., the ICO in the UK, CNIL in France, or the DPC in Ireland).

9. Your rights (CCPA — California residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) gives you the following rights:

• Right to know: request disclosure of what personal information we collect, use, disclose, and sell
• Right to delete: request deletion of your personal information
• Right to opt out of sale: we do not sell your personal information, so this right does not apply
• Right to non-discrimination: we will not discriminate against you for exercising your CCPA rights

To submit a request, email support@chatforger.com with "CCPA Request" in the subject line.

10. Cookies

We use session cookies strictly necessary for authentication. We do not use advertising or tracking cookies. The embeddable widget uses localStorage (not cookies) to persist chat sessions on visitor devices. We do not use any third-party analytics cookies on our marketing pages.

11. Data breach notification

In the event of a personal data breach, we will notify affected users and relevant supervisory authorities as required by applicable law. For GDPR purposes, we will notify the relevant supervisory authority within 72 hours of becoming aware of a breach that poses a risk to individuals' rights and freedoms, and will notify affected individuals without undue delay where the breach is likely to result in high risk.

12. Security

We use industry-standard security measures including: encrypted connections (TLS/HTTPS) for all data in transit; encrypted storage at rest via Supabase; row-level security policies on all database tables; and server-side authentication with short-lived session tokens. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

13. Children

The Service is intended for users 18 and older. We do not knowingly collect personal data from anyone under 13. If you believe we have inadvertently collected data from a child under 13, please contact us at support@chatforger.com and we will delete it promptly.

14. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a notice in the Service at least 14 days before changes take effect. The "Last updated" date at the top of this page indicates when it was last revised.

15. Contact

Privacy questions: support@chatforger.com. We aim to respond to all inquiries within 5 business days.