Privacy Policy

Last Updated: March 20, 2026
Effective Date: March 20, 2026

CathyBot ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered customer support service (the "Service").

Your Privacy Rights: Depending on your location, you have specific rights regarding your personal data under GDPR (European Union), CCPA (California), and other privacy laws. See the "Your Privacy Rights" section below for details.

1. Information We Collect

1.1 Information You Provide to Us

  • Account Information: Name, email address, company name, and password when you create an account
  • Payment Information: Billing details and payment card information (processed securely through third-party payment processors)
  • Profile Information: Chatbot customization settings, branding preferences, and configuration choices
  • Communications: Messages you send to our support team or through contact forms

1.2 Information from Google Drive Integration

  • Document Content: When you connect your Google Drive, we access and process the content of documents you authorize for the chatbot to learn from
  • File Metadata: File names, folder structure, modification dates, and permissions
  • Google Account Information: Email address and basic profile information from your Google account

1.3 End-User Chat Data

  • Chat Conversations: Messages exchanged between your website visitors and the CathyBot widget
  • Usage Metadata: Timestamps, conversation length, satisfaction ratings, and interaction patterns
  • Technical Information: IP addresses, browser type, device information, and referring URLs of chat participants

1.4 Automatically Collected Information

  • Usage Data: How you interact with the Service, features used, pages viewed, and time spent
  • Device Information: Device type, operating system, browser type and version, unique device identifiers
  • Log Data: IP address, access times, pages requested, referring/exit pages
  • Cookies and Tracking Technologies: See Section 8 for details

2. How We Use Your Information

2.1 To Provide and Improve the Service

  • Process and respond to chat conversations using AI
  • Train and improve our AI models to provide more accurate responses
  • Sync and process your Google Drive documents to build your chatbot's knowledge base
  • Generate analytics and insights about chatbot performance
  • Customize the chatbot experience based on your preferences

2.2 Account Management and Customer Support

  • Create and manage your account
  • Process payments and send billing notifications
  • Respond to your inquiries and provide customer support
  • Send important service updates and technical notices

2.3 Security and Legal Compliance

  • Detect, prevent, and address fraud, security issues, and technical problems
  • Enforce our Terms of Service and protect our legal rights
  • Comply with legal obligations and regulatory requirements

2.4 Marketing and Communications (With Your Consent)

  • Send promotional materials, product updates, and newsletters (you can opt out anytime)
  • Conduct surveys and request feedback

3. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA), UK, or Switzerland, we process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide the Service you've requested
  • Consent: Where you have given explicit consent (e.g., marketing communications)
  • Legitimate Interests: For analytics, security, fraud prevention, and service improvements, where not overridden by your rights
  • Legal Obligation: To comply with laws and regulations

4. How We Share Your Information

We do not sell your personal information. We share information only in the following circumstances:

4.1 Service Providers

  • Google LLC: For Google Drive API integration and authentication
  • Cloud Hosting Providers: To host and maintain our infrastructure
  • Payment Processors: To process billing and payments securely
  • AI/ML Infrastructure: Third-party AI services that power our chatbot (with appropriate data protection agreements)
  • Analytics Providers: For usage analytics and service improvement

4.2 Legal Requirements

We may disclose information if required by law, court order, subpoena, or to protect our rights, property, or safety, or that of others.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the successor entity.

4.4 With Your Consent

We may share information with third parties when you explicitly consent to such sharing.

5. Data Retention

We retain your personal information for as long as necessary to:

  • Provide the Service to you
  • Comply with legal obligations (e.g., tax, accounting, or regulatory requirements)
  • Resolve disputes and enforce our agreements

Specific retention periods:

  • Account Data: Retained while your account is active and for 90 days after deletion
  • Chat Conversations: Retained for 24 months or as configured in your settings
  • Google Drive Content: Processed in real-time; cached copies deleted within 30 days of disconnection
  • Payment Records: Retained for 7 years for tax and accounting purposes
  • Analytics Data: Aggregated and anonymized data may be retained indefinitely

6. Your Privacy Rights

6.1 GDPR Rights (EEA, UK, Switzerland)

If you are located in the EEA, UK, or Switzerland, you have the following rights:

  • Right to Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data
  • Right to Restriction: Request that we limit how we use your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests or for direct marketing
  • Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

6.2 CCPA Rights (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request disclosure of personal information we collect, use, and disclose
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt out of the "sale" of personal information (Note: we do not sell personal information)
  • Right to Non-Discrimination: You will not receive discriminatory treatment for exercising your privacy rights

California "Shine the Light" Law: California residents can request information about personal information shared with third parties for their direct marketing purposes.

6.3 How to Exercise Your Rights

To exercise any of these rights, please:

We will respond to verified requests within 30 days (GDPR) or 45 days (CCPA). We may request additional information to verify your identity.

7. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: Data encrypted in transit (TLS 1.2+) and at rest (AES-256)
  • Access Controls: Role-based access controls and multi-factor authentication for our systems
  • Regular Audits: SOC 2 Type II compliance and regular security assessments
  • Secure Infrastructure: Data hosted in secure, certified data centers
  • Incident Response: Documented procedures for security breach response and notification

However, no method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience:

8.1 Types of Cookies We Use

  • Essential Cookies: Necessary for the Service to function (authentication, security)
  • Functional Cookies: Remember your preferences and settings
  • Analytics Cookies: Help us understand how you use the Service (Google Analytics)
  • Marketing Cookies: Track conversions and measure advertising effectiveness (with your consent)

8.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may affect Service functionality. Learn more at allaboutcookies.org.

8.3 Do Not Track

We currently do not respond to Do Not Track (DNT) browser signals, as there is no industry consensus on how to interpret DNT.

9. International Data Transfers

CathyBot operates globally. Your information may be transferred to and processed in countries outside your jurisdiction, including the United States.

For EEA/UK users: We use Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate data protection when transferring data internationally.

10. Third-Party Services

Our Service integrates with third-party services:

  • Google Drive: Subject to Google's Privacy Policy
  • Payment Processors: Stripe, PayPal (subject to their respective privacy policies)

We are not responsible for the privacy practices of third-party services. We encourage you to review their privacy policies.

11. Children's Privacy

CathyBot is not intended for children under 16. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us immediately at privacy@cathybot.com.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on this page
  • Updating the "Last Updated" date
  • Sending an email notification to your registered email address
  • Displaying a prominent notice on the Service

Continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

13. Data Protection Officer

For questions about data protection or to exercise your privacy rights, contact our Data Protection Officer:

Email: dpo@cathybot.com
Address: CathyBot Data Protection Officer
[Your Company Address]
[City, State, ZIP]

14. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or our privacy practices:

Email: privacy@cathybot.com
Support: cathybot.com/contact
Mail: CathyBot Privacy Team
[Your Company Address]
[City, State, ZIP]

State-Specific Privacy Rights

California Residents (CCPA/CPRA)

California residents have additional rights under the California Privacy Rights Act (CPRA). See Section 6.2 above.

Nevada Residents

Nevada residents may opt out of the sale of personal information. We do not sell personal information as defined by Nevada law.

Virginia, Colorado, Connecticut, and Utah Residents

Residents of these states have rights similar to GDPR, including access, deletion, correction, and portability rights. Contact us at privacy@cathybot.com to exercise these rights.