Privacy Policy

How We Collect, Use, and Protect Your Information

1. Introduction and Scope

HeyAiBot is product of JDPC Global.

HeyAIBot ("we", "our", or "us") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard information in connection with our chatbot SaaS platform (the "Service") and our website at heyaibot.com.

This policy applies to: (a) visitors to our website; (b) registered users of our platform ("Customers"); and (c) end-users who interact with chatbots powered by our Service. For end-user data collected on behalf of our Customers, we act as a data processor and our Customers are the data controllers.

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: Name, email address, job title, company name, billing address, and payment details provided during registration or account updates.
  • Service Configuration Data: Chatbot scripts, conversation flows, integration tokens, webhook URLs, and custom settings you configure. Data collected while setting up the chatbot is primarily used to enhance functionality of chatbot itself either raw or modified.
  • Communications: Support tickets, email correspondence, chat logs with our support team, and survey responses.

We store user data of each user signed up on heyaibot.com which is not shared with any third party but with AI service provider.

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, session duration, clicks, and actions performed within the dashboard.
  • Device and Technical Data: IP address, browser type and version, operating system, device identifiers, and referring URLs.
  • Log Data: Server logs including timestamps, error reports, and API request metadata.
  • Cookies and Tracking Technologies: See Section 7 for details on our use of cookies.

2.3 Interaction Data (End-User Chatbot Data)

When your end-users interact with chatbots deployed using our platform, we may process:

  • Conversation transcripts and message content
  • Session identifiers and timestamps
  • Custom data fields you configure the bot to collect (subject to your end-users' consent obligations)
  • Behavioral metadata (e.g., conversation duration, drop-off points)

Any data collected by chatbot is also stored but not shared with any third party.

Customers are responsible for ensuring they have appropriate legal bases (e.g., consent, legitimate interest) to collect and process their end-users' data through our Service.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Delivery and Operations

  • To create and manage your account and authenticate your identity
  • To provide, operate, maintain, and troubleshoot the Service
  • To process payments and manage billing
  • To send transactional communications (receipts, invoices, service alerts)

3.2 Service Improvement

  • To analyze usage patterns and improve platform features and performance
  • To improve the accuracy and quality of our AI/ML models, subject to aggregation and anonymization
  • To conduct internal research and development

3.3 Customer Support

  • To respond to your support inquiries and resolve technical issues
  • To proactively identify and fix bugs or performance problems affecting your account

3.4 Security and Compliance

  • To detect, investigate, and prevent fraudulent transactions, abuse, and security threats
  • To comply with applicable legal obligations and enforce our Terms
  • To protect the rights, property, and safety of HeyAIBot, our users, and the public

3.5 Marketing and Communications (with consent)

  • To send newsletters, product updates, and promotional offers where you have opted in
  • To personalize your experience and deliver relevant product recommendations

You may opt out of marketing communications at any time by clicking "Unsubscribe" in any email or updating your notification preferences in the dashboard.

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your information only in the following circumstances:

4.1 Service Providers and Sub-processors

We share data with trusted third-party vendors who assist in delivering the Service, including:

  • Cloud infrastructure and hosting providers (e.g., AWS, Google Cloud)
  • Payment processors (e.g., Stripe)
  • Email and communication platforms
  • Analytics and monitoring services
  • AI/LLM API providers (e.g., OpenAI, Anthropic) for chatbot intelligence

All sub-processors are contractually required to process data only as instructed by us and to implement appropriate security measures. A current list of sub-processors is available upon request.

4.2 Business Transfers

In the event of a merger, acquisition, asset sale, or bankruptcy, your data may be transferred as part of that transaction. We will notify you via email or prominent notice on our Platform before your data is transferred and becomes subject to a different privacy policy.

4.3 Legal Requirements

We may disclose your information if required to do so by law, or in response to valid legal process (such as a court order or subpoena), or to protect the rights, property, or safety of HeyAIBot, our users, or others.

4.4 Aggregated and Anonymized Data

We may share aggregated, de-identified, or anonymized data that cannot reasonably be used to identify you, for research, marketing, analytics, and industry reporting purposes.

5. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this Policy, including for legal, accounting, or reporting requirements.

  • Account Information: Retained for the duration of your account and for 3 years after account closure.
  • Billing Records: Retained for a minimum of 7 years to comply with financial regulations.
  • Conversation/Interaction Data: Retained for 90 days by default; configurable via your dashboard settings.
  • Server Logs: Retained for up to 90 days for security and diagnostic purposes.
  • Anonymized/Aggregated Data: May be retained indefinitely.

6. Data Security

We implement comprehensive technical and organizational security measures to protect your personal data, including:

  • Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
  • Role-based access controls limiting internal access to personal data
  • Regular vulnerability scanning and penetration testing
  • SOC 2 Type II compliance (or equivalent) for our infrastructure
  • Incident response plan and breach notification procedures

Despite our best efforts, no method of transmission over the Internet or electronic storage is 100% secure. We will notify you and relevant authorities of any data breach as required by law.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies (web beacons, pixels, local storage) on our website and platform. These are used for:

  • Essential Cookies: Required for authentication, session management, and security.
  • Functional Cookies: To remember your preferences and settings.
  • Analytics Cookies: To understand how users interact with our platform (e.g., Google Analytics).
  • Marketing Cookies: To deliver relevant advertisements where permitted.

You can manage cookie preferences through your browser settings or our cookie consent banner. Disabling essential cookies may impair Service functionality.

8. International Data Transfers

Our Service is operated from [Primary Country]. If you access the Service from outside this jurisdiction, your information may be transferred to and processed in countries with different data protection standards.

For transfers from the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses (SCCs) or other appropriate safeguards approved by relevant regulators.

9. Your Privacy Rights (General)

Regardless of your location, you have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data (subject to legal retention obligations)
  • Portability: Receive your data in a structured, commonly used format
  • Objection: Object to certain types of processing, including direct marketing

To exercise any of these rights, please contact us at info@jdpcglobal.com. We will respond within 30 days.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and, where required, by sending an email notification. The "Last Updated" date at the top of this page indicates when the policy was last revised.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact our Privacy Team:

  • Company: HeyAIBot (A JDPC Global Product)
  • Email: contact@heyaibot.com