Privacy Policy

Your data, plainly explained.

BizBot is a tool service businesses use to talk to their customers. This policy explains what we collect, how we use it, who we share it with, and the rights you have over it.

Last updated: May 4, 2026 · Effective: May 4, 2026

1. Our role

BizBot operates two kinds of relationships with personal data, and the distinction matters:

  • For information about BizBot account holders — owners and staff who sign up, log in, and configure their workspace — we are the data controller. This policy governs how we handle that data.
  • For information about the end customers of those businesses — the people who text, message, or chat with a business that uses BizBot — we are the data processor. The business is the controller. We process that data on the business's instructions, and the business's own privacy policy governs it.

If you are an end customer asking a question about your data, please contact the business you interacted with directly. We will support them in responding to you.

2. What we collect

From account holders

  • Account info: name, email, password hash, business name, industry, time zone, and (optionally) phone number.
  • Workspace configuration: services, staff, business hours, FAQs, brand voice, and integration credentials.
  • Billing info: plan tier, invoice history. Payment card details are handled by our payment processor — we never see or store full card numbers.
  • Usage data: pages visited, features used, login times, IP address, browser, and device. Used to operate, secure, and improve the product.

From end customers (processed on behalf of the business)

  • Conversation data: the contents of SMS, WhatsApp, and web-chat messages, plus phone numbers and any name the customer provides.
  • Bookings & CRM: appointment history, services booked, staff preferences, notes, and tags the business adds.
  • Operational metadata: message timestamps, delivery receipts, and channel identifiers.

Automatically

  • Cookies and similar technologies — see Cookies.
  • Server logs for security, abuse prevention, and uptime monitoring.

3. How we use it

We use personal data to:

  • Provide the booking, messaging, calendar, review, and Google Business Profile features you've signed up for.
  • Authenticate users and protect accounts from unauthorized access.
  • Generate AI replies on behalf of the business — sending only the necessary context to our LLM provider, with no training on your data.
  • Send transactional emails (confirmations, reminders, password resets, billing receipts).
  • Diagnose bugs, monitor reliability, and prevent fraud or abuse.
  • Comply with legal obligations and respond to lawful requests.

We do not sell personal data, and we do not use end-customer conversation content to train AI models.

4. Sharing & subprocessors

BizBot uses a small set of vetted vendors to deliver the service. Each is bound by a written data-processing agreement and limited to the data they need.

  • Supabase — primary database and authentication (US region).
  • Hetzner — application hosting (EU region).
  • Twilio & Telnyx — SMS delivery.
  • Meta Platforms — WhatsApp Business message delivery.
  • Google — Calendar API, Business Profile API (only with your explicit OAuth consent).
  • Resend — transactional email delivery.
  • Groq (via OpenClaw gateway) — large-language-model inference for AI replies. No customer data is retained or used for training.
  • Stripe — payment processing (when self-serve billing is enabled).

We may also share data when required by law, when necessary to protect rights and safety, or in connection with a merger, acquisition, or sale of assets — in which case we will provide notice before any personal data becomes subject to a different privacy policy.

5. Cookies

The marketing site at businessbot.us uses only first-party cookies and localStorage — for example, to remember your color-theme preference. We do not load third-party advertising or tracking pixels here.

The dashboard at app.businessbot.us uses cookies that are strictly necessary to keep you logged in, plus first-party analytics for product usage. You can clear cookies in your browser at any time; doing so will sign you out.

6. Retention

  • Account data is retained for as long as your workspace is active.
  • Conversation and booking data is retained for the lifetime of the workspace, plus 30 days after cancellation, after which it is permanently deleted unless legal obligations require a longer hold.
  • Backups are retained for up to 30 days and then rotated out.
  • Server logs are retained for up to 90 days.
  • Billing records are retained for 7 years to satisfy tax and accounting obligations.

You can request earlier deletion at any time — see Your rights.

7. Your rights

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your data ("right to be forgotten").
  • Export your data in a portable format.
  • Object to or restrict certain processing.
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with your local data-protection authority.

To exercise any of these rights, email privacy@businessbot.us from the address associated with your account. If you are an end customer of a business that uses BizBot, contact that business — we will assist them in fulfilling your request.

8. Security

We protect data with TLS in transit, encrypted storage at rest, role-scoped database access (Supabase Row-Level Security), least-privilege internal access, and continuous logging and monitoring. Full details are on the Security page.

9. International data transfers

BizBot processes data in the United States and the European Union. When personal data moves between these regions or to a vendor in another country, we rely on appropriate safeguards — including the EU Standard Contractual Clauses — to protect it.

10. Children

BizBot is not directed to children under 16, and we do not knowingly collect personal data from them. If you believe we have, contact privacy@businessbot.us and we will delete it promptly.

11. Changes to this policy

We may update this policy as the product evolves. When we make material changes, we will notify account holders by email and post a notice in the dashboard at least 14 days before they take effect. The "Last updated" date at the top of this page always reflects the current version.

12. Contact

Privacy questions, data requests, or anything else covered by this policy:

Email: privacy@businessbot.us
Mail: BizBot, Attn: Privacy, Wilmington, DE, USA