Trust & Privacy
How CreoBot handles your data and your customers' data
What we collect
- ✓Account info - your email address and business name, collected at signup.
- ✓Chat messages - stored to power conversation memory and analytics for your bot.
- ✓Uploaded documents - stored in Supabase and used exclusively for your RAG (retrieval-augmented generation) pipeline.
- ✓Usage data - message count, plan tier, and timestamps to enforce plan limits and improve the service.
- ✓Payment info - processed entirely by Stripe. CreoBot never stores or sees your card details.
Why we collect it
- ✓To deliver the chatbot service - your documents and chat history are what power the bot.
- ✓To enforce plan limits - message counts and plan tier determine what features are available.
- ✓To send human handoff alerts - when your bot cannot answer, we email you using your registered address.
- ✓To improve the product - aggregate, anonymized usage data helps us identify what to build next.
How long we keep it
Account dataRetained while your account is active. Deleted within 30 days of cancellation upon request.
Chat historyRetained for 90 days, then purged automatically.
Uploaded documentsRetained until you delete them from your dashboard. Deletion is immediate.
Payment recordsRetained as required by financial regulations (7 years), in line with Stripe's compliance obligations.
Sub-processors
We use the following third-party services to operate CreoBot. Each is contractually bound to process data only as instructed.
| Service | Purpose | Country | Link |
|---|---|---|---|
| Supabase | Database and vector storage | USA | supabase.com |
| Groq | LLM inference (chat responses) | USA | groq.com |
| Railway | Backend hosting | USA | railway.app |
| Vercel | Frontend hosting | USA | vercel.com |
| Stripe | Payment processing | USA | stripe.com |
| Google (Gmail) | Human handoff email alerts | USA | google.com |
Your rights (GDPR Article 13)
✓
Right to access - Request a copy of all personal data we hold about you.
✓
Right to correct - Ask us to fix inaccurate or incomplete data.
✓
Right to delete - Request deletion of your account and all associated data.
✓
Right to portability - Receive your data in a structured, machine-readable format.
✓
Right to withdraw consent - Opt out of any processing based on consent at any time.
To exercise any of these rights, email creobot.alerts@gmail.com. We respond within 30 days.
Cookies
We use only functional cookies required for authentication - specifically the Supabase session cookie that keeps you logged in.
- ✓No advertising cookies.
- ✓No third-party tracking pixels.
- ✓No analytics cookies shared with external ad networks.
Data Processing Agreement
For business customers who require a formal DPA under GDPR Article 28, we are happy to provide one.
Email creobot.alerts@gmail.com with the subject line DPA Request. We will provide a signed DPA within 5 business days.