1. Introduction
SellyChat ("we", "our", "us") provides an AI-powered chat and voice assistant platform as a service. This Privacy Policy describes how we collect, use, store, and protect personal data when you use our platform as a tenant administrator, or when end-users interact with AI assistants deployed through our platform.
2. Data Controller & Processor Roles
Tenant administrators (businesses using SellyChat) are the data controllers for their end-users' personal data. SellyChat acts as the data processor on behalf of these data controllers.
Regarding tenant administrator accounts, SellyChat is the data controller responsible for processing registration data, authentication credentials, and billing information.
3. Data We Collect
3.1 Tenant Administrator Data
- Name and email address (registration)
- Business name and organization details
- Authentication credentials (hashed passwords)
- IP addresses (for audit logging and security)
- Session data (encrypted, for authentication)
3.2 End-User Conversational Data
- Chat messages and transcripts
- Phone numbers or WhatsApp identifiers (channel-dependent)
- Voice session transcripts (when applicable)
- Data collected through workflow automation (e.g., booking details, form submissions)
3.3 Knowledge Base Content
- Documents uploaded by tenant administrators for AI training
- URLs crawled for knowledge base purposes
- Text embeddings generated from uploaded content
4. How We Use Data
- To provide and maintain the AI assistant service
- To process conversations and generate AI responses
- To authenticate users and secure the platform
- To enforce subscription plan limits
- To respond to data subject requests (export, erasure)
- To send service-related notifications
We do not sell, share, or mine your data for advertising or any purpose beyond operating SellyChat. Your conversations and customer data are never used to train, fine-tune, or improve any AI models.
5. Data Retention
We retain data according to tenant-configured retention policies. Tenants can configure automatic purging of:
- Conversation data (default: no automatic purging unless configured)
- Audit logs
- Workflow AI sessions
- Knowledge base documents and embeddings
When a tenant deletes their account, all data is permanently erased after a 30-day grace period.
6. Data Subject Rights (GDPR)
Under the General Data Protection Regulation (GDPR), data subjects have the right to:
- Access: Request a copy of personal data (tenant admins can use the Subject Data Export tool)
- Erasure: Request deletion of personal data (tenant admins can use the Subject Data Erasure tool)
- Portability: Receive personal data in a structured, machine-readable format (JSON export)
- Rectification: Request correction of inaccurate data
- Restriction: Request restriction of processing
- Objection: Object to processing based on legitimate interests
Tenant administrators can exercise these rights through the Settings → Privacy panel, or by contacting their configured privacy contact email.
7. Data Security
- All credentials and secrets are encrypted at rest
- Session data is encrypted
- Tenant data is isolated through strict tenant-scoping at the database level
- UUIDs are used for all record identifiers to prevent enumeration attacks
- Privacy subject identifiers are stored as SHA-256 hashes
- Audit trails track sensitive actions with IP addresses
8. Sub-Processors
We use the following sub-processors. For a complete list, see our Sub-Processor List.
9. Cookies
We use only essential cookies required for authentication, CSRF protection, and session management. We do not use tracking cookies, advertising cookies, or analytics cookies.
10. International Data Transfers
Data may be processed by sub-processors in regions outside the European Economic Area (EEA). We ensure appropriate safeguards are in place, including Standard Contractual Clauses where applicable.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or in-app notification.
12. Contact
For privacy-related inquiries, data subject requests, or to exercise your rights, please contact:
Email: support@sellychat.com