Bot On Site

Privacy Policy

Effective date: September 19, 2025

Company: AI Web Consulting Group LLC d/b/a Bot On Site ("Company," "we," "us,\" or "our")

Contact: support@botonsite.com | Address: 17570 Drummond Dr, Tinley Park, 60487

This Privacy Policy explains how we collect, use, disclose, and protect personal information when you visit our websites, use the Bot On Site Service, or interact with widgets powered by Bot On Site.

We act as a controller for our own website visitors and account users, and as a processor/service provider for our customers with respect to personal data collected through their deployed widgets and configurations. If you are a lead or end user interacting with a customer's widget, please contact that business for questions about your data.

1) Information We Collect

Account & Profile Data:

name, email, phone, company, role, billing details.

Tenant & Domain Settings:

domains you authorize, scraping/ingestion toggles, Marketplace opt-in, ToS acceptance, timestamps, version.

Content & Transcripts:

the data we ingest from authorized domains and the conversations/inputs processed by the AI widget; lead details you collect (name, email, phone, intent, summary), and related metadata.

Usage & Device Data:

IP address, device/browser type, pages viewed, actions in app, widget performance metrics, timestamps, approximate location (derived from IP), cookies or similar technologies.

Support & Communications:

messages and attachments you send to us.

Payment Data:

managed by our payment processor (e.g., Stripe); we receive limited info (e.g., last 4 digits, status).

Third-Party Sources:

service providers (hosting, analytics, error tracking, AI providers), and publicly available sources (for anti-abuse, security, or to validate business info for Marketplace).

2) How We Use Information

  • Provide & Operate the Service (including crawling/ingestion, Q&A, lead capture, CRM, Marketplace).
  • Secure the Service (fraud prevention, abuse detection, incident response).
  • Improve & Develop features, analytics, and performance (using de-identified/aggregated data when possible).
  • Communicate about Service updates, billing, and support.
  • Comply with Law and enforce our Terms.

AI/Model Use.

We send text and structured data to AI providers to generate responses. We contractually restrict providers from using your data to train their generalized models by default where provider controls permit. We may allow optional features that involve fine-tuning or saving examples at your direction.

3) Cookies & Similar Technologies

We use cookies and similar technologies (e.g., local storage, pixels) to operate and secure the Service, remember preferences, and analyze usage. You can control cookies via browser settings; disabling may impact functionality.

4) Disclosures of Information

We may disclose personal information to:

  • Service Providers/Subprocessors who process data on our behalf to deliver the Service (hosting, databases, payments, email/SMS, analytics, error tracking, AI model providers).
  • Customers (Controllers) when you interact with their widget (your data is shared with that business).
  • Legal/Compliance when required by law or to protect rights, safety, and security.
  • Business Transfers (e.g., merger, acquisition) subject to this Policy.

We do not sell personal information and do not share it for cross-context behavioral advertising as defined by CPRA. If this ever changes, we will update this Policy and provide required choices.

5) Marketplace (Opt-In)

If a customer opts in, we may publish a public business profile including business name, services, hours, service area, and contact info. Customers control visibility and can update or opt out at any time. We do not guarantee leads or outcomes.

6) Data Retention

We retain personal information for as long as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. We aim to delete or de-identify Customer Content within 30–90 days after termination, subject to backups and legal requirements.

7) Security

We implement reasonable and appropriate administrative, technical, and physical safeguards. No method of transmission or storage is completely secure. If we learn of a security incident affecting personal data, we will notify affected parties and/or regulators as required by law.

8) International Transfers

We are based in the United States and may transfer, store, and process information in the U.S. and other countries where we or our providers operate. Where required, we rely on appropriate safeguards (e.g., SCCs) for EEA/UK transfers.

9) Your Rights & Choices

Depending on your location, you may have rights to access, correct, delete, port, or object/restrict processing of your personal information, and to withdraw consent where processing is based on consent.

  • If you use our customer's widget: contact that business (controller) to exercise your rights.
  • If you have a Bot On Site account or visited our site: contact support@botonsite.com.

You can opt out of marketing emails by using unsubscribe links or contacting us.

10) Children's Privacy

The Service is not intended for children under 13 (or as defined by local law). We do not knowingly collect personal information from children. If you believe a child has provided personal information to us, contact us to request deletion.

11) Subprocessors

We use subprocessors to provide the Service, which may include: Supabase, Vercel, Fly.io, Stripe, email/SMS providers (e.g., SendGrid/Twilio), analytics/error tracking (e.g., PostHog/Plausible/Sentry), and AI providers (e.g., OpenAI, Voyage). We may update this list. A current list or link will be maintained at [insert URL to subprocessor page].

12) Controller/Processor Roles & DPA

For Customer Content collected via customer-deployed widgets, the customer is the controller (or "business" under CPRA) and we are the processor/service provider. Where required, we will enter into a Data Processing Addendum (DPA) with standard clauses. Contact support@botonsite.com to request a DPA.

13) Legal Bases (EEA/UK)

Where GDPR/UK GDPR applies, we process personal data under these legal bases:

  • Contract (to provide the Service);
  • Legitimate Interests (security, service improvement, communication);
  • Consent (where required, e.g., certain cookies/marketing);
  • Legal Obligation (compliance and record-keeping).

14) California Privacy (CPRA)

We act as a service provider to our customers for lead/interaction data collected by their widgets. For our own site and accounts, you have rights to know/access, delete, correct, and to not be discriminated against for exercising your rights. We do not sell or share personal information as defined by CPRA.

15) Changes to this Policy

We may update this Policy from time to time. Material changes will be announced via the Service or email. The "Effective date" above reflects the latest version.

Contact: support@botonsite.com