Privacy Policy

1. Introduction

Velanaris ("we," "us," or "our") operates an AI chatbot service that helps small businesses provide automated customer support on their websites. This Privacy Policy explains how we collect, use, store, protect, and share your information when you use our service.

Who This Policy Applies To:

• Customers: Businesses that purchase our chatbot service
• End Users: Visitors to our customers' websites who interact with the chatbots we create

By using our service, you acknowledge that you have read and understood this Privacy Policy and consent to the data practices described herein.

2. Geographic Scope and Service Availability

Our service is currently available only to customers located in the United States. By using our service, you confirm that you are located in the United States. We do not knowingly provide services to individuals or businesses outside the United States at this time.

3. Information We Collect

3.1 Customer Information

When you purchase and use our service, we collect:

Account and Business Information:

• Your email address (for account management, billing, and support)
• Your business name and website URL
• Business contact information you provide during setup
• Any specific content, FAQs, or materials you provide for chatbot configuration

Payment and Billing Information:

• Payment method details (processed and stored securely by Stripe, our payment processor)
• Billing history and transaction records
• Subscription plan details and usage limits

Setup and Configuration Data:

• Chatbot configuration settings and prompts
• Custom instructions or guidelines you provide
• Website integration details
• Technical specifications related to your chatbot setup

3.2 Chat Data (End User Interactions)

When visitors to your website interact with your chatbot, we collect:

Conversation Data:

• Questions asked by website visitors
• Responses generated by the AI chatbot
• Timestamps of interactions
• Context of conversations for continuity

Usage Metrics:

• Number of chatbot responses and interactions
• Frequency and timing of chatbot usage
• Most common queries and topics
• Performance and accuracy metrics

Important Note: Chat conversation data is automatically deleted after 30 days from the date of interaction. This applies to all chatbot conversations with end users.

3.3 Technical Information

We automatically collect certain technical information to operate and improve our service:

• Website integration status and compatibility data
• Service uptime and availability metrics
• Error logs and technical diagnostics
• Response times and performance statistics
• API usage data (calls to OpenAI services)
• Browser type and device information (for chatbot functionality only)

3.4 Communications

We collect information from your communications with us, including:

• Support emails and correspondence
• Feedback and feature requests
• Any information you voluntarily provide in communications

4. How We Use Your Information

We use the information we collect solely for the following purposes:

4.1 Service Provision

• Set up, configure, and customize your AI chatbot
• Process and generate chatbot responses to end user queries
• Maintain chatbot functionality and availability
• Monitor and enforce usage limits (5,000 responses per billing cycle)
• Provide embed code and technical integration support

4.2 Customer Support

• Respond to your inquiries and support requests
• Troubleshoot technical issues
• Provide guidance on chatbot optimization
• Notify you of service issues or maintenance

4.3 Billing and Account Management

• Process payments and subscriptions
• Send billing invoices and payment confirmations
• Manage account status and renewals
• Track usage against plan limits

4.4 Service Communication

• Send important service updates and announcements
• Notify you of Terms of Service or Privacy Policy changes
• Provide security alerts or data breach notifications
• Communicate about service improvements or new features

4.5 Service Improvement

• Analyze usage patterns to improve chatbot accuracy
• Monitor service performance and reliability
• Identify and fix technical issues
• Develop new features and capabilities

4.6 Legal and Compliance

• Comply with legal obligations and regulatory requirements
• Enforce our Terms of Service
• Protect our rights, property, and safety
• Respond to legal requests and prevent fraud

We do not use your information for marketing, advertising, or any purposes not explicitly stated above.

5. Third-Party Services and Data Sharing

We work with trusted third-party services to operate our business. Your information may be shared with or processed by the following third parties:

5.1 OpenAI (AI Processing)

What They Do: OpenAI provides the GPT-3.5 API that powers chatbot responses.

What Data Is Shared: All chatbot conversations and queries are sent to OpenAI's API to generate responses.

Their Privacy Practices: OpenAI's data handling is governed by their own Privacy Policy and Terms of Service. As of our knowledge, OpenAI may use API data to improve their models unless you opt out. We recommend reviewing OpenAI's current privacy practices at https://openai.com/privacy.

Your Control: By using our service, you acknowledge that chatbot interactions will be processed by OpenAI.

5.2 Stripe (Payment Processing)

What They Do: Stripe securely processes all payment transactions.

What Data Is Shared: Payment method details, billing information, and transaction amounts.

Data Storage: We do not store your credit card numbers or complete payment information. Stripe stores this data securely according to PCI DSS standards.

Their Privacy Practices: Stripe's privacy practices are governed by their Privacy Policy at https://stripe.com/privacy.

5.3 Supabase (Data Storage)

What They Do: Supabase provides secure database and data storage services.

What Data Is Stored: Customer account information, chatbot configuration data, and chat conversation logs (for 30 days).

Security: All data stored with Supabase is encrypted at rest and in transit.

Their Privacy Practices: Supabase's privacy practices are governed by their Privacy Policy at https://supabase.com/privacy.

5.4 Hosting and Infrastructure Providers

We use various hosting and infrastructure services to deliver our service. These providers have access only to the data necessary to perform their functions and are contractually obligated to maintain confidentiality.

5.5 When We May Share Data

We may share your information in the following limited circumstances:

Legal Requirements:

• When required by law, subpoena, court order, or legal process
• To comply with regulatory investigations or government requests
• To enforce our Terms of Service or other agreements
• To protect our legal rights or defend against legal claims

Business Protection:

• To prevent fraud, security threats, or illegal activities
• To protect the safety and rights of Velanaris, our customers, or the public
• To investigate violations of our Terms of Service

Business Transfers:

If Velanaris is acquired, merged, or sold, your information may be transferred to the new owner. We will notify you before your information is transferred and becomes subject to a different privacy policy.

With Your Consent:

We may share information for other purposes with your explicit consent

We do not and will never:

• Sell your personal information to third parties
• Share your data for marketing or advertising purposes
• Rent or lease customer lists
• Use your information for purposes unrelated to providing our service

6. Data Protection and Security

We take data security seriously and implement multiple layers of protection:

6.1 Security Measures

Technical Safeguards:

• All data transmission is encrypted using industry-standard SSL/TLS protocols
• Data at rest is encrypted using secure encryption methods
• Secure API authentication and authorization
• Regular security monitoring and vulnerability scanning
• Secure server infrastructure with access controls

Administrative Safeguards:

• Access to customer data is restricted to essential personnel only
• Employee confidentiality agreements
• Regular security training and awareness
• Documented security policies and procedures

Physical Safeguards:

• Data stored with reputable providers in secure data centers
• Physical access controls at provider facilities
• Redundant backup systems

6.2 Data Breach Response

In the unlikely event of a data breach that affects your personal information:

• We will notify affected customers within 72 hours of becoming aware of the breach
• Notification will be sent via email to the address on file
• We will provide details about what data was affected and steps being taken
• We will offer guidance on protective measures you can take
• We will cooperate with law enforcement and regulatory authorities as required

6.3 Limitations

While we implement strong security measures, no system is 100% secure. You acknowledge that:

• Internet transmission is never completely secure
• Unauthorized access or data breaches may occur despite our efforts
• You use our service at your own risk regarding data security
• You are responsible for maintaining the confidentiality of your account credentials

7. Data Retention

We retain different types of data for varying periods based on legal, business, and operational needs:

7.1 Chat Conversation Data (End User Interactions)

Retention Period: 30 days from the date of interaction

Automatic Deletion: All chatbot conversations with end users are automatically and permanently deleted after 30 days.

Purpose: This data is retained briefly to support customer troubleshooting, quality assurance, and service improvement.

7.2 Customer Account Data

Retention Period: 7 years from account termination

What's Retained:

• Email address and business information
• Subscription and billing history
• Transaction records
• Chatbot configuration details
• Support correspondence

Purpose: We retain this information for:

• Tax compliance (IRS requires 7-year retention of business records)
• Legal protection and dispute resolution
• Accounting and financial record-keeping
• Responding to potential chargebacks or billing disputes
• Compliance with applicable laws

7.3 Active Account Data

Retention Period: Indefinitely while your subscription is active

What's Retained:

• All account information necessary to provide service
• Current chatbot configuration and settings
• Usage statistics and metrics
• Support history

7.4 User-Requested Deletion

You have the right to request deletion of your personal information (see Section 9 for details). When you request deletion:

• We will delete what we are legally permitted to delete
• We must retain certain records for 7 years for tax and legal compliance
• Retained data will be anonymized or pseudonymized where possible
• We will confirm deletion within 30 days of your request

8. End User Privacy (Website Visitors)

If you are a visitor to a website using a Velanaris chatbot, here's what you should know:

8.1 What Data Is Collected

When you interact with a chatbot powered by Velanaris:

• Your questions and the chatbot's responses are recorded
• Basic interaction timing and context
• No personal identifying information unless you voluntarily provide it in conversation

8.2 How Long Data Is Kept

Your chatbot conversations are stored for 30 days and then automatically deleted.

8.3 Who Processes Your Data

Your conversations are processed by:

• Velanaris (us)
• OpenAI (to generate AI responses)
• The business whose website you're visiting (they can review interactions)

8.4 Your Rights

You have the right to:

• Know what data about you is collected
• Request deletion of your conversations
• Opt out of chatbot interactions by not using the chatbot feature

To exercise these rights, contact the business whose website you're visiting, or email us directly at velanaris@gmail.com with the website URL and approximate date of interaction.

8.5 Important Notice

The chatbot is a tool provided to businesses. The business using the chatbot is responsible for:

• Providing their own privacy policy to you
• Complying with privacy laws applicable to their business
• Using the chatbot responsibly and ethically

9. Your Privacy Rights

Depending on your location and applicable laws, you may have certain rights regarding your personal information.

9.1 General Rights (All Users)

Right to Access:

• You can request a copy of the personal information we have about you
• We will provide this information in a readable format

Right to Correction:

• You can request correction of inaccurate or incomplete information
• We will update your information promptly

Right to Deletion:

• You can request deletion of your personal information
• Subject to legal retention requirements (tax records, etc.)
• We will confirm deletion within 30 days

Right to Opt-Out:

• You can opt out of non-essential communications
• You cannot opt out of essential service communications (billing, security, ToS changes)

Right to Data Portability:

• You can request your data in a portable format
• Useful if you want to transfer to another service

9.2 California Residents - CCPA Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:

Right to Know:

• What categories of personal information we collect
• The sources from which we collect personal information
• The business or commercial purposes for collecting personal information
• The categories of third parties with whom we share personal information
• The specific pieces of personal information we have collected about you

Right to Delete:

Right to Opt-Out of Sale:

Right to Non-Discrimination:

• Deny you service
• Charge different prices or rates
• Provide a different level of service quality
• Suggest you will receive different pricing or service quality

Right to Limit Use of Sensitive Personal Information:

Authorized Agents:

Verification Process:

• Confirming your email address matches our records
• Asking for additional information about your account
• Requiring multi-factor authentication if necessary

Response Timeline:

• We will acknowledge your request within 10 business days
• We will respond substantively within 45 days
• We may extend the response period by an additional 45 days if needed (we'll notify you)

9.3 How to Exercise Your Rights

To exercise any of these rights, contact us at:

• Email: velanaris@gmail.com
• Subject Line: "Privacy Rights Request - [Your Business Name]"

Include in Your Request:

• Your full name and business name
• Email address associated with your account
• Specific right you wish to exercise
• Any additional details that help us process your request

We will respond to verified requests within the timeframes required by law.

10. Cookies and Tracking Technologies

10.1 Our Website

Our business website (where you purchase our service) does not use cookies or tracking technologies. We do not use:

• Analytics tools (such as Google Analytics)
• Advertising cookies or pixels
• Social media tracking
• Third-party tracking scripts

10.2 Customer Chatbots

The chatbots we create for customers may use minimal essential technologies for:

• Session management (to maintain conversation context)
• Basic functionality (to enable chatbot operation)
• Temporary storage of conversation state

These are strictly functional and necessary for chatbot operation, not for tracking or advertising.

10.3 Third-Party Services

Third-party services we use (Stripe, Supabase, OpenAI) may use their own cookies or tracking on their respective platforms. Please review their privacy policies for details.

11. Children's Privacy

Our service is not intended for, and we do not knowingly collect personal information from, children under the age of 13.

Our Policy:

• We do not market to children
• We do not knowingly collect data from children under 13
• Our service is designed for business customers, not children

If We Learn of Child Data Collection:

• We will delete the information immediately
• We will take steps to prevent future collection
• We will notify relevant parties as required by law

Parental Rights:

12. International Data Transfers

Our service is currently limited to United States customers only. All data is processed and stored within the United States.

If we expand internationally in the future:

• We will update this Privacy Policy
• We will implement appropriate safeguards for international transfers
• We will comply with applicable international privacy laws

13. Your Responsibilities as a Customer

As a customer using our service to provide chatbots on your website, you have certain privacy responsibilities:

13.1 Your Own Privacy Policy

You must provide your own privacy policy to your website visitors that:

• Discloses that you use a third-party chatbot service
• Explains what data is collected through the chatbot
• Informs users that conversations are processed by AI
• Complies with privacy laws applicable to your business

13.2 Legal Compliance

You are responsible for:

• Complying with all privacy laws applicable to your business and jurisdiction
• Obtaining necessary consents from your website visitors
• Providing required disclosures about data collection
• Implementing required opt-out mechanisms

13.3 Data Security

You are responsible for:

• Securing your account credentials
• Properly implementing the chatbot embed code
• Not sharing access credentials with unauthorized parties
• Promptly notifying us of any security concerns

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings.

When We Update This Policy:

• We will update the "Last Updated" date at the top of this document
• We will notify customers via email at least 15 days before material changes take effect
• We will post the updated policy on our website
• We will maintain archives of previous versions

Material Changes include:

• Changes in how we collect or use personal information
• Changes in data sharing practices
• Changes in data retention periods
• Changes in your rights or our security practices

Your Continued Use:

15. Contact Information

For privacy-related questions, concerns, or to exercise your privacy rights:

• Email: velanaris@gmail.com
• Subject Line Suggestions:
• "Privacy Question"
• "Data Access Request"
• "Data Deletion Request"
• "CCPA Rights Request"
• Business Name: Velanaris
• Location: California, United States
• Response Time: We aim to respond to all privacy inquiries within 48-72 hours during business days.

16. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of the State of California and the United States, without regard to conflict of law principles.