Privacy Policy

1. Introduction

FIFE.BOT is an AI-powered chatbot platform available at fife.bot and app.fife.bot. The platform enables businesses and individuals to create, configure, and deploy AI chatbots on their websites. This Privacy Policy explains how we collect, use, store, and protect your personal data when you interact with our platform, whether as a registered user managing chatbots or as an end user communicating with a chatbot powered by FIFE.BOT.

By accessing or using FIFE.BOT, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of the service.

2. Data Controller

The data controller responsible for processing your personal data is:

3. What Data We Collect

We collect and process the following categories of personal data depending on how you interact with FIFE.BOT:

3.1 Account Data

When you register for an account, we collect your email address, display name, and a securely hashed version of your password. If you sign in via a third-party provider (Google or Microsoft), we receive your name and email address from that provider. We also store your language preference and plan selection.

3.2 Chatbot Content (Knowledge Base)

To power your chatbot's responses, you may upload documents (PDF, DOCX, TXT files), enter text content, create question-and-answer pairs, or provide website URLs for scraping. This content is chunked, embedded as vectors, and stored in our database so your chatbot can retrieve relevant information when responding to queries.

3.3 Chat Conversation Data

We store messages exchanged between end users and your chatbot. This includes the end user's input messages and the AI-generated responses. Conversation data is associated with a session identifier and is used for analytics and service improvement.

3.4 Usage and Analytics Data

We collect aggregated usage metrics such as the number of conversations, message counts, satisfaction ratings (thumbs up/down feedback), credit consumption, and knowledge base source counts. This data helps us provide you with analytics dashboards and enforce plan-based usage limits.

3.5 Payment Data

Payment processing is handled entirely by Stripe, Inc. We do not collect, store, or have access to your full credit card number or banking details. We store only your Stripe customer identifier, subscription status, billing cycle, and transaction history references necessary for account management.

3.6 Integration Data

If you connect third-party services such as Notion, Confluence, Google Drive, or SharePoint, we store the authentication tokens required to access your content on those platforms. All integration tokens are encrypted at rest using AES-256-GCM encryption. We access only the content you explicitly select for inclusion in your chatbot's knowledge base.

3.7 Technical Data

When you access FIFE.BOT, we may automatically collect technical information including your IP address, browser type and version, device type, operating system, referring URL, and timestamps of your requests. This data is used for security monitoring and service reliability.

4. How We Use Your Data

We process your personal data for the following purposes:

• Service delivery: To create and maintain your account, operate your chatbots, process knowledge base content, and deliver AI-generated responses to end users.
• Contract performance: To manage your subscription, enforce plan limits, track credit usage, and process billing through Stripe.
• Analytics: To provide you with conversation analytics, usage statistics, and satisfaction metrics for your chatbots.
• Security: To protect against unauthorized access, detect fraud, and maintain the integrity and availability of our platform.
• Communication: To send transactional emails related to your account (password resets, subscription confirmations, usage alerts) and, where you have consented, product updates.
• Service improvement: To analyze aggregated, anonymized usage patterns in order to improve platform performance and develop new features.

5. Legal Basis for Processing (GDPR Article 6)

We rely on the following legal bases under the General Data Protection Regulation:

• Performance of a contract (Art. 6(1)(b)): Processing is necessary to provide you with the FIFE.BOT service, manage your subscription, and fulfill our contractual obligations to you.
• Legitimate interest (Art. 6(1)(f)): We process certain data for security monitoring, fraud prevention, and service improvement, where our legitimate interests are not overridden by your rights.
• Consent (Art. 6(1)(a)): Where required, we obtain your explicit consent for specific processing activities, such as marketing communications. You may withdraw consent at any time without affecting the lawfulness of prior processing.
• Legal obligation (Art. 6(1)(c)): We process certain data to comply with applicable tax, accounting, and regulatory requirements.

6. AI and Third-Party Data Processing

FIFE.BOT relies on third-party artificial intelligence services to generate chatbot responses and process your knowledge base content. It is important that you understand how your data flows through these services:

• Chat messages and knowledge base content are transmitted to third-party AI model providers via OpenRouter (an LLM routing service) in order to generate chatbot responses. The specific model used depends on your chatbot configuration.
• Text embeddings are generated through the OpenAI API to enable semantic search across your knowledge base. Your content is sent to OpenAI solely for the purpose of computing vector representations.
• Web scraping of URLs you provide is performed by Firecrawl, a third-party scraping service, to extract page content for your chatbot's knowledge base.

We do not use your data to train AI models. Your content is processed solely to provide responses within the context of your chatbot and is not used for model fine-tuning, training, or any purpose beyond delivering the service.

Sub-processors

We use the following sub-processors to deliver the FIFE.BOT service:

7. Data Sharing

We share your personal data only in the following limited circumstances:

• Sub-processors: With the third-party service providers listed in Section 6 above, strictly to the extent necessary to operate the FIFE.BOT platform.
• Legal requirements: Where we are compelled to disclose data by law, regulation, legal process, or enforceable governmental request.
• Business transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred to the successor entity, subject to the same privacy protections described here.

We do not sell your personal data to third parties, nor do we share it for advertising or marketing purposes.

8. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, where several of our sub-processors are located. When we transfer data outside the EEA, we ensure that adequate safeguards are in place, including:

• EU Standard Contractual Clauses (SCCs) approved by the European Commission.
• Data processing agreements with each sub-processor that require them to protect your data to standards equivalent to those required under GDPR.

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy:

• Account data: Retained for the duration of your active account plus 30 days following account deletion to allow for recovery.
• Knowledge base content: Retained as long as the associated chatbot exists. When you delete a document, chatbot, or knowledge base source, the corresponding data and vector embeddings are permanently removed.
• Chat conversation data: Retained for the purpose of providing analytics. You may delete conversation data at any time from your chatbot's settings.
• Payment records: Retained for the period required by applicable tax and accounting legislation (typically 5 to 10 years depending on jurisdiction).
• Technical logs: Retained for up to 90 days for security and debugging purposes, then automatically purged.

You may request deletion of your personal data at any time by contacting us at support@hostcamp.eu. Upon receiving a valid deletion request, we will erase your data within 30 days, except where retention is required by law.

10. Your Rights Under GDPR

If you are located in the European Economic Area, you have the following rights regarding your personal data:

• Right of access (Art. 15): You may request a copy of the personal data we hold about you.
• Right to rectification (Art. 16): You may request correction of inaccurate or incomplete personal data.
• Right to erasure (Art. 17): You may request deletion of your personal data, subject to legal retention requirements.
• Right to restriction (Art. 18): You may request that we restrict processing of your data in certain circumstances.
• Right to data portability (Art. 20): You may request your data in a structured, commonly used, machine-readable format.
• Right to object (Art. 21): You may object to processing based on legitimate interest at any time.
• Right to withdraw consent (Art. 7(3)): Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
• Right to lodge a complaint: You have the right to file a complaint with a supervisory authority. In Czechia, the relevant authority is the Office for Personal Data Protection (UOOU), www.uoou.cz.

To exercise any of these rights, please contact us at support@hostcamp.eu. We will respond to your request within 30 days.

11. Cookies

FIFE.BOT uses cookies and similar technologies to maintain your session, remember your preferences, and analyze platform usage. For detailed information about the types of cookies we use and how to manage them, please refer to our Cookie Policy.

12. Children's Privacy

FIFE.BOT is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have inadvertently collected personal data from a child under 16, we will take prompt steps to delete that information. If you believe that a child under 16 has provided us with personal data, please contact us at support@hostcamp.eu.

13. Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• All data in transit is protected with TLS (Transport Layer Security) encryption.
• Database access is governed by Row Level Security (RLS) policies that ensure users can only access their own data.
• Third-party integration credentials (such as Notion, Confluence, and Google Drive tokens) are encrypted at rest using AES-256-GCM.
• User passwords are stored as cryptographic hashes and are never accessible in plain text.
• Authentication is managed through Supabase Auth with support for secure session management and third-party OAuth providers.
• Access to production systems is restricted to authorized personnel and protected by multi-factor authentication.

While we strive to protect your data, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security, but we are committed to promptly addressing any security incidents in accordance with applicable law.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by email (using the address associated with your account) or by placing a prominent notice on our platform prior to the change becoming effective. We encourage you to review this policy periodically. Your continued use of FIFE.BOT after any changes constitutes acceptance of the updated policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us: