Privacy Policy

When you create an account, we collect your email address. When you train a chatbot, we store the content you provide (URLs, uploaded files, or raw text) and the vector embeddings derived from that content. When your chatbot is used, we store conversation messages and, if you enable lead capture, the contact information submitted by your visitors.

We also collect standard server logs (IP address, user agent, request path, timestamp) for security and debugging purposes. We do not collect payment card details — payments are handled directly by Dodo Payments.

• To operate and deliver the Ontroz service to you
• To send transactional emails (login links, billing notifications)
• To detect and prevent abuse, fraud, and security incidents
• To improve the platform based on aggregate, anonymised usage patterns

We never use your training content or conversation data to train shared AI models. Your knowledge base is private and isolated to your organisation.

All data is stored on Neon Serverless PostgreSQL hosted in the United States. Vector embeddings are stored in the same database. Uploaded files are stored on Cloudflare R2. All data is encrypted at rest and in transit (TLS 1.3). Session tokens are stored as SHA-256 hashes — never in plaintext.

If your subscription is cancelled or expires, your data is retained for a grace period to allow resubscription:

• Vector embeddings (training data): deleted 30 days after cancellation
• Conversation history and messages: deleted 60 days after cancellation
• Chatbot configuration and leads: deleted 90 days after cancellation
• Your account itself remains until you request deletion

You will receive an email warning 7 days before each deletion phase.

We share data only with the following service providers, solely to operate the platform:

• Neon — database hosting
• Cloudflare R2 — file storage
• Upstash — Redis cache and job queue
• Google Cloud — API hosting (Cloud Run) and AI inference (Gemini)
• Resend — transactional email delivery
• Dodo Payments — payment processing
• Sentry — error monitoring (no PII in error payloads)

We do not sell your data to any third party, ever.

You have the right to access, export, correct, or delete your personal data at any time. To request data deletion or an export, email us at privacy@ontroz.com. We will respond within 30 days.

We use a single session cookie (sid) to keep you logged in. It is httpOnly, Secure, and SameSite=Lax. We do not use third-party tracking cookies or advertising cookies.

Questions about this policy? Email privacy@ontroz.com.