Privacy Policy
Last updated: July 15, 2026
1. Information We Collect
Account Information
When you create an account, we collect your email address and authentication credentials (managed by Supabase Auth). We do not store passwords directly — they are handled by Supabase's secure authentication system.
Bot Configuration
We store the bot configurations you create, including names, modes, FAQ entries, decision trees, widget settings, and domain allowlists. This data belongs to you and is row-level secured — only you can access it.
Chat Data
We store chat sessions and messages between visitors and your bots/operators. This data is associated with your bot and is used to provide the Service.
Visitor Data
When a visitor uses the chat widget, we generate an anonymous visitor ID. We do not collect personally identifying information from visitors unless they voluntarily provide it in a chat message.
2. How We Use Your Data
- To provide and maintain the Service
- To process AI provider requests on your behalf (when using AI mode)
- To display real-time chat sessions in the dashboard
- To enforce domain-based access controls
- To track message usage against plan limits
3. AI Provider Data Sharing
When you configure AI mode, chat messages are sent to your selected AI provider (Gemini, Groq, or OpenRouter) for processing. We do not control how these third-party providers handle data once received. Refer to their respective privacy policies.
4. Data Storage and Security
All data is stored in a Supabase-hosted PostgreSQL database with row-level security (RLS) policies. Server-side operations use a service role key that is never exposed to the browser. We use HTTPS for all communications.
5. Data Retention
We retain your data for as long as your account is active. You may delete individual bots, sessions, or your entire account from the dashboard. Deleted data is removed from our database and is not recoverable.
6. Cookies and Local Storage
We use cookies for authentication session management. The chat widget uses the browser's local storage to persist the visitor ID. We do not use tracking cookies or analytics cookies.
7. Third-Party Services
- Supabase — Authentication, database, and realtime
- AI Providers — Gemini (Google), Groq, OpenRouter (for AI mode only)
- Razorpay — Payment processing (for paid plans)
- Vercel — Hosting and edge functions
8. Your Rights
You have the right to:
- Access all data associated with your account
- Export your data from the dashboard
- Delete your account and all associated data
- Request information about how your data is processed
9. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice on the dashboard.
10. Contact
Questions about this Privacy Policy? Email us at wump@shrepy.com.
Wump by Shrepy