Logo

Privacy Policy

Last updated: 9/10/2025

1. Introduction

This Privacy Policy explains how SUTTYLABS ("we", "us", "our") collects, uses, discloses, and safeguards information when you use our AI chatbot widget services, dashboard, and related applications (the "Service").

2. Data Controller & Contact

  • SUTTYLABS is the data controller for personal data processed via the Service.
  • Contact: info@suttylabs.com

3. Scope

This Policy applies to information we collect from account holders and end-users interacting with chatbots deployed by our customers.

4. Information We Collect

  • Account & Profile: name, email, address, company name, business website, role.
  • Service Configuration & Training: chatbot training data you upload, prompts, settings, knowledge base content.
  • Usage & Analytics: interaction counts, timestamps, response times, feature usage, approximate location from IP (city/region level), and device/browser metadata.
  • Calendar (optional): when enabled, Google Calendar metadata necessary to display and manage events (e.g., calendar IDs, event summaries, times). We do not access your emails.
  • Payments: subscription status, plan, invoices, and limited billing metadata. We do not store full payment card details; Stripe processes payments.
  • Support: messages, attachments, and contact details provided to support channels.

5. How We Use Information

  • Provide the Service (perform our contract), including AI responses, integrations, and support.
  • Improve and secure the Service (our legitimate interests), including debugging, analytics, and preventing abuse.
  • Communicate about updates, billing, security notices (contract/legitimate interests; marketing with consent where required).
  • Comply with legal obligations and enforce our Terms.
  • With consent for specific features (e.g., Google Calendar access) or where required by law.

6. Sharing & Subprocessors

We share data with service providers who act on our behalf ("subprocessors") to operate and improve the Service. Key subprocessors include:

  • OpenAI: processes prompts and content to generate chatbot outputs.
  • Google Calendar: provides calendar functionality when you connect your account.
  • Stripe: processes payments and handles sensitive payment data.

We may also use infrastructure, logging, analytics, and support providers. We require subprocessors to protect personal data and use it only per our instructions.

7. International Data Transfers

If we transfer personal data internationally, we will implement appropriate safeguards (e.g., Standard Contractual Clauses) as required by applicable law.

8. Data Retention

We retain personal data for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. You may request deletion of your account data; some records may be retained as required by law.

9. Security

We implement appropriate technical and organizational measures to protect personal data. However, no system is completely secure.

10. Your Rights

  • Access, rectification, and erasure of your personal data.
  • Restriction or objection to processing, and data portability.
  • Withdraw consent at any time where processing is based on consent.
  • Lodge a complaint with your local supervisory authority.

11. Cookies & Similar Technologies

We may use cookies and similar technologies to provide essential functions, remember preferences, and analyze usage. Where required by law, we obtain your consent. See our Cookie Notice for details (if applicable).

12. Google Calendar Integration

  • We access only the calendar scopes you authorize to enable scheduling features.
  • You can disconnect access at any time via your Google Account security settings.
  • Event data is used solely to provide requested scheduling features and is not sold.

13. OpenAI Processing

Prompts and content may be transmitted to OpenAI to generate responses. OpenAI acts as our processor for this purpose and processes data in accordance with its terms and privacy policy. Avoid submitting Highly Sensitive Data unless necessary and authorized.

14. Stripe Payments

Stripe collects and processes payment data as an independent controller or processor (as applicable). We receive limited billing metadata (e.g., subscription status, plan, invoice identifiers) and do not store full card details.

15. Children’s Privacy

The Service is not intended for children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided personal data, contact us to request deletion.

16. Changes to this Policy

We may update this Policy from time to time. Material changes will be notified via email or in-product notice where required. Your continued use of the Service after changes become effective constitutes acceptance of the updated Policy.

17. Contact

SUTTYLABS — info@suttylabs.com

This document may be updated from time to time. Please review regularly.