Privacy policy

Last updated: June 14, 2026

This Privacy Policy explains how FayeBot collects, uses, and protects information when you use our service — both as a FayeBot account holder (a "founder") and when your website visitors interact with Faye.

1. Who we are

FayeBot provides an AI chat widget that founders embed on their websites. We are the data processor for visitor conversation data, and you (the founder) are the data controller.

Contact: privacy@fayebot.com

2. Data we collect

Account holder data (you)

  • Email address and password (managed by better-auth; passwords are stored hashed, never in plaintext)
  • Company name (optional, provided by you)
  • Payment information (processed by Razorpay — we do not store card data)
  • API key usage logs

Visitor data (your website visitors)

  • Conversation messages (what visitors type to Faye)
  • Extracted lead data: email, name, company, intent (parsed from conversation)
  • Page URL where the widget is loaded
  • Conversation timestamps
  • Sentiment indicators derived from conversation content

We do not collect IP addresses, device fingerprints, or browsing history from visitors.

3. How we use data

Account holder data

  • To operate your account and provide the service
  • To send transactional emails (account confirmation, password reset, invoices)
  • To contact you about significant service changes

Visitor data

  • To generate Faye's responses (sent to Gemini API for inference)
  • To create conversation embeddings for RAG memory (sent to Gemini API for embedding)
  • To extract and display lead data in your dashboard
  • To detect escalation triggers

We do not sell visitor data. We do not use visitor data for advertising. We do not use visitor data to train AI models beyond the Gemini API's standard terms.

4. Data storage & security

All data is stored in a managed PostgreSQL database (Neon), hosted on AWS in the ap-southeast-1 region, encrypted at rest using AES-256. Conversation embeddings (vectors) are stored in pgvector within the same database.

Data is transmitted over HTTPS/TLS. API keys are stored as hashed values. We do not log raw conversation content in application logs.

We conduct regular security reviews. In the event of a data breach, we will notify affected account holders within 72 hours.

5. Data sharing

We share data with the following third-party services to operate FayeBot:

  • Google (Gemini API) — Conversation content is sent to Gemini for response generation and embedding. Google processes this under their API terms.
  • Neon — Hosts our managed PostgreSQL database (on AWS infrastructure), where account and conversation data live.
  • Brevo — Sends transactional email (email-verification and password-reset codes). Only the recipient email address is shared.
  • Razorpay — Processes payments. Only billing-related data is shared.

We do not share data with marketing platforms, data brokers, or analytics services.

6. Your rights (GDPR & CCPA)

As a data controller for your visitors' data, you are responsible for fulfilling visitor data rights requests. We provide tools to help:

  • Access: Export all conversations and leads via the dashboard or API
  • Deletion: Delete any conversation, lead, or visitor record from the dashboard or via API. Deletion takes effect immediately.
  • Portability: Export all data as CSV or JSON

For your own account data (as a FayeBot user): email privacy@fayebot.com with your request. We respond within 30 days.

7. Data retention

Conversation data is retained for as long as your account is active, or until you delete it. After account closure, all PII in conversations and leads is deleted within 90 days.

Anonymized aggregate metrics (conversation counts, escalation rates) may be retained indefinitely for service improvement.

8. Cookies

The FayeBot dashboard uses a session cookie for authentication. This is strictly necessary and not used for tracking.

The embedded widget does not set cookies on your visitors' browsers by default. A conversation session identifier is stored in sessionStorage (not a cookie) to maintain context during a single browsing session.

9. Children's privacy

FayeBot is not intended for use with children under 13. We do not knowingly collect data from children. If you believe a child has submitted data through a widget on your site, you must delete that data from your dashboard immediately and notify us.

10. Changes to this policy

We will notify account holders by email of any material changes to this policy at least 14 days before they take effect. Continued use of the Service constitutes acceptance of the updated policy.

11. Contact

Privacy questions: privacy@fayebot.com

For data deletion requests or GDPR inquiries, include your account email and a description of your request. We respond within 30 days.