Vexar Chat

Privacy Policy

Last updated: February 23, 2026

This Privacy Policy describes how Vexar Chat ("we", "us", or "our") collects, uses, and shares information about you when you use our Service. We are committed to protecting your personal data in accordance with applicable privacy laws, including the EU General Data Protection Regulation (GDPR).

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and password (stored as a secure hash). If you provide a company name, it is also stored.

Usage Data

We collect information about how you use the Service, including pages visited, features used, chatbot configurations, conversation volumes, and actions performed within the dashboard.

Visitor Data (via your chatbot)

When visitors interact with chatbots you create using our Service, we process the following data about them:

  • Conversation messages and session identifiers
  • Contact information voluntarily provided (such as email or name)
  • Approximate geographic location (country and city) derived from the visitor's IP address via GeoIP lookup
  • Browser type and operating system, derived from the User-Agent header
  • URL of the page the visitor is viewing when the chatbot is opened
  • IP address (used solely for geolocation; not stored long-term)

This technical context data is displayed to the chatbot operator to assist in providing effective customer support. The legal basis for this processing is our legitimate interest (GDPR Art. 6(1)(f)) in enabling operators to deliver relevant and efficient support.

You, as the chatbot owner, are responsible for informing your website visitors about this data processing, for example by referencing this Privacy Policy or including appropriate disclosure in your own privacy notice.

Payment Information

Payment processing is handled by Stripe. We do not store your full credit card details. We receive and store payment confirmation data, subscription status, and transaction history.

Technical Data

We collect technical information such as IP addresses, browser type, operating system, device information, and access timestamps through server logs for security and diagnostic purposes. IP addresses may be used to determine approximate geographic location (country and city) using a local GeoIP database (MaxMind GeoLite2) or, as a fallback, via the ip-api.com service. Resolved geographic data is cached temporarily; raw IP addresses are not stored in our database.

2. How We Use Your Information

  • Providing and operating the Service
  • Processing payments and managing subscriptions
  • Sending transactional emails (account notifications, payment receipts)
  • Providing chatbot operators with visitor context (geographic location, browser, current page) to enable effective customer support
  • Improving and developing new features
  • Detecting and preventing fraud, abuse, or security threats
  • Complying with legal obligations

We do not sell your personal data to third parties. We do not use your data for advertising purposes.

3. Third-Party Service Providers

We share data with the following third parties solely for the purpose of providing the Service:

  • Stripe — payment processing. Your payment data is subject to Stripe's Privacy Policy.
  • OpenAI — AI language model processing. Conversation messages may be processed by OpenAI to generate chatbot responses. See OpenAI's Privacy Policy.
  • ip-api.com — geographic location lookup service used as a fallback when our local GeoIP database does not have data for a particular IP address. Only the visitor's IP address is transmitted; no other personal data is shared. See ip-api.com Legal.

All third-party providers are contractually required to handle data securely and only for the purposes we specify.

4. Cookies

We use essential session cookies necessary for the Service to function. We do not use tracking or advertising cookies. The chatbot widget embedded on third-party sites uses a session cookie to maintain conversation continuity for visitors.

5. Data Retention

We retain your account data for as long as your account is active. Upon account deletion, we delete your personal data within 30 days, except where retention is required by law (e.g., financial records). Conversation logs are retained for 12 months by default and can be deleted at your request.

6. Data Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (HTTPS/TLS), hashed password storage, and access controls. However, no system can guarantee absolute security.

7. Your Rights (EU/EEA Users)

If you are located in the EU or EEA, you have the following rights under GDPR:

  • Right of access — request a copy of your personal data
  • Right to rectification — correct inaccurate data
  • Right to erasure — request deletion of your data ("right to be forgotten")
  • Right to data portability — receive your data in a machine-readable format
  • Right to object — object to processing of your data
  • Right to restriction — request restriction of processing

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

8. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a prominent notice on the Service. Your continued use of the Service after changes become effective constitutes your acceptance of the updated policy.

10. Contact

For privacy-related questions, requests, or concerns, contact us at:
[email protected]