1. Data controller
ChatNorris (“ChatNorris”, “we”) is the controller of the personal data described in this policy, which applies to our website, dashboard, embeddable widget, and WhatsApp/Instagram channels. You can reach us at hola@chatnorris.ai for any privacy-related question.
2. Information we collect
Information you provide directly:
- Account: name, email, password (encrypted) and your organization’s details when you sign up.
- Billing: payment data needed to process your subscription (handled by our payment processor — we don’t store card numbers).
- Content you upload: documents, URLs and text used to train your chatbots (knowledge sources).
- Contact forms: name, email and message when you write to us.
Information we collect automatically:
- Platform usage: chatbots you configure, conversations, metrics and product analytics events.
- Technical data: IP address, browser type, operating system and pages visited.
- Analytics cookies: only if you give us your consent (see the Cookies section).
3. How we use your data
We use your data to: create and maintain your account; operate and improve ChatNorris; process payments and billing; provide technical support; send you service notifications (handoff, alerts, receipts); protect the platform against fraud and abuse; and comply with legal obligations. We do not sell or share your information with third parties for advertising purposes.
4. Legal basis per purpose
- Contract performance — creating your account, providing the service, processing payments, support.
- Consent — analytics cookies, marketing communications (you may withdraw it at any time).
- Legitimate interest — platform security, fraud prevention, product improvement.
- Legal obligation — retention of billing records, responding to valid legal requests.
5. Recipients and providers
To operate the service, we share data with providers acting as data processors, under confidentiality agreements and processing data only under our instructions:
- Supabase — database, authentication and storage.
- Vercel — application hosting and serverless functions.
- Anthropic (Claude) — message processing to generate AI agent responses.
- OpenAI — embeddings generation for semantic search (RAG) over your knowledge base.
- Meta — WhatsApp and Instagram channel integration.
- Resend — transactional email delivery (confirmations, notifications).
- Cloudflare — anti-bot protection (Turnstile) on authentication forms.
We may also disclose information if required by law, or in connection with a merger, acquisition, or asset sale, in which case we will notify you of any material changes.
6. International data transfers
Our providers operate infrastructure distributed internationally (including the United States and the European Union). When we transfer data outside your region, we rely on the transfer mechanisms and contractual safeguards these providers offer to maintain a level of protection equivalent to that of your jurisdiction.
7. Data about your chatbot visitors
When you install the ChatNorris widget on your website or connect WhatsApp/Instagram, your end visitors’ messages are processed through the Anthropic (Claude) API to generate responses, and stored in your own organization database, isolated via Row Level Security (RLS) in Supabase. With respect to that data, you act as the data controller and are responsible for informing your users about the use of AI on your site; ChatNorris acts as your data processor.
8. Data retention
We keep your data while your account is active. If you cancel your account, your data is deleted within 30 days, unless the law requires us to keep it longer (e.g. billing records). Your visitors’ conversations follow the same lifecycle as your organization account. You can request earlier deletion by writing to hola@chatnorris.ai.
9. Your rights
Depending on your location, you may have the right to:
- Access the personal data we hold about you.
- Rectify inaccurate or incomplete data.
- Delete your personal data (“right to be forgotten”).
- Restrict or object to the processing of your data.
- Port your data to another provider in a structured format.
- Withdraw your consent at any time, without affecting prior processing.
To exercise these rights, write to hola@chatnorris.ai. We will respond within the timeframes required by applicable law (typically 30 days). If you are not satisfied with our response, you may lodge a complaint with the data protection authority in your country.
11. Do Not Track signals
Some browsers include a “Do Not Track” feature. Since there is no unified industry standard for interpreting these signals, we currently do not respond to them differently. If a common standard is adopted in the future, we will update this policy to reflect it.
12. Third-party links
Our site and emails may include links to third-party sites (for example, social media or partner documentation). We are not responsible for the privacy practices of those sites; we recommend you review their own policies.
13. Security
We apply technical and organizational measures to protect your data: encryption in transit (HTTPS) and at rest, per-organization data isolation via Row Level Security in Supabase, anti-bot verification (Cloudflare Turnstile) on authentication forms, and role-based access control within your organization. No system is 100% secure, but we continuously work to reduce risk and respond responsibly to any incident.
14. Children's privacy
ChatNorris is intended for businesses and professionals, not minors. We do not knowingly collect data from individuals under 18 years of age. If we discover we have collected data from a minor without appropriate consent, we will delete it immediately.
15. Changes to this policy
We may update this policy periodically. If changes are material, we will notify you by email or through a notice on the platform. The “last updated” date at the top of this page always reflects the current version.
16. Contact
For any question about this privacy policy, or to exercise your rights, write to hola@chatnorris.ai.