Legal

Privacy Policy

Last updated: July 3, 2026

1. Information We Collect

  • Account information: email address and authentication credentials, collected via our authentication provider (Supabase) when you sign up.
  • Chatbot configuration: business name, description, address, phone number, support email, hours, branding, and other details you enter into the chatbot builder.
  • Conversation logs: messages exchanged between your chatbot and your website visitors, stored so you can review activity and so we can generate usage metrics for your account.
  • Usage metrics: monthly message counts, billing cycle dates, and related account activity used to enforce plan limits and measure engagement.
  • Payment information: handled entirely by Stripe. We do not collect, see, or store your credit card number or other payment card details on our servers.
  • Usage and security data: IP addresses and request metadata, used temporarily for rate limiting and abuse prevention.

2. Information From Your Website Visitors

When a visitor interacts with your chatbot widget, their messages are sent to Anthropic's API (Claude) to generate a response. Both the visitor's messages and the chatbot's replies are stored as conversation logs (see Section 6, Data Retention) so that you can review activity and so we can track usage against your plan's message limit.

3. How We Use Information

We use the information we collect to provide and operate the Service, send transactional emails (such as account, billing, and usage-limit notifications), monitor and enforce monthly message limits, process subscription payments, communicate with you about your account, improve and maintain the platform, and detect and prevent fraud or abuse.

4. Third-Party Processors

We share information with the following service providers as necessary to operate the Service:

  • Anthropic — processes chatbot conversation messages to generate AI responses.
  • Stripe — processes subscription payments and billing information.
  • Supabase — hosts our database and handles account authentication.
  • Firecrawl — scrapes publicly available content from website URLs you provide during setup.
  • Vercel — hosts and serves the application.
  • Resend — delivers transactional emails (welcome, usage, and billing notifications) on our behalf.

We do not sell your personal information to third parties.

5. Data Security

We use industry-standard measures including encrypted connections (HTTPS), rate limiting, access controls, and authentication checks to protect your information. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

6. Data Retention

Conversation logs (visitor messages and chatbot replies) are retained for 90 days and then deleted. Account and business profile information is retained for as long as your account remains active, and is deleted upon account deletion except where we are required to retain it for a reasonable period for legal, billing, or security purposes.

7. Your Rights

You may access, correct, or request deletion of your account information and data at any time by contacting support@vestachathost.com or through your account dashboard.

8. Cookies

We use essential cookies and local browser storage solely to maintain your authenticated session. We do not use third-party advertising or tracking cookies.

9. Do Not Sell My Personal Information

VestaChatHost does not sell personal information to third parties. California residents may request deletion of their data by emailing support@vestachathost.com. We will respond within 30 days.

10. Children's Privacy

The Service is intended for use by businesses and is not directed at, or intended for use by, anyone under 18 years of age. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Continued use of the Service after changes constitutes acceptance of the updated Policy.

12. Contact

Questions about this Privacy Policy can be sent to support@vestachathost.com.