Specialized Chat Bot ("SCB Widget", "we", "us", or "our") operates the SCB Widget platform, accessible at scbwidget.com. We provide AI-powered chatbot services that allow businesses to train chatbots on their website content and embed them on their websites.
For the purposes of the General Data Protection Regulation (GDPR) and other applicable data protection laws, SCB Widget is the data controller of your personal data.
Contact: support@scbwidget.com
2. Information We Collect
2.1 Information You Provide Directly
Account registration: Name, business name, email address, and password (stored as a secure hash)
Payment information: Billing details processed securely by our payment provider (Stripe). We do not store full card numbers.
Website content: URLs and content you submit for AI training (web scraping)
Support communications: Messages you send to our support team
Profile updates: Any changes you make to your account settings
2.2 Information Collected Automatically
Log data: IP address, browser type and version, operating system, referring URLs, pages visited, timestamps
Usage data: Features used, API calls made, chat message counts, widget interactions, ingestion job history
Device information: Device type, screen resolution, language settings
Cookies and similar technologies: Session tokens, preference cookies, analytics identifiers (see our Cookie Policy)
2.3 Information from Third Parties
Payment processors: Transaction status and billing information from Stripe
We do not collect sensitive personal data such as racial or ethnic origin, political opinions, religious beliefs, health data, biometric data, or data concerning sexual orientation.
3. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases:
Processing Activity
Legal Basis
Creating and managing your account
Contract performance (Art. 6(1)(b) GDPR)
Processing payments and billing
Contract performance (Art. 6(1)(b) GDPR)
Providing the chatbot service
Contract performance (Art. 6(1)(b) GDPR)
Sending service-related emails
Contract performance (Art. 6(1)(b) GDPR)
Analytics and service improvement
Legitimate interests (Art. 6(1)(f) GDPR)
Security and fraud prevention
Legitimate interests (Art. 6(1)(f) GDPR)
Marketing communications
Consent (Art. 6(1)(a) GDPR)
Analytics cookies
Consent (Art. 6(1)(a) GDPR)
Legal compliance
Legal obligation (Art. 6(1)(c) GDPR)
4. How We Use Your Information
We use the information we collect to:
Provide, operate, maintain, and improve the Service
Create and manage your account
Process transactions and send related billing information
Send administrative information, service updates, and security alerts
Respond to your comments, questions, and support requests
Monitor and analyze usage patterns to improve the Service
Detect, investigate, and prevent fraudulent transactions and other illegal activities
Personalize your experience based on your preferences
Comply with legal obligations and enforce our Terms of Service
Send marketing communications (only with your consent, and you may opt out at any time)
5. Information Sharing & Disclosure
We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:
Service Providers: We share data with trusted third-party vendors who assist in operating the Service, including cloud hosting (AWS), payment processing (Stripe), email delivery (AWS SES), and database services. These providers are contractually bound to protect your data and may only use it to provide services to us.
Legal Requirements: We may disclose your information if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred. We will notify you before your data is transferred and becomes subject to a different privacy policy.
With Your Consent: We may share your information for any other purpose with your explicit consent.
Aggregated/Anonymized Data: We may share aggregated or de-identified information that cannot reasonably be used to identify you.
6. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have data protection laws that differ from those in your country.
When we transfer personal data from the EEA, UK, or Switzerland to countries not deemed adequate by the European Commission, we use appropriate safeguards such as:
Standard Contractual Clauses (SCCs) approved by the European Commission
Data Processing Agreements with all sub-processors
Adequacy decisions where applicable
You may request a copy of the safeguards we use by contacting us at support@scbwidget.com.
7. Data Retention
We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:
Account data: Retained for the duration of your account plus 30 days after deletion (to allow recovery if deletion was accidental)
Billing records: Retained for 7 years to comply with financial regulations
Log data: Retained for 90 days for security and debugging purposes
Chat history: Retained for the duration of your account; deleted upon account deletion
Backup data: May persist in encrypted backups for up to 90 days after deletion
You may request deletion of your account and associated data at any time through your Account Settings or by contacting us.
8. Data Security
We implement appropriate technical and organizational measures to protect your personal information, including:
Encryption of data in transit using TLS 1.2+
Encryption of sensitive data at rest using AES-256
Secure password hashing using industry-standard algorithms (bcrypt)
JWT-based authentication with short-lived tokens
Regular security assessments and penetration testing
Access controls limiting employee access to personal data on a need-to-know basis
Incident response procedures for data breaches
However, no method of transmission over the Internet or electronic storage is 100% secure. In the event of a data breach that affects your rights and freedoms, we will notify you and the relevant supervisory authority as required by applicable law (within 72 hours under GDPR).
9. Your Rights Under GDPR & Other Laws
Depending on your location, you have the following rights regarding your personal data:
Rights Under GDPR (EEA/UK/Switzerland)
Right of Access (Art. 15): Request a copy of the personal data we hold about you
Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data
Right to Erasure / "Right to be Forgotten" (Art. 17): Request deletion of your personal data
Right to Restriction of Processing (Art. 18): Request that we limit how we use your data
Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format
Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing
Right to Withdraw Consent (Art. 7(3)): Withdraw consent at any time where processing is based on consent
Right to Lodge a Complaint: File a complaint with your local supervisory authority (e.g., ICO in the UK, CNIL in France)
Rights Under CCPA (California Residents)
Right to know what personal information is collected, used, shared, or sold
Right to delete personal information
Right to opt-out of the sale of personal information (we do not sell personal information)
Right to non-discrimination for exercising your privacy rights
How to Exercise Your Rights
You can exercise most rights directly through your Account Settings page. For other requests, contact us at support@scbwidget.com. We will respond within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before processing your request.
10. Cookies & Tracking Technologies
We use cookies and similar tracking technologies to enhance your experience on our Service. We obtain your consent before placing non-essential cookies on your device.
For full details on the cookies we use, their purposes, and how to manage your preferences, please see our Cookie Policy.
You can manage your cookie preferences at any time by clicking .
11. Children's Privacy
The Service is not directed to children under the age of 16 (or 13 in the United States). We do not knowingly collect personal information from children under these ages. If you believe we have inadvertently collected such information, please contact us immediately at support@scbwidget.com and we will take steps to delete it promptly.
12. Third-Party Links
Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party sites you visit.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of significant changes by:
Posting the updated policy on this page with a new "Last updated" date
Sending an email notification to registered users
Displaying a prominent notice on our website
Your continued use of the Service after the effective date of the updated policy constitutes your acceptance of the changes. If you do not agree to the updated policy, you must stop using the Service.
14. Contact Us & Data Protection Officer
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
If you are located in the EEA or UK and are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.