SakhiChat

Privacy Policy

How SakhiChat collects, uses, and protects your information.

Last updated: April 30, 2026

1. Introduction

Your privacy matters. This Privacy Policy describes how SakhiChat collects, uses, shares, and protects information when you visit our website, use our dashboards, or interact with chatbots powered by our Services.

We are a US-based company that serves customers worldwide. We comply with privacy laws applicable to our users — including the EU and UK General Data Protection Regulations (GDPR), the California Consumer Privacy Act (CCPA), and other regional privacy laws where required.

By using the Services, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Services.

2. Who We Are

SakhiChat is operated by [LEGAL_ENTITY_NAME], a limited liability company registered in the State of Wyoming, United States.

For the purposes of GDPR, we act as data controller for personal data of our customers (account holders) and as data processor for personal data that customers submit to the Services about their own end users (e.g. chatbot conversations on a customer's website).

3. Information We Collect

3.1 Information you give us

  • Account information: name, email address, password (encrypted), profile picture (if signing in with Google).
  • Business information: business name, website, knowledge-base content you upload (FAQs, scraped pages, documents).
  • Payment information: billing name, address, and partial card details. Full card numbers are processed by Stripe and never stored by us.
  • Communications: messages you send to support, feedback, survey responses.

3.2 Information collected automatically

  • Usage data: pages visited, features used, time spent, clicks.
  • Device data: IP address, browser type, operating system, device identifiers.
  • Cookies and similar technologies: see Cookie Policy.
  • Log data: server logs that help us debug and secure the Services.

3.3 Information from chatbot end users

If you are an end user chatting with a SakhiChat-powered bot on a third-party website, we collect:

  • The messages you send and the responses generated.
  • Optional contact details you provide (name, email, phone).
  • The website where the chat happened, your browser type, and language.

For end users, the website operator (our customer) is the data controller. We process this data on their behalf as their data processor.

3.4 Information from third parties

If you sign in with Google, we receive your name, email, and profile picture from Google. If you connect a WhatsApp Business number, we receive message metadata and contact information from Meta as you configure it.

4. How We Use Information

We use information to:

  • Provide, maintain, and improve the Services.
  • Authenticate users and manage accounts.
  • Process payments and prevent fraud.
  • Generate AI responses for chatbot conversations.
  • Send transactional emails (verification, password reset, billing receipts, trial reminders).
  • Respond to support requests.
  • Send product updates and marketing emails (you can unsubscribe at any time).
  • Detect, prevent, and address security incidents and abuse.
  • Comply with legal obligations.
  • Aggregate and de-identify data to analyse trends and improve the product.

5. How We Share Information

We share information only in the following circumstances:

  • Service providers: with third parties that help us operate the Services (see Section 6).
  • Legal compliance: when required by law, subpoena, or court order, or to protect rights, safety, and property.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, subject to the same privacy commitments.
  • With your consent: for any other purpose disclosed to you and consented by you.

We do not sell your personal information. We do not share personal information for cross-context behavioural advertising.

6. Service Providers (Subprocessors)

We use the following service providers to operate the Services. Each processes personal data only on our instructions and under contractual privacy commitments:

ProviderPurposeLocation
OpenAIAI text generation for chatbot responsesUSA
StripePayment processingUSA / Ireland
MongoDB AtlasDatabase hostingUSA / EU (configurable)
ResendTransactional email deliveryUSA
Meta (WhatsApp Business)WhatsApp message delivery (when enabled)USA / Ireland
GoogleOAuth sign-in and Calendar (when enabled)USA / EU

We will give reasonable notice of any material changes to our list of service providers. The current list is always available on this page.

7. International Data Transfers

SakhiChat is based in the United States. Your information may be transferred to, processed, and stored in the US and other countries where our service providers operate.

For users in the EU, UK, or other regions with data-export restrictions, we use appropriate safeguards for transfers, including:

  • Standard Contractual Clauses approved by the European Commission for transfers from the EU.
  • UK International Data Transfer Agreement / Addendum for transfers from the UK.
  • Reliance on adequacy decisions where applicable.

You can request copies of these safeguards by emailing support@sakhichat.com.

8. Data Retention

We retain personal data only as long as needed for the purposes described:

  • Account data: while your account is active, plus up to 30 days after deletion to allow for recovery.
  • Conversation data: for the duration of your subscription, unless you delete it sooner.
  • Billing records: up to 7 years to comply with tax and accounting laws.
  • Support communications: up to 3 years.
  • Server logs: up to 90 days, unless required for security investigation.

After these periods, data is deleted or anonymised. You may request earlier deletion at any time (see Section 10).

9. Security

We take security seriously. We implement administrative, technical, and physical safeguards designed to protect personal data, including:

  • Encryption in transit (TLS 1.2+) and at rest.
  • Access controls — only authorised staff can access production systems.
  • Password hashing using industry-standard algorithms (bcrypt).
  • Regular security reviews and dependency updates.
  • Incident response procedures.

No system is 100% secure. If we become aware of a breach affecting your personal data, we will notify you and the relevant authorities as required by law.

10. Your Privacy Rights

Regardless of where you live, we extend the following rights to all users:

  • Access: request a copy of the personal data we hold about you.
  • Correction: ask us to correct inaccurate or incomplete data.
  • Deletion: ask us to delete your account and associated data.
  • Export: receive your data in a structured, machine-readable format.
  • Marketing opt-out: unsubscribe from marketing emails at any time.

To exercise these rights, email support@sakhichat.com from the email address associated with your account. We will respond within 30 days.

11. Additional Rights for EU and UK Residents (GDPR)

If you are located in the European Union, European Economic Area, or United Kingdom, you have additional rights under the GDPR / UK GDPR:

  • Right to restrict processing — ask us to limit how we use your data.
  • Right to object to processing — particularly to direct marketing or processing based on legitimate interests.
  • Right to data portability — receive your data in a structured format and transmit it to another controller.
  • Right to withdraw consent — where processing is based on consent, you can withdraw it at any time.
  • Right to lodge a complaint — with your local supervisory authority. UK residents may contact the Information Commissioner's Office (ICO); EU residents can find their authority at edpb.europa.eu.

11.1 Legal basis for processing (GDPR Art. 6)

We rely on the following legal bases:

  • Contract: to provide the Services you requested (account creation, billing, support).
  • Legitimate interests: to operate, secure, and improve the Services, prevent fraud, and communicate updates — balanced against your rights.
  • Consent: for marketing emails and non-essential cookies. You can withdraw consent at any time.
  • Legal obligation: to comply with tax, accounting, and other legal requirements.

12. Additional Rights for California Residents (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

  • Right to know — what personal information we collect, use, and disclose, and to whom.
  • Right to delete — request deletion of personal information we have collected.
  • Right to correct — request correction of inaccurate personal information.
  • Right to opt out of sale or sharing — we do not sell or share personal information for cross-context behavioural advertising, but you have the right to opt out.
  • Right to limit use of sensitive personal information — request that we limit our use of sensitive data.
  • Right to non-discrimination — we will not discriminate against you for exercising any of these rights.

To exercise these rights, email support@sakhichat.com. We may verify your identity before processing the request.

Categories of personal information we collect: identifiers (name, email, IP), commercial information (subscription history), internet activity (usage logs), geolocation (approximate, from IP), and inferences drawn from these (e.g. usage patterns).

13. Other Regions

We respect privacy laws in other jurisdictions where they apply to our users — including but not limited to the Brazilian LGPD, Canadian PIPEDA, Australian Privacy Act, and Indian DPDPA. If you live in one of these regions and want to exercise local rights, email us at support@sakhichat.com and we will respond as required by your local law.

14. Cookies & Tracking

We use cookies and similar technologies to operate, secure, and improve the Services. For full details on what cookies we use and how to control them, see our Cookie Policy.

Where required by law, we obtain your consent before setting non-essential cookies. Strictly necessary cookies (e.g. authentication) are always active.

15. AI & Your Data

SakhiChat uses third-party large language models (currently OpenAI) to generate chatbot responses. When a chatbot processes a conversation, the message and relevant context (e.g. the customer's knowledge base) are sent to OpenAI's API.

  • OpenAI does not use API data to train its models by default (per OpenAI's API data usage policy).
  • We do not use customer data to train any models, our own or third party.
  • AI responses can contain inaccuracies. We display AI-generated content as such and encourage human review for important decisions.

For more details, see our AI Disclosure.

16. Children's Privacy

The Services are not intended for children under 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16 without verified parental consent, we will delete it promptly.

If you believe a child has provided us with personal information, please contact support@sakhichat.com.

17. Automated Decision-Making

We do not use personal data for automated decision-making that produces legal or similarly significant effects for you (e.g. credit decisions, employment decisions). AI-generated chatbot responses are content suggestions, not consequential decisions about you.

If you believe an AI-generated response has unfairly affected you, you have the right to request human review by contacting support@sakhichat.com.

18. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects when changes were made. For material changes, we will give reasonable advance notice (e.g. by email or a notice in the dashboard) before the changes take effect.

Continued use of the Services after the effective date constitutes acceptance of the updated policy.

19. Contact Us & Complaints

For any questions, concerns, or to exercise your privacy rights:

EU/UK residents who believe their data has been mishandled may also lodge a complaint with their local data protection authority. We encourage you to contact us first so we can try to resolve the issue.

Pre-launch note: Some details on this page (registered office address, legal entity name) may still appear as placeholders before SakhiChat formally launches. The current version on this page is always authoritative once launched.

More legal