FluentBot
Start free for 30 days
Legal

Privacy Policy

Last updated: April 27, 2026

This policy explains what data FluentBot collects when you use the platform (the dashboard, the API, and the chat widget), why we collect it, where it is stored, who we share it with, and the controls you have over it.

1. Who we are

FluentBot ("we", "us") is the operator of the FluentBot chatbot platform available at fluentbot.ai and embeddable on customer websites via our chat widget. For any privacy question or request, contact us at support@fluentbot.ai.

2. The two roles we play

FluentBot processes data in two distinct capacities:

  • Controller — for data about our customers (the teams that sign up to FluentBot). We decide why and how that data is processed.
  • Processor — for data about the visitors who chat with our customers' bots. We process visitor data only on behalf of our customer and under their instructions, as governed by our standard Data Processing Addendum.

3. Data we collect from customers (account holders)

When you create a team or get invited to one, we collect:

  • Name and email address
  • Hashed password (we never store passwords in plain text)
  • Profile data you choose to upload (avatar, role)
  • Team membership, roles, and permissions
  • Billing details — collected and processed by Stripe; we store only the customer ID and invoice metadata
  • API tokens and webhook secrets you generate inside the dashboard
  • Knowledge sources you upload or connect (URLs, sitemaps, files, crawl targets)
  • Documents and chunks generated from those sources
  • Bot configurations, widget settings, prompts, and team workflows
  • Push notification device tokens, when you opt in to push alerts

4. Data we collect from visitors (people using your bot)

When a visitor interacts with a FluentBot-powered widget on your site, we collect:

  • Chat messages, timestamps, and any feedback (thumbs up / down, written feedback)
  • File attachments the visitor sends
  • Visitor name and email — only if your widget configuration asks for them or your host page passes them via signed JWT identity verification
  • IP address and approximate geolocation (country, region, city, timezone) — derived via IPInfo
  • Browser type, language, and device class
  • The pages on your site the visitor browsed during the session
  • A widget session token stored in localStorage on the visitor's device so the conversation persists across page loads
  • Escalation context (transcript snapshots, agent assignment) when a conversation is handed off to a human

5. Why we process this data

  • To deliver the service — train bots, retrieve answers, route conversations, persist history, send notifications.
  • To run the AI pipeline — generate embeddings, retrieve chunks, rerank candidates, and synthesize answers using third-party model providers (see Section 7).
  • To bill correctly — track plan usage, message counts, and pages indexed. Payment is handled by Stripe.
  • To keep the platform reliable — application performance monitoring, error reporting, and abuse prevention.
  • To communicate — verification emails, password resets, invitations, and operational notices. We do not send marketing emails to visitors.

6. Cookies and local storage

  • Dashboard session cookies — issued by Laravel Sanctum to keep you logged in. Pruned daily.
  • Sanctum API tokens — issued for programmatic access; expire and are pruned daily.
  • Widget localStorage — the chat widget stores a session token, the active chat ID, and a visitor email cache when the visitor enters one. No cross-site tracking. The widget does not set third-party cookies.

7. Sub-processors and third parties

We rely on the following sub-processors. Each receives only the minimum data required to perform its function.

ProviderPurposeData shared
StripeSubscription billingCustomer ID, payment method (tokenized), invoice line items
OpenAILLM inferencePrompts and retrieved context for response generation
Google (Gemini)LLM inference (selected workflows)Prompts and retrieved context
xAI (Grok)LLM inference (selected workflows)Prompts and retrieved context
OpenRouter (Qwen3-Embedding-8B, Cohere rerank-4-fast)Embeddings and rerankingDocument chunks and queries
PusherWebSocket broadcastingChannel events (messages, status, typing)
SentryError tracking and performance monitoringStack traces, request metadata; PII is filtered server-side via custom before_send rules
LangSmithLLM call tracing for the AI pipelinePrompt/response payloads in a private project
IPInfoIP geolocation lookupVisitor IP at the time of lookup
Firebase Cloud MessagingPush notifications to opted-in agentsDevice tokens, notification payloads
Amazon Web Services (S3)File storage for attachmentsUploaded file content and metadata
Cloudflare (R2 + Email Worker)Encrypted backups; inbound email reply handlingDatabase snapshots; inbound email payloads

8. Where data is stored

  • Primary database — PostgreSQL, hosted in our production region.
  • Vector store — Qdrant (hybrid dense + sparse), one collection per bot, scalar int8 quantization.
  • Cache and queues — Redis.
  • File attachments — Amazon S3.
  • Backups — encrypted snapshots in Cloudflare R2; rotation managed by a scheduled GitHub Actions workflow.

9. Retention

  • Account data is retained while your team is active. When you delete your team, your data is removed within 30 days, except as required by law (for example, billing records).
  • Visitor conversations are retained for as long as the customer (the bot's owner) configures, subject to plan limits.
  • Idle agents are expired automatically (via scheduled task) so they do not appear as available.
  • Push notification device tokens are pruned after 90 days of inactivity.
  • Sessions and expired API tokens are pruned daily.
  • Orphaned attachments (uploaded but not sent) are cleaned up hourly.
  • Backups follow a rolling retention window and are encrypted in transit and at rest.

10. Security

  • All traffic is served over HTTPS.
  • Passwords are hashed with bcrypt; we never see the plain-text value.
  • Identity verification on the widget uses HMAC-signed payloads passed by the host page.
  • Webhooks are signed with a shared secret (FLUENT_AI_WEBHOOK_SECRET, EMAIL_REPLY_WEBHOOK_SECRET, Stripe webhook secret) and verified on receipt.
  • Secrets are managed via GitHub Environments and injected at deploy time. They are never stored in the application image.
  • Errors reported to Sentry pass through a custom filter that strips known PII fields before transmission.

11. Your rights

Depending on your jurisdiction (including the GDPR, UK GDPR, and CCPA), you may have rights to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Delete your data
  • Restrict or object to processing
  • Receive a portable copy of your data
  • Withdraw consent where processing is based on consent

To exercise any of these rights, email support@fluentbot.ai. If your data was provided to us by a customer (because you chatted with their bot), please reach out to that customer first; we act as their processor and will route requests accordingly.

12. International transfers

Several of our sub-processors are based in the United States. When we transfer personal data outside your jurisdiction, we rely on appropriate safeguards (such as Standard Contractual Clauses) where required.

13. Children

FluentBot is a B2B platform intended for businesses and is not directed to children. We do not actively verify age at signup. If you believe a child has provided us with personal data, contact support@fluentbot.ai and we will remove it.

14. Changes to this policy

We update this policy as the product evolves. Material changes will be announced in-app or by email to account holders. The "Last updated" date at the top of this page reflects the latest revision.

15. Contact

Privacy questions, deletion requests, or sub-processor inquiries: support@fluentbot.ai.