Privacy Policy

This policy covers two groups of people:

• Customers — business owners who sign up for SwiftFinch at swiftfinch.ai to create and embed chatbots on their websites.
• Visitors — end users who interact with a SwiftFinch-powered chat widget embedded on a customer’s website.

If you are a visitor and have questions about a specific business’s chatbot, contact the business that embeds the widget. They are the data controller for their customer interactions; we are their data processor.

From customers (account holders)

• Account information — email address, supplied when you sign up via magic link
• Billing information — payment is processed by Stripe; we receive your subscription status and a Stripe customer ID, but never your full credit card number
• Content you provide — website URLs, uploaded text or files, and any manual knowledge entries you add to train your chatbot
• Usage data — which bots you’ve created, their status, basic analytics (e.g., conversation counts)

From visitors (people chatting with a widget)

• Questions asked — the text of each question submitted through a chat widget is stored in our database so the business owner can see what their visitors are asking. This data is associated with the business’s bot, not with any individual visitor identity.
• Outcome data — whether the bot answered the question or escalated it (flagged as unanswered)
• Timestamp — when each question was asked

We do not collect names, email addresses, IP addresses, or any identifying information about visitors through the chat widget.

Automatically collected

• Cookies — our authentication system (Supabase) sets a session cookie when customers log in. Stripe sets cookies during checkout. We do not currently use analytics or advertising cookies.
• Server logs — standard web server logs (timestamps, error records) for operational purposes

• To provide the service — hosting your bot, answering visitor questions, sending magic link emails for login
• To process payments — via Stripe
• To operate and improve the product — aggregated usage patterns help us diagnose problems and plan features
• To communicate with you — account-related emails (password resets, billing notifications)

We do not sell your data or use it for advertising.

• Account information — as long as your account is active, plus 30 days after deletion for backups to expire
• Visitor conversations — automatically deleted after 90 days. This retention window lets business owners review recent interactions while keeping the dataset bounded.
• Billing records — retained as long as required by law (typically 7 years for tax purposes)

We share data only with service providers we rely on to run SwiftFinch:

• Supabase — database, authentication, file storage
• Vercel — frontend hosting
• Railway — backend hosting
• Anthropic — the Claude API powers our chatbot responses. Visitor questions are sent to Anthropic to generate answers. Anthropic does not train on API data per their terms.
• Voyage AI — generates embeddings for retrieval
• Stripe — payment processing
• Resend — transactional email delivery

Each provider processes data on our behalf under their own terms and security practices. We do not share data with advertisers, data brokers, or any third party outside this list.

Our infrastructure is based in the United States. If you access SwiftFinch from outside the U.S., your data will be transferred to and processed in the U.S.

Depending on where you live, you may have rights to:

• Access the personal data we hold about you
• Request correction or deletion of your data
• Object to certain uses of your data
• Export your data in a machine-readable format

To exercise any of these rights, email support@swiftfinch.ai. We will respond within 30 days.

California residents: you have specific rights under the CCPA, including the right to know what personal information is collected and the right to request deletion. We do not sell personal information.

EU/UK residents: you have rights under GDPR including the right to lodge a complaint with your local data protection authority. Our lawful basis for processing is typically the performance of a contract (providing the service) or legitimate interest (operating and improving the product).

We use industry-standard security practices, including encryption in transit (HTTPS/TLS), encryption at rest for our database, and role-based access controls. No method is 100% secure, but we work to protect your information as best as we reasonably can.

If we discover a data breach affecting your information, we will notify you in accordance with applicable laws.

SwiftFinch is not intended for users under the age of 16. We do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it.

We may update this policy from time to time. Material changes will be announced on swiftfinch.ai and, for customers, by email. Continued use of SwiftFinch after an update means you accept the revised policy.

support@swiftfinch.ai