Privacy Policy

UK GDPR – Processor-First SaaS

Last updated: 2 February 2026

1. Introduction

Welcome to Usebot ("we", "our", "us"). We provide a chatbot and lead-capture platform for businesses. We are committed to protecting personal data and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Privacy Policy explains how we process personal data when:

  • you use our website and platform as a customer, or
  • end users interact with chatbots powered by Usebot.

UseBot is a trading name of:

Custom Growth Solutions Ltd - Company No: 16967253
3rd Floor, 86-90 Paul Street
London
England
EC2A 4NE
United Kingdom

2. Roles Under UK GDPR

For clarity:

  • Usebot is a Data Controller for:
    • customer account data
    • billing and subscription data
    • support communications
    • website usage data
  • Usebot is a Data Processor for:
    • end-user data submitted via customer chatbots
    • Our customers are the Data Controllers for end-user chatbot data.

Processing of end-user data is governed by our Data Processing Agreement (DPA).

3. Information We Collect

3.1 Information You Provide (Controller Data)

  • Account details: name, email address, organisation name
  • Authentication credentials
  • Billing details (processed via Stripe; we do not store full card numbers)
  • Support communications
  • Bot configuration and settings

3.2 Information Collected Automatically

  • Usage data (feature usage, session counts)
  • Technical data (hashed IP address, browser type, device information)
  • Essential cookies required for authentication and security

3.3 Information Processed Through Customer Chatbots (Processor Data)

On behalf of our customers, we process:

  • Names, email addresses, phone numbers
  • Messages and chatbot responses
  • Lead capture form submissions
  • Conversation transcripts

4. Legal Bases for Processing (UK GDPR Article 6)

We process personal data under the following lawful bases:

  • Contractual necessity – to provide and operate the Usebot service
  • Legitimate interests – to secure, maintain, and improve our platform
  • Legal obligation – compliance with tax, accounting, and regulatory duties
  • Consent – where required (e.g. marketing communications)

End-user chatbot data is processed solely on customer instructions.

5. How We Use Personal Data

We use personal data to:

  • Provide, operate, and maintain the platform
  • Manage subscriptions and billing
  • Provide customer support
  • Improve features and service reliability
  • Detect fraud, abuse, and security incidents
  • Comply with legal obligations

6. Data Sharing and Sub-Processors

We do not sell personal data.

We may share data with trusted sub-processors, including:

  • Stripe – payment processing
  • Supabase – database and authentication
  • Upstash – rate limiting
  • OpenAI – AI processing (Pro/Growth tiers only)
  • Resend – transactional email delivery

All sub-processors are subject to contractual data protection obligations.

7. International Data Transfers

Where personal data is transferred outside the UK, we rely on UK-approved safeguards, including:

  • the UK International Data Transfer Addendum
  • standard contractual clauses where applicable

8. Data Security

We implement appropriate technical and organisational measures, including:

  • Encryption in transit (TLS/HTTPS) and at rest
  • Row-Level Security (RLS)
  • Secure authentication
  • IP address hashing
  • Rate limiting and abuse protection
  • Regular monitoring and security reviews

9. Data Retention

  • Customer account data is retained for the duration of the contract
  • End-user chatbot data is retained according to customer instructions
  • Upon account deletion, personal data is deleted or anonymised within 30 days, unless legally required otherwise

10. Individual Rights (UK GDPR)

Individuals have the right to:

  • access their data
  • request correction
  • request erasure
  • restrict or object to processing
  • data portability
  • withdraw consent where applicable

Requests relating to chatbot end-user data should be directed to the customer controller.

11. Cookies

We use essential cookies only for authentication and security. No advertising or tracking cookies are used.

For more information, see our Cookie Policy.

12. Children's Data

Usebot is intended for business use and is not directed at individuals under 16 years of age. We do not knowingly process children's data.

13. Changes to This Policy

We may update this policy periodically. Material changes will be communicated via the platform or website.

14. Contact

Email: privacy@usebot.co

Phone: +44 115 647 6767

Address:
UseBot is a trading name of Custom Growth Solutions Ltd
Company No: 16967253
3rd Floor, 86-90 Paul Street
London, England, EC2A 4NE
United Kingdom

← Back to Home