InsertChat
Start for Free
Privacy

How InsertChat handles assistant data

Read what we collect, how we use it, and how privacy rights work for branded assistants built from approved website content.

GDPR-readyNo model trainingAccess and deletion rights
Start for Free

7-day free trial · No card required

Privacy

Privacy basics for visitor-facing AI

The principles teams review before adding a branded assistant to a public website.

No sale of customer data

Customer and visitor data is not sold or rented to third parties.

Encryption in transit and at rest

Assistant data is protected with encryption in transit and at rest.

Privacy rights support

Access, correction, deletion, export, and restriction requests are supported through documented review paths.

No model training

Customer content, prompts, and conversation data are not used to train third-party foundation models.

Policy

Privacy policy

The legal policy remains available in full, with the practical assistant context kept above it.

Introduction

Welcome to InsertChat ('Company', 'we', 'us', or 'our'). Protecting your privacy is our top priority, and this notice outlines how we collect, use, and safeguard your personal data. As a European company, we adhere to stringent European privacy regulations, which are among the most rigorous in the world.

1. Our Commitment to Your Privacy

  • No Data Sharing or Selling: We do not utilize, disclose, or sell your data in any form.
  • Robust Security Measures: We use industry-leading encryption, conduct regular security audits, implement stringent access controls, and maintain continuous monitoring to protect your data.
  • Complete Data Control: Unlike some of our competitors, we maintain full control over our infrastructure and do not outsource to external vector databases.

2. Data Collection and Use

We collect data to provide, improve, and personalize our services when you:

  • Visit our website at https://insertchat.com or associated sites.
  • Engage with us through sales, marketing, or events.
  • Participate in activities on our Services.

3. Types of Data We Collect

Personal Data Provided by You:

  • Voluntary Information: Includes email addresses, passwords, and payment data (processed by Stripe, see Stripe Privacy Policy).
  • Account and Authentication Data: Necessary for account creation, access, and maintenance.

Automatically Collected Data:

  • Technical and Usage Information: Includes IP addresses, browser details, operating systems, usage data, and interaction logs. This data is collected primarily for security, analytics, and service improvement.

4. Legal Basis for Data Processing

We process your data under the following legal bases, compliant with the GDPR and UK GDPR:

  • Consent: Where you have provided explicit consent.
  • Contractual Necessity: To fulfill our contractual obligations or pre-contractual requests.
  • Legal Obligations: To comply with legal requirements.
  • Legitimate Interests: To support our business interests in a manner that is not overridden by your rights.

5. Detailed Data Processing Purposes

  • Account Creation and Management: To facilitate account creation, login, and maintain your account in working order.
  • Service Delivery: To provide and improve the services you request, such as responding to your inquiries and providing support.
  • Administrative Communications: To send you important updates and information about our products, services, terms, and policies.
  • Security and Fraud Prevention: To maintain the security and integrity of our Services and protect against unauthorized access.
  • Legal Compliance: To comply with applicable legal obligations and regulatory requirements.

6. Data Retention

We retain data only as long as necessary to fulfill the purposes outlined in this notice, or as required by law. Specific retention periods are determined based on criteria such as legal obligations, business needs, and data minimization principles. For example:

  • Account Data: Retained as long as you have an account with us.
  • Payment Data: Retained in accordance with accounting and tax compliance requirements.

When data is no longer needed, it will be securely deleted or anonymized.

7. Data Sharing

We may share data in specific scenarios, such as:

  • Business Transfers: In the event of mergers, acquisitions, or asset sales, data may be transferred under strict confidentiality and protection obligations.
  • Service Providers: With parties who process data on our behalf under stringent confidentiality and data protection obligations.

8. Security Measures

We implement comprehensive technical and organizational measures to secure your data, including:

  • Industry-leading encryption for data in transit and at rest.
  • Regular security audits and continuous monitoring.
  • Stringent access controls to ensure only authorized personnel have access to data.

Despite our best efforts, no method of electronic transmission or storage is completely secure. Therefore, while we strive to protect your data, we cannot guarantee its absolute security.

9. International Data Transfers

For international data transfers, especially outside the EEA, we ensure adequate protection through mechanisms like Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs), compliant with applicable laws.

10. Your Privacy Rights

Depending on your location, you have various rights regarding your personal data, including:

  • Right to Access: To request access to your personal data.
  • Right to Rectification and Erasure: To correct or delete your data.
  • Right to Restrict Processing and Object: To restrict or object to the processing of your data.
  • Right to Data Portability: To request a copy of your data in a portable format.

11. Exercising Your Rights

To exercise your rights, please use our contact page. We will respond to your requests in accordance with applicable data protection laws and strive to address your inquiries promptly.

12. Children's Privacy

Our Services are not intended for children under 18 years of age. If we learn that personal data from minors has been collected, we will promptly delete it. If you become aware of any such data being collected, please contact us immediately through our contact page.

13. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience. Detailed information about our use of cookies and how you can manage your cookie preferences can be found in our Cookie Notice.

14. Do Not Track Signals

Currently, no uniform standard for Do Not Track (DNT) signals has been adopted, and as such, we do not respond to DNT signals or similar mechanisms. Should a standard be established, we will update our practices accordingly and notify you through a revised privacy notice.

15. Regional Privacy Rights

15.1 California Residents

California Civil Code Section 1798.83 (Shine The Light law) allows California residents to request information about personal data disclosures for direct marketing purposes. California residents can also request the removal of unwanted data posted publicly. Please visit our contact page to exercise these rights.

15.2 Virginia Residents

Under the Virginia Consumer Data Protection Act (CDPA), Virginia residents have specific rights related to accessing, correcting, deleting, and opting out of the processing of their personal data. To exercise these rights, please use our contact page.

16. Updates to This Notice

We may update this privacy notice periodically to ensure compliance with relevant laws and reflect changes to our data practices. The updated version will have an updated 'Effective Date' and will be effective immediately upon its availability. Significant changes to this notice will be communicated prominently.

17. Contact Us

For any questions or privacy-related concerns, visit our contact page. Our Data Protection Officer is available to assist with your privacy inquiries.
Security

How assistant data stays protected

Practical safeguards for sources, conversations, access, retention, and deletion.

Approved source and conversation scope

Encryption in transit and at rest

Role-based access controls

Retention and deletion review paths

Knowledge
Website pages
·
Documents
·
Videos
·
FAQs & policies
·
Website pages
·
Documents
·
Videos
·
FAQs & policies
·
Website pages
·
Documents
·
Videos
·
FAQs & policies
·
Website pages
·
Documents
·
Videos
·
FAQs & policies
·
Website pages
·
Documents
·
Videos
·
FAQs & policies
·
Website pages
·
Documents
·
Videos
·
FAQs & policies
·
Brand
Logo and colors
·
Assistant tone
·
Custom domain
·
Suggested prompts
·
Logo and colors
·
Assistant tone
·
Custom domain
·
Suggested prompts
·
Logo and colors
·
Assistant tone
·
Custom domain
·
Suggested prompts
·
Logo and colors
·
Assistant tone
·
Custom domain
·
Suggested prompts
·
Logo and colors
·
Assistant tone
·
Custom domain
·
Suggested prompts
·
Logo and colors
·
Assistant tone
·
Custom domain
·
Suggested prompts
·
Launch
Website widget
·
Full-page assistant
·
Lead capture
·
Support handoff
·
Website widget
·
Full-page assistant
·
Lead capture
·
Support handoff
·
Website widget
·
Full-page assistant
·
Lead capture
·
Support handoff
·
Website widget
·
Full-page assistant
·
Lead capture
·
Support handoff
·
Website widget
·
Full-page assistant
·
Lead capture
·
Support handoff
·
Website widget
·
Full-page assistant
·
Lead capture
·
Support handoff
·
Learn
Top questions
·
Content gaps
·
Source usage
·
Lead signals
·
Top questions
·
Content gaps
·
Source usage
·
Lead signals
·
Top questions
·
Content gaps
·
Source usage
·
Lead signals
·
Top questions
·
Content gaps
·
Source usage
·
Lead signals
·
Top questions
·
Content gaps
·
Source usage
·
Lead signals
·
Top questions
·
Content gaps
·
Source usage
·
Lead signals
·
InsertChat

The AI assistant platform that's actually yours — white-label included, never a paid add-on.

Read our reviews
SOC 2 Type II examined controls reportGDPR compliantCCPA compliantHIPAA compliant enterprise deploymentsZero data retention AI

Directories

© 2026 InsertChat. All rights reserved.

All systems operational