Effective Date: April 13, 2025

BELNEM s.r.o. (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, protect, and delete personal data when you use our Software-as-a-Service (SaaS) Retrieval-Augmented Generation (RAG) chatbot application available at https://webtalkbot.com (the “Service”). This policy applies to users in the European Union (EU), United States (US), and other jurisdictions, in compliance with applicable laws, including the EU General Data Protection Regulation (GDPR) and relevant US privacy laws.

BELNEM s.r.o. is a company registered in Slovakia, with its registered office at Beckovská 5, 821 04 Bratislava, Slovakia, Company ID: 53713486, Company registered in the Commercial Register of the District Court Bratislava III, Section: Sro, File number: 152015/B.

1. Data We Collect

We collect only the data necessary to provide and improve the Service. This includes:

• Personal Information:
  
  • Username (chosen by you)
  • Email address
  • Website (provided by you during registration or use)
• Chatbot Data: Queries or inputs you provide to the chatbot, including any text or data you submit to generate responses.
• Usage Data: Information about how you interact with the Service, such as timestamps and IP addresses.
• Technical Data: Device information, browser type, and operating system to ensure the Service functions properly.

We do not collect sensitive personal data (e.g., health, biometric, or financial information) unless explicitly provided by you in your chatbot interactions, and we do not use such data for any purpose other than fulfilling your request within the Service.

2. How We Use Your Data

We use your data solely to:

• Provide and maintain the Service, including processing your chatbot queries and managing your account (using your username, email, and website).
• Communicate with you, such as responding to inquiries or sending Service-related notifications (e.g., updates or account information via email).
• Improve the Service by analyzing usage patterns to enhance functionality and user experience.
• Ensure the security and integrity of the Service, such as detecting and preventing fraud or unauthorized access.

No Third-Party Sharing: We do not share, sell, or disclose your personal data to third parties for marketing, advertising, or any other purpose. Your data is used exclusively by BELNEM s.r.o. to operate the Service.

No Exploitation of Data: BELNEM s.r.o. does not use your data for its own benefit, such as profiling, targeted advertising, or other commercial purposes beyond providing the Service.

3. Legal Basis for Processing (EU Users)

For users in the EU, we process your personal data under the following legal bases per GDPR:

• Performance of a Contract (Art. 6(1)(b)): To provide the Service as agreed in our Terms of Service, using your username, email, and website.
• Legitimate Interests (Art. 6(1)(f)): To improve the Service, ensure security, and prevent fraud, provided these interests do not override your rights.
• Consent (Art. 6(1)(a)): For optional features (e.g., newsletter subscriptions), with your explicit consent, which you may withdraw at any time.
• Legal Obligation (Art. 6(1)(c)): To comply with applicable laws, such as tax or data protection regulations.

4. Data Storage and Security

• Storage Location: BELNEM s.r.o. does not store your personal data on its own servers. Your data (username, email, website, and chatbot data) is securely stored by trusted third-party cloud service providers located outside Slovakia, who comply with GDPR and US privacy standards. These providers are contractually obligated to maintain strict security and confidentiality standards.
• Chatbot Data: Data you provide to the chatbot (e.g., queries or inputs) is stored securely and encrypted by our service providers. You may delete this data at any time through your account settings.
• Security Measures: We implement industry-standard technical and organizational measures to protect your data, including encryption, access controls, and regular security audits.
• Data Minimization: We collect only the data necessary to provide the Service (username, email, website, and chatbot inputs), and we do not retain data longer than required.

5. Payments

Payments for the Service are processed securely through Stripe, a third-party payment processor. We do not collect, store, or process your payment information (e.g., credit card details). Stripe’s privacy practices are governed by their own Privacy Policy. By using the Service, you agree to Stripe’s processing of your payment data as necessary to complete transactions.

6. Data Retention and Deletion

• Retention Period: Your personal data (username, email, website) and chatbot data (e.g., queries or inputs) are retained until you delete them or until your chatbot account is inactive for 365 days from the last activity, at which point all data is automatically deleted.
• Deletion Requests: You may request the deletion of your personal data at any time by contacting us through the email address or contact form provided in Section 13. We will delete your data (username, email, website, and chatbot data) within 30 days of receiving your request to cancel your account, unless we are required to retain it to comply with legal obligations.
• Anonymized Data: After deletion, any remaining data is anonymized and cannot be linked to you.

7. Your Rights

Depending on your location, you have the following rights regarding your personal data:

EU Users (GDPR)

• Access: Request a copy of the personal data we hold about you (username, email, website, or chatbot data).
• Rectification: Correct inaccurate or incomplete data.
• Erasure: Request deletion of your data (“right to be forgotten”).
• Restriction: Restrict the processing of your data in certain circumstances.
• Data Portability: Receive your data in a structured, commonly used, and machine-readable format.
• Object: Object to processing based on legitimate interests, including for direct marketing (which we do not conduct).
• Withdraw Consent: Withdraw consent at any time where processing is based on consent, without affecting prior lawful processing.

US Users

In certain US states (e.g., California under the CCPA/CPRA, Virginia under the VCDPA), you may have rights such as:

• Know: Request details about the personal data we collect, use, or disclose (username, email, website, or chatbot data).
• Delete: Request deletion of your personal data.
• Correct: Correct inaccurate personal data.
• Opt-Out: Opt out of the sale or sharing of personal data (not applicable, as we do not sell or share data).
• Non-Discrimination: We will not discriminate against you for exercising your rights.

To exercise any of these rights, please contact us through the email address or contact form provided in Section 13. We will respond within the legally required timeframe (e.g., 30 days for GDPR, 45 days for CCPA).

8. International Data Transfers

For EU users, your data may be transferred to servers outside the European Economic Area (EEA), such as in the US or other jurisdictions, by our third-party service providers. We ensure that such transfers comply with GDPR requirements, including:

• Using service providers in countries with an EU adequacy decision.
• Implementing Standard Contractual Clauses (SCCs) approved by the European Commission.
• Applying additional safeguards, such as encryption and binding corporate rules, where necessary.

For US users, your data is processed in compliance with applicable state and federal laws, and we ensure equivalent protections for any cross-border transfers.

9. Cookies and Tracking Technologies

We use only essential cookies and similar technologies to operate the Service, such as maintaining your session or ensuring security. We do not use cookies for tracking, analytics, or advertising purposes. You can manage cookie preferences through your browser settings.

10. Third-Party Services

The Service relies on third-party infrastructure providers (e.g., cloud hosting services, Stripe for payments) to operate securely. These providers act as data processors and are bound by strict data protection agreements to ensure compliance with GDPR and US privacy laws. We do not share your data with third parties for any other purpose.

11. Children’s Privacy

The Service is not intended for users under the age of 16 (EU) or 13 (US). We do not knowingly collect personal data from children. If we learn that a child’s data has been collected, we will delete it immediately. If you believe a child’s data has been collected, please contact us through the email address or contact form provided in Section 13.

12. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes via email or a prominent notice within the Service before they take effect. Please review this policy periodically for updates.

13. Contact Us