Privacy Policy

Last updated: January 2026

SiteCortex is operated from Norway and is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights.

Data We Collect

Account Holders (Chatbot Owners)

  • Email address — for authentication and communication
  • Name and company name — for your account profile
  • Payment information — processed securely by Stripe (we do not store card details)
  • Knowledge sources — text and documents you upload to train your chatbots
  • Chatbot configuration — settings, prompts, and customizations

Website Visitors (Chat Users)

  • Chat messages — conversations with chatbots are stored
  • Email address — only if the chatbot owner has enabled email collection and you provide it
  • Anonymous visitor ID — a random identifier to maintain conversation context within a session
  • Page URL — the webpage where the chat occurred

Automatically Collected

  • IP address — temporarily stored for rate limiting and abuse prevention (not persisted)
  • Anonymous usage analytics — page views collected without cookies or personal identifiers

How We Use Your Data

  • To provide and operate the SiteCortex service
  • To process your knowledge sources and generate AI responses
  • To send transactional emails (account notifications, usage alerts)
  • To process payments and manage subscriptions
  • To protect against fraud and abuse
  • To comply with legal obligations

We do not sell your data. We do not use your data for advertising.

AI Processing

SiteCortex uses AI services to power chatbot responses:

  • Azure OpenAI (EU-West region) — processes chat messages and generates responses
  • Your data is not used to train AI models
  • We have data processing agreements in place with our AI providers
  • All AI processing for EU customers occurs within the EU

Data Storage and Security

Your data is stored and processed within the European Union:

  • Database and file storage — Supabase, hosted in Frankfurt, Germany
  • Application servers — Scalingo, hosted in France
  • AI processing — Azure OpenAI, EU-West region
  • Encryption — all data is encrypted in transit (TLS) and at rest

Security Measures

  • Passwordless authentication via secure magic links
  • Domain allowlists to restrict where chatbots can be embedded
  • Rate limiting to prevent abuse
  • Input sanitization on all chat messages
  • Row-level security ensuring users can only access their own data

Third-Party Services

We use the following third-party services:

  • Supabase (EU - Frankfurt) — database, authentication, and file storage
  • Scalingo (France) — application hosting
  • Azure OpenAI (EU-West) — AI processing for chat responses
  • Stripe (US-based) — payment processing, with Standard Contractual Clauses for EU transfers
  • Resend (EU - Ireland) — transactional email delivery
  • PostHog (EU - Frankfurt) — anonymous product analytics

Analytics

We use PostHog for anonymous product analytics in cookieless mode:

  • No cookies or local storage used for tracking
  • No personally identifiable information collected
  • All analytics data processed in the EU (Frankfurt)

Data Retention

  • Account data — retained while your account is active
  • Chat conversations — retained for 30 days by default (configurable per chatbot)
  • Knowledge sources — retained until you delete them
  • Account deletion — all associated data is permanently removed

Your Rights

Under GDPR and applicable privacy laws, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data
  • Object to processing

Website visitors can request deletion of their chat conversations by contacting the chatbot owner or by emailing us directly.

Contact

For privacy-related inquiries, contact us at: contact@sitecortex.io

Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated via email to account holders.

←  Back to home