Privacy Policy

Introduction

DialogKit (“we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our conversational flow builder platform and services.

Information We Collect

Account Information

When you create a DialogKit account, we collect:

• Email address
• Organization name
• Account preferences and settings

Conversation Data

When you create and deploy conversational flows, we collect:

• Flow configurations (nodes, edges, logic)
• Conversation messages and responses
• User interaction data from your flows
• Variables and data collected through your flows

Usage Analytics

We automatically collect certain information about your use of our services:

• Usage metrics (flows created, conversations conducted)
• Performance data (load times, error rates)
• Device and browser information
• IP addresses and geographic location

Payment Information

Payment processing is handled by Stripe. We do not store your full credit card information. We receive only:

• Last 4 digits of credit card
• Card brand and expiration date
• Billing address
• Payment history and invoices

How We Use Your Information

We use the collected information for:

• Service Delivery: Provide, maintain, and improve DialogKit services
• Billing: Process payments and manage your subscription
• Communication: Send service updates, security alerts, and support messages
• Analytics: Understand usage patterns to improve features and user experience
• Security: Detect, prevent, and address fraud, abuse, and security issues
• Legal Compliance: Comply with legal obligations and enforce our terms

Data Storage and Security

Your data is stored on secure MongoDB Atlas databases with the following protections:

• Encryption: All data is encrypted at rest and in transit using industry-standard SSL/TLS protocols
• Access Control: Role-based access control with multi-factor authentication for team members
• Regular Backups: Automated daily backups with 30-day retention
• Security Audits: Regular security assessments and vulnerability scanning
• Infrastructure: Hosted on secure cloud infrastructure with 99.9% uptime SLA

Data Retention

We retain your data for as long as your account is active or as needed to provide services. Specifically:

• Account Data: Retained until you delete your account
• Conversation Data: Retained for 90 days by default, customizable in settings
• Billing Records: Retained for 7 years for tax and accounting purposes
• Analytics Data: Aggregated and anonymized after 12 months

You can delete your account and all associated data at any time from your account settings. Upon deletion, all data is permanently removed within 30 days.

Third-Party Services

We use the following third-party services that may have access to your information:

• MongoDB Atlas: Database hosting (AWS infrastructure)
• Stripe: Payment processing
• Google Analytics: Usage analytics and performance monitoring
• Email Service Provider: Transactional emails (OTP verification, notifications)

Each of these services has their own privacy policy governing the use of your information.

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

• With Your Consent: When you explicitly authorize us to share information
• Service Providers: With third-party vendors who help us operate our business (as listed above)
• Legal Requirements: When required by law, court order, or government request
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• Protection: To protect our rights, property, or safety, or that of our users

Your Rights

You have the following rights regarding your personal data:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and data
• Export: Download your data in a portable format (JSON)
• Opt-Out: Unsubscribe from marketing communications
• Restrict Processing: Limit how we use your data
• Object: Object to processing based on legitimate interests

To exercise these rights, contact us at privacy@dialogkit.io. We will respond within 30 days.

Cookies and Tracking

We use cookies and similar tracking technologies to:

• Maintain your login session
• Remember your preferences and settings
• Analyze usage patterns and improve our services
• Provide security and fraud prevention

You can control cookies through your browser settings. Note that disabling cookies may limit functionality.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable laws.

Children's Privacy

DialogKit is not intended for use by children under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on this page
• Updating the “Last updated” date
• Sending an email notification for significant changes

Continued use of DialogKit after changes constitutes acceptance of the updated Privacy Policy.