Suppabot
Suppabot

Privacy Policy

Last updated: February 17, 2026

Suppabot ("we", "us", "our") operates the suppabot.com website and the Suppabot platform (the "Service"). This page describes our policies regarding the collection, use, and disclosure of personal information when you use our Service.

1. Information We Collect

Account Information

When you create an account we collect your name, email address, and organization details. Authentication is handled by our identity provider (Clerk).

Website Visitor Data

When a visitor interacts with a Suppabot-powered chat widget, we may collect the visitor's name, email address, phone number (if voluntarily provided), IP address, approximate geolocation (country, region, city), browser user-agent, and the content of chat messages. This data is stored to facilitate live chat, lead capture, and conversation history.

Payment Information

Payment processing is handled by Stripe. We do not store credit card numbers on our servers. We retain Stripe customer and subscription identifiers for billing management.

Third-Party Integrations

When you connect third-party services (Google Calendar, Shopify, Slack), we store OAuth access tokens and refresh tokens necessary to maintain the connection. We access only the data required for the specific integration feature you enabled.

2. Google API Services — Limited Use Disclosure

Suppabot's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

What Google data we access

  • Google Calendar (calendar.events, calendar.readonly) — We read your calendar's free/busy information to determine available appointment slots and create calendar events when a website visitor books an appointment through the chat widget.
  • Basic profile (openid, email) — We read your Google email address solely to display which Google account is connected in the integration settings page.

How we use Google data

  • Calendar availability is used only to compute open time slots shown to website visitors.
  • Calendar events are created only when a visitor confirms a booking.
  • Your Google email is displayed in your dashboard so you know which account is connected.

How we store and protect Google data

  • OAuth tokens are stored encrypted at rest in our database.
  • We do not share, sell, or transfer Google user data to any third party.
  • We do not use Google user data for advertising or profiling.
  • Access tokens are refreshed automatically and old tokens are overwritten.

Revoking access

You can disconnect your Google Calendar at any time from the integration settings page. Upon disconnection, we delete the stored OAuth tokens. You can also revoke access from your Google Account permissions page.

3. How We Use Your Information

  • To provide, maintain, and improve the Service.
  • To process transactions and send billing-related communications.
  • To send service-related notifications (e.g., new leads, handoff alerts).
  • To monitor usage for security and abuse prevention.
  • To respond to support requests.

4. Data Sharing

We do not sell your personal information. We share data only with:

  • Service providers — hosting (Vercel), database (Neon/Supabase), authentication (Clerk), payments (Stripe), email (Resend), and AI (OpenAI) — each under agreements that restrict use to providing services to us.
  • As required by law — when we believe disclosure is necessary to comply with legal obligations.

5. Data Retention

We retain account data for as long as your account is active. Conversation data is retained for the duration of your subscription plus 30 days after account deletion. You may request earlier deletion by emailing support@suppabot.com.

6. Security

We implement industry-standard security measures including TLS encryption in transit, encryption at rest for sensitive tokens, and role-based access controls. No method of electronic storage is 100% secure, but we strive to use commercially acceptable means to protect your data.

7. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, delete, or export your personal data. To exercise these rights, contact us at support@suppabot.com.

8. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date.

9. Contact Us

If you have questions about this privacy policy, please contact us at support@suppabot.com.