Skip to main content
This page summarises what data SiteSpeakAI processes on your behalf, how it is secured, and the controls you have. For the authoritative details, see our Trust Center, Privacy Policy, and Data Processing Agreement.

What data is processed

When a visitor chats with your bot, SiteSpeakAI processes:
  • Messages the visitor sends and the responses your chatbot generates.
  • Lead details (such as name, email, or phone) only if you enable lead capture.
  • A randomly generated visitor ID and the visitor’s approximate country, derived from their network connection.
  • The content you train your bot on (your website pages, documents, and other sources).
You are the controller of this data. SiteSpeakAI processes it as your processor, on your instructions.

How responses are generated

To answer a question, the visitor’s message and the most relevant pieces of your training content are sent to the AI provider configured for your chatbot (OpenAI, Anthropic, Google, or xAI) to generate a response.
AI providers act as our subprocessors and are contractually prohibited from using your data to train their models. We never use your content or conversations to train any AI model.

Security

  • Encryption in transit (TLS) and at rest (AES-256).
  • Hosted on SOC 2-certified infrastructure (DigitalOcean).
  • Role-based access with multi-factor authentication and least-privilege access for staff.
  • Optional PII redaction masks identifiers such as ID numbers, payment card numbers, and bank account numbers in visitor messages before they reach AI providers or storage.
The full list of subprocessors, their location, and the data-transfer safeguard used for each is published in our Trust Center.

Controls you have

Pre-chat notice

Require visitors to accept a notice before chatting, with a one-click GDPR preset.

Lead capture privacy link

Show a link to your own privacy policy on the lead capture form.

Manage conversations

Review and delete individual conversations and visitor records at any time.

Identify users

Control what visitor information is passed to your chatbot.
You can also export your account data and delete your account at any time from your dashboard.

GDPR and compliance

  • We offer a signable Data Processing Agreement that incorporates the EU Standard Contractual Clauses for international transfers.
  • We maintain a current, public subprocessor list in the Trust Center.
  • We support data subject rights (access, rectification, erasure, portability, objection). You can action many of these directly from your dashboard, or contact us at privacy@sitespeak.ai.
If your visitors are in the EEA or UK, enable the pre-chat notice and add your privacy policy URL to the lead capture form so visitors are informed before any data is collected.

Where data is stored

SiteSpeakAI’s infrastructure is currently hosted in the United States. Transfers of EEA, UK, and Swiss personal data are covered by the safeguards listed per subprocessor in the Trust Center (the EU-US Data Privacy Framework, Standard Contractual Clauses, or an adequacy decision).

Questions

For data, privacy, or security questions, contact privacy@sitespeak.ai.

Ready to automate your customer service with AI?

Join over 1000+ businesses, websites and startups automating their customer service and other tasks with a custom trained AI agent.
Last modified on June 4, 2026