Templates Pricing Integrations

Features

AI Training
Customization
Inbox & Live Chat
API & Tools
Lead Capture
Analytics
Languages

Industries

SaaS
Ecommerce
Healthcare
Education
Manufacturing
Finance
Travel & Tourism

Use Cases

Service Businesses
Veterinary
Law Firms
Showit & Photography
Internal Knowledge Base

Privacy Policy

Effective date: June 3, 2026

SiteSpeakAI is a product of Espresso Dev (Pty) Ltd ("we", "us", or "our"), a company registered in South Africa (registration number 2015/437542/07). This privacy policy explains what personal data we collect, how we use it, who we share it with, and the rights you have over it.

If you have any questions, or want to exercise any of your rights, contact us at privacy@sitespeak.ai.

1. Our role: controller and processor

We handle personal data in two different roles:

  • As a controller, we decide how and why data is processed. This applies to the personal data of our account holders (our customers) and visitors to our marketing website at sitespeak.ai.
  • As a processor, we process data on behalf of and under the instructions of our customers. This applies to the content our customers train their chatbots on and the conversations their chatbots have with their website visitors. For that data, our customer is the controller, and our processing is governed by our Data Processing Agreement.

2. Information we collect

Account information (you, our customer)

  • Name and email address
  • Password (stored only as a secure hash)
  • Profile photo, if you upload one
  • If you sign in with Google: your Google account identifier and sign-in type
  • Two-factor authentication data, if you enable it
  • Signup and marketing attribution data (for example, the source that referred you and UTM parameters)

Billing information

Payments are handled by our payment provider, Paddle, which acts as the merchant of record. Paddle collects your billing details directly at its checkout. We do not store full payment card details on our servers.

Customer content (data you give us to train your chatbot)

When you create a chatbot, we collect and index the website pages, documents, and other content you provide so the chatbot can answer questions from it. This content can contain personal data if your own material does. You control what content you add.

Visitor data (your chatbot's end users)

When a visitor interacts with a chatbot you have published, we process, on your behalf:

  • The messages they send and the chatbot's responses
  • A randomly generated visitor identifier
  • Their approximate country, derived from their network connection
  • Any details they choose to provide or that you choose to collect through lead-capture or user-identification features, such as name, email address, phone number, or other custom fields

Usage and analytics information

We collect information about how our service is used, such as features accessed and pages viewed, to operate and improve the product. See the Cookies section for details.

3. How we use information and our legal bases

We use personal data for the following purposes:

  • To provide the service (creating and running chatbots, indexing content, generating responses, processing conversations). Legal basis: performance of our contract with you.
  • To process payments and manage your subscription. Legal basis: performance of our contract with you.
  • To provide support and communicate with you about your account and the service. Legal basis: performance of our contract and our legitimate interests.
  • To secure, monitor, and improve the service, including error monitoring and analytics. Legal basis: our legitimate interests in keeping the service reliable and secure.
  • To send marketing communications, where permitted. Legal basis: consent, or our legitimate interests, depending on the channel and your location. You can opt out at any time.
  • To comply with legal obligations. Legal basis: compliance with a legal obligation.

We do not use customer content or visitor conversations to train our own or any third party's AI models.

4. Generative AI providers

Chatbot responses are generated using third-party AI providers. When a visitor sends a message, the message and the relevant retrieved content are sent to the AI provider configured for that chatbot to generate a response. These providers act as our subprocessors and are contractually prohibited from using the data to train their models. The current providers are listed in our Trust Center.

5. Sharing of information and subprocessors

We share personal data with third-party service providers (subprocessors) that help us run the service, such as hosting, AI processing, search, email delivery, and analytics. Each subprocessor is bound by a data processing agreement and may only use the data to provide its service to us. A current list of our subprocessors, their purpose, location, and the safeguard used for any international transfer, is published in our Trust Center.

We may also share information:

  • As required by law or in response to valid requests by public authorities.
  • In connection with a merger, acquisition, financing, or sale of assets, in which case we will notify you of any change in control.

We do not sell your personal data.

6. International data transfers

We and some of our subprocessors are located outside the European Economic Area (EEA) and the United Kingdom, including in South Africa, the United States, and Canada. Where we transfer personal data outside the EEA or the UK, we rely on an appropriate safeguard for each transfer:

  • The EU-US Data Privacy Framework (and its UK Extension), for subprocessors that are actively certified under it.
  • The European Commission's Standard Contractual Clauses, together with the UK International Data Transfer Addendum where relevant, for transfers to providers that are not certified under the Framework.
  • An adequacy decision, where the destination country has been recognized by the European Commission as providing an adequate level of protection.

The specific safeguard that applies to each subprocessor is shown in our Trust Center. You can request a copy of the relevant transfer mechanism by contacting us at privacy@sitespeak.ai.

7. How long we keep data

We keep personal data only for as long as needed for the purposes described in this policy:

  • Account data: until your account is deleted, plus up to 30 days for final billing and records.
  • Chatbot conversations: for 2 years, or until you delete them, whichever comes first. You can configure deletion in your dashboard.
  • Indexed content: removed within 30 days after you delete the source it came from.
  • Analytics data: up to 3 years.
  • Backups: up to 90 days in secure backup systems.

We may keep certain information for longer where required by law or to resolve disputes and enforce our agreements.

8. Your rights

Depending on your location, you have the following rights over your personal data:

  • Access: request a copy of the personal data we hold about you.
  • Rectification: ask us to correct inaccurate or incomplete data.
  • Erasure: ask us to delete your data ("right to be forgotten").
  • Portability: receive your data in a structured, machine-readable format.
  • Restriction and objection: ask us to restrict, or object to, certain processing.
  • Withdraw consent: where we rely on consent, withdraw it at any time without affecting earlier processing.
  • Complaint: lodge a complaint with your local data protection authority.

You can exercise most of these rights directly: update or delete your account from your dashboard, export your data from your profile, or contact us at privacy@sitespeak.ai. We will respond within the time limits required by applicable law.

If you are a website visitor interacting with a chatbot built by one of our customers, that customer is the controller of your data. Please direct your request to them; we will assist them in responding.

9. Cookies and similar technologies

We use cookies and similar technologies (such as local storage) to operate the service, remember your preferences, and understand how the service is used. Strictly necessary cookies are always active. For visitors in the EEA and the UK, we ask for your consent before setting non-essential analytics and marketing cookies, and you can change your choice at any time.

The main categories we use are:

  • Strictly necessary: sign-in, security, and session management.
  • Analytics: understanding usage to improve the product (for example, PostHog and our website analytics).
  • Marketing: measuring and improving our advertising, where you have consented.

10. Children

The service is not directed to children, and we do not knowingly collect personal data from anyone under the age of 16. If you believe a child has provided us with personal data, contact us and we will delete it.

11. Changes to this policy

We may update this policy from time to time. We will post the updated version on this page and update the effective date above. For significant changes, we will provide additional notice where required.

12. Contact us

For any privacy questions or requests, contact our privacy team at privacy@sitespeak.ai.