Privacy Policy

Sapybase (“we”, “us”, “our”) is a SaaS platform that lets businesses build and deploy AI-powered chatbots. We are operated by Ayush Satvara, based in Jersey City, New Jersey, United States.

This Privacy Policy applies to our website at www.sapybase.com, our dashboard, our embeddable chatbot widget, and our API. By using any of these services you agree to the practices described here.

We collect the following categories of data:

• Account data — name, email address, and authentication credentials managed via Clerk (our identity provider). We never store your password directly.
• Billing data— subscription plan, billing period, and payment status managed via Polar. We do not store full credit card numbers; payment details are handled by Polar's PCI-compliant infrastructure.
• Bot configuration data — bot names, knowledge base content (URLs, PDFs, text), system prompts, and settings you configure in the dashboard.
• Chat logs — conversations between your end-users and your bots, including user queries and AI-generated responses. These are stored to power analytics, the unanswered-question dashboard, and SEO FAQ generation.
• Usage data — message counts, API request metadata, IP addresses, and browser/device information collected for rate limiting, billing enforcement, and abuse prevention.
• Lead & conversion data — if you enable lead capture on your bot, end-user contact information (name, email, phone) submitted through the widget is stored, scored as HOT/WARM/COLD, and attributed to your account and its traffic source so you can measure conversion performance.

• Providing, operating, and improving the Sapybase platform and your bots.
• Processing subscription billing and enforcing plan limits.
• Generating analytics, insight reports, and SEO FAQ content for your bots.
• Sending account and billing emails via Clerk, and product notification emails — hot-lead alerts, human-handoff notifications, and the weekly results digest — via Resend.
• Detecting and preventing abuse, fraud, and rate-limit violations.
• Responding to your support requests sent to ayushsatvara2002@gmail.com.

We do notsell your data or your end-users' data to third parties. We do not use chat log content to train AI models beyond your own bot's knowledge base.

We share data with the following third-party subprocessors solely to deliver the service. Each is bound by their own data protection agreements.

We retain your data for as long as your account is active. Specific retention periods:

• Chat logs — retained for 12 months from the date of each conversation, then subject to deletion in a future automated purge feature (currently manual on request).
• Account & billing data — retained for the lifetime of your account plus 3 years after account closure for tax and legal compliance.
• Knowledge base content — deleted immediately when you remove it from the dashboard or delete your bot.
• Lead capture data — retained until you delete it from your dashboard or close your account.

To request early deletion of any data, email ayushsatvara2002@gmail.com. We will action deletion requests within 30 days.

We use strictly necessary cookies for session management (via Clerk) and do not use advertising or cross-site tracking cookies. Our frontend may use Vercel's analytics for aggregate page-view counts — this does not involve selling data or fingerprinting individual users.

Depending on your location, you may have the right to access, correct, delete, or export the personal data we hold about you. US residents (including California under CCPA) and EU/UK residents (under GDPR) may also have the right to object to or restrict certain processing.

To exercise any of these rights, email ayushsatvara2002@gmail.com with the subject line “Privacy Request”. We will respond within 30 days.

We implement industry-standard security measures including TLS encryption in transit, hashed API keys (SHA-256, never stored in plaintext), Clerk-managed authentication, and role-based access controls. Our database is hosted on Supabase with pgvector on PostgreSQL 17.

No method of transmission over the internet is 100% secure. In the event of a data breach that materially affects your account, we will notify you by email within 72 hours of becoming aware.

Sapybase is not directed at children under 13. We do not knowingly collect personal data from anyone under 13. If you believe a child has provided us data, contact us immediately at ayushsatvara2002@gmail.com.

We may update this Privacy Policy from time to time. When we do, we will update the “Last Updated” date at the top of this page and, for material changes, notify you by email. Continued use of the service after changes constitutes acceptance of the updated policy.