IntegrioChatSign in

Privacy Policy

Effective date: April 15, 2026

IntegrioChat, operated by Yasmina Mineva, Sofia, Bulgaria (“we,” “us,” “our”) operates the IntegrioChat platform and related services (the “Service”). This Privacy Policy explains how we collect, use, disclose, and protect personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Bulgarian law.

1. Data We Collect

  • Account data — name, email address, and hashed password when you register.
  • Billing data — payment and transaction metadata processed via Stripe. We store only subscription status and Stripe customer/subscription IDs; full card details are never stored by us.
  • Chatbot content — website URLs you provide for training, custom Q&A pairs, system prompts, and conversation messages.
  • Usage data — token counts, message counts, and timestamps used for billing and analytics.
  • Log data — IP addresses, browser types, and request logs retained for security and debugging.
  • Cookies — a session cookie (NextAuth) to keep you signed in. We do not use advertising or third-party tracking cookies.

2. How We Use Your Data

  • To provide, operate, and improve the Service.
  • To process payments and manage subscriptions.
  • To send transactional emails (password resets, billing notices).
  • To detect abuse, fraud, and security incidents.
  • To comply with legal obligations.

We do not sell your personal data to third parties. We do not use your content to train AI models beyond what is necessary to operate your chatbots.

3. Subprocessors

We share data only with the following processors under appropriate agreements:

  • Stripe — payment processing (United States)
  • OpenAI — AI inference for chatbot responses (United States)
  • Vercel — hosting and infrastructure (United States / EU)
  • Supabase — database hosting (EU region where available)
  • Resend — transactional email delivery
  • Upstash — rate limiting (IP addresses only, transiently)

4. International Data Transfers

Some subprocessors are based outside the European Economic Area (EEA). Where personal data is transferred internationally, we rely on Standard Contractual Clauses (SCCs) or other appropriate safeguards as required by GDPR Chapter V.

5. Data Retention

We retain your data for as long as your account is active. You may request deletion at any time; data is removed within 30 days of a verified request. Billing records may be retained for up to 7 years to comply with Bulgarian accounting and tax law.

6. Security

Passwords are stored as bcrypt hashes. All data in transit is protected by TLS. We apply row-level tenant isolation so one customer's data cannot be accessed by another. We implement commercially reasonable technical and organizational safeguards; however, no system is completely secure.

7. Your Rights (GDPR)

As a data subject under GDPR, you have the right to:

  • Access — request a copy of your personal data.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure — request deletion (“right to be forgotten”).
  • Restriction — request that we limit processing of your data.
  • Portability — receive your data in a machine-readable format.
  • Objection — object to processing based on legitimate interests.
  • Lodge a complaint — with the Commission for Personal Data Protection (CPDP) in Bulgaria (www.cpdp.bg) or your local supervisory authority.

To exercise any of these rights, email support@integriochat.com. We will respond within 30 days.

8. Cookies

We use only essential cookies required for authentication and security. No advertising or analytics cookies are used. See our Cookie Policy for details.

9. Changes to This Policy

We may update this policy from time to time. We will notify you by updating the effective date above and, for material changes, by email. Continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact

For privacy questions or to exercise your rights: support@integriochat.com