Privacy Policy

Last Updated: September 15, 2025

Welcome to Gemmabot. We are committed to protecting your privacy and handling your data in an open and transparent manner. This Privacy Policy explains how we collect, use, process, and safeguard your information when you use our services.

By using Gemmabot, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

We collect several different types of information for various purposes to provide and improve our Service to you.

a. Information You Provide to Us
  • Account Information: When you register for an account, we collect information such as your name, email address, and password.
  • Team Information: We collect information about your team, including the team name and details of the members you invite.
  • Payment Information: When you subscribe to a paid plan, we use a third-party payment processor (Stripe) to handle your payment information. We do not store your credit card details on our servers.
  • Agent Knowledge Base Data: To train your AI agents, you provide us with data, which may include uploading files (PDFs, documents), pasting text, providing website URLs for scraping, or connecting to APIs ("Knowledge Base"). This data is your proprietary information.
  • Configuration Data: We store the settings you configure for your agents, such as their name, personality instructions (base prompt), appearance, and connected tools.
  • Secrets and API Keys: If you use features like Tools or provide your own LLM API keys, we store these credentials. All secrets and API keys are encrypted at rest to ensure their security.
b. Information We Process on Your Behalf
  • End-User Chat Data: We process the conversations that end-users have with your AI agents. This includes the questions they ask and the responses generated by the agent. In this context, you are the "Data Controller" and Gemmabot is the "Data Processor."
c. Information We Collect Automatically
  • Usage Data: We may collect information on how the Service is accessed and used. This Usage Data may include information such as your computer's Internet Protocol (IP) address, browser type, browser version, the pages of our Service that you visit, the time and date of your visit, and other diagnostic data.
  • Cookies: We use cookies and similar tracking technologies to track the activity on our Service and hold certain information to maintain your session and improve your experience.

2. How We Use Your Information

We use the collected data for various purposes:

  • To provide, operate, and maintain our Service.
  • To manage your account and provide you with customer support.
  • To process your payments and manage your subscriptions.
  • To notify you about changes to our Service or policies.
  • To monitor the usage of our Service and improve its functionality.
  • To provide analytics and valuable information to you within your dashboard, such as conversation volume and credit usage.

Most importantly, how we use your Agent Knowledge Base Data:

  • Your Knowledge Base data is used exclusively to enable your AI agent to generate responses for your end-users.
  • We use a process called Retrieval-Augmented Generation (RAG), where relevant snippets of your data are provided to a third-party Large Language Model (LLM) at the time of a query to generate a contextual answer.
  • Your data is never used to train any third-party AI models or our own models. It remains your confidential information.

3. How We Share and Disclose Information

We do not sell your personal data. We may share your information in the following limited circumstances:

  • Third-Party Service Providers: We share information with third-party vendors and services that help us operate our business. These include:
    • AI Model Providers: To generate chat responses, we send relevant parts of your Knowledge Base data and the end-user's query to AI providers like OpenAI, Google, and Anthropic. We only send the minimum information necessary.
    • Payment Processors: We use Stripe for payment processing.
    • Hosting and Infrastructure: Our service is hosted on secure cloud infrastructure.
  • Legal Compliance: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).
  • Business Transfers: If we are involved in a merger, acquisition, or asset sale, your Personal Data may be transferred.

4. Data Security

We take the security of your data very seriously. We implement a variety of security measures to maintain the safety of your personal information:

  • Encryption: All data, including your Knowledge Base files and chat logs, is encrypted in transit (using TLS/SSL) and at rest.
  • Secret Management: Sensitive information like API keys and secrets you provide are encrypted using strong, industry-standard algorithms before being stored.
  • Access Control: We limit access to your data to authorized personnel who need it to perform their job functions.

While we strive to use commercially acceptable means to protect your data, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security.

5. Data Retention

We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain your account information and Knowledge Base data as long as your account is active. You can delete your data and your account at any time.

End-user chat logs are retained to be displayed in your dashboard and can be archived or deleted by you.

6. Your Data Protection Rights

You have certain data protection rights. Gemmabot aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.

  • Access and Update: You can access and update your account information through your team and account settings.
  • Deletion: You can delete your data sources and agents directly from your dashboard. To delete your entire account, please contact us.

7. Children's Privacy

Our Service does not address anyone under the age of 13 ("Children"). We do not knowingly collect personally identifiable information from anyone under the age of 13. If you are a parent or guardian and you are aware that your Children has provided us with Personal Data, please contact us.

8. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

9. Contact Us

If you have any questions about this Privacy Policy, please contact us at: support@gemmabot.co.