Typebot Privacy Policy

This Privacy Policy explains what personal data Typebot SASU ("Typebot", "we", "our", or "us") processes, why we process it, who receives it, and what rights you have.

We do not sell personal data.

Who is responsible for the processing?

Typebot SASU is the controller for the personal data described in this Privacy Policy when we process data for our own purposes, such as running our website, managing user accounts, billing, support, security, and product analytics.

If you interact with a chatbot created by one of our customers, that customer is usually the controller of the data collected through the chatbot, and Typebot acts as a processor on that customer's behalf. In that case, the customer's own privacy notice applies to the chatbot interaction, and Typebot processes the data according to the customer's instructions and the applicable Data Processing Agreement.

If you have questions about this Privacy Policy or want to exercise your rights, contact us at [email protected].

1. As a visitor to the typebot.io website

Data we process

When you visit the website, we may process:

  • analytics identifiers and consent preferences stored in the typebot cookie;
  • pages visited, referral source, session duration, and aggregated usage events;
  • device, browser, operating system, and approximate country information; and
  • technical and security logs generated by our hosting and CDN providers.

Why we process it

We process this data to:

  • operate, secure, and improve the website;
  • understand aggregate traffic and usage patterns;
  • remember consent choices; and
  • detect abuse, fraud, and technical issues.

Depending on the context, we rely on:

  • your consent for analytics cookies and similar technologies where required by law; and
  • our legitimate interests in operating, securing, and improving the website for strictly necessary processing.

Cookies

We use:

  • a consent and analytics cookie named typebot; and
  • authentication cookies when you sign in.

Where required by applicable law, non-essential cookies are only used after your consent.

2. As a user of Typebot

Data we process

When you create or use a Typebot account, we may process:

  • account data such as your name, email address, profile image, workspace membership, and authentication provider;
  • authentication and session data;
  • billing and transaction data handled through our payment providers;
  • support communications and account requests;
  • product telemetry and usage events associated with your account;
  • configuration data, chatbot content, files, and other workspace data you choose to store in the Services; and
  • credentials or tokens for optional third-party integrations you connect to your account.

Why we process it

We process this data to:

  • provide and maintain the Services;
  • authenticate users and manage accounts;
  • process subscriptions, invoices, refunds, and fraud prevention checks;
  • provide customer support;
  • secure the platform, monitor availability, and investigate incidents;
  • improve the product through analytics and troubleshooting; and
  • comply with legal obligations.

Depending on the context, we rely on:

  • performance of a contract, when we provide the Services you requested;
  • compliance with legal obligations, for example accounting, tax, and regulatory obligations;
  • our legitimate interests in securing, operating, supporting, and improving the Services; and
  • your consent, where required, such as for optional analytics or specific communications.

Some account, authentication, and billing data is required for us to create your account, provide the Services, or process payments. If you do not provide that data, we may not be able to provide the Services or certain features.

Service providers and sub-processors

We use a limited number of third-party providers to deliver the Services. These may include providers for hosting, databases, file storage, CDN and DDoS protection, payment processing, error monitoring, analytics, and email delivery.

Current providers used in our production environment may include Vercel, PlanetScale, AWS S3, Cloudflare, Stripe, Sentry, PostHog, Brevo, and AWS SES. Because infrastructure changes over time, the current list of authorised sub-processors is maintained at https://compliance.typebot.io/subprocessors.

Optional third-party integrations

If you choose to connect third-party services such as Google, GitHub, OpenAI, Anthropic, Google Sheets, Gmail, or other providers:

  • we may receive your basic account information to create or maintain your Typebot account;
  • we store authentication credentials and secrets in encrypted form;
  • we use those credentials only to make API calls you configure on your behalf; and
  • data sent to those third-party services is governed by your configuration and the third party's own terms and privacy policy.

Data processed through optional integrations is only used to provide the functionality you enable. Google Workspace API data is handled in accordance with the Google API Services User Data Policy, including the Limited Use requirements, where applicable.

3. As an end-user interacting with a typebot

If you interact with a chatbot created by a Typebot customer:

  • the customer decides what data is collected, why it is collected, and how long it is retained;
  • Typebot may host, store, transmit, and otherwise process your submissions on that customer's behalf to provide the service;
  • Typebot may also process limited technical and security data necessary to operate, secure, and troubleshoot the service; and
  • privacy requests about chatbot content should generally be addressed to the chatbot creator first.

We do not sell chatbot end-user data and we do not use chatbot submissions for advertising.

Where Typebot processes limited technical or security data for its own purposes in connection with chatbot delivery, it does so on the basis of its legitimate interests in operating, securing, and defending the service.

If the "Remember user" setting is enabled by the chatbot creator, information may also be stored in your browser's local storage or session storage so that your answers can be restored when you return later.

If the chatbot creator configured third-party integrations, your answers may also be sent to those third-party services as part of the workflow designed by the chatbot creator.

4. International transfers

Our processing primarily takes place in the UK and the European Economic Area. Some service providers may process limited data in other countries, for example when using global CDN, infrastructure, or support systems.

Where personal data is transferred outside the EEA, we use appropriate safeguards required by applicable law, such as adequacy decisions or the European Commission's Standard Contractual Clauses.

5. Data retention

We keep personal data for as long as necessary for the purposes described in this Privacy Policy, including to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements.

More specifically:

  • account data is generally retained while your account is active;
  • if you ask us to delete your account, we will delete or anonymize active account data within 30 days unless retention is required by law or necessary for security, fraud prevention, billing, or dispute resolution;
  • residual copies may remain in secure backups for a limited period consistent with our backup retention cycle; and
  • data processed on behalf of chatbot creators is retained according to the customer's instructions, account settings, and applicable contractual terms.

6. Your rights

Subject to applicable law, you may have the right to:

  • access your personal data;
  • rectify inaccurate data;
  • erase your data;
  • restrict or object to certain processing;
  • receive a portable copy of data you provided to us; and
  • withdraw consent where processing is based on consent.

You may also have the right to lodge a complaint with your local data protection authority. If you are located in the EEA, this includes the authority in your country of residence, work, or where you believe an infringement occurred.

If your request relates to data submitted to a chatbot operated by one of our customers, please contact that customer first. Where we act as processor, we will assist the customer in responding in accordance with our contractual obligations.

7. Security

We implement technical and organisational measures designed to protect personal data, including access controls, encryption in transit and at rest where appropriate, backups, monitoring, and incident response processes.

Typebot maintains an information security management system certified in accordance with ISO/IEC 27001.

8. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our Services, legal requirements, or data practices. When we make material changes, we will update the date at the top of this page and, where appropriate, provide additional notice.

9. Contact

If you have any questions about this Privacy Policy, your data, or your rights, contact us at [email protected].

Last updated: March 23, 2026