Privacy Policy

Last updated: March 10, 2026

1. Introduction

Welcome to WizChat AI ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service that transforms documentation and content into AI-powered chatbots.

By using our service, you consent to the data practices described in this Privacy Policy.

2. Information We Collect

Personal Information

  • Email address and account credentials
  • Name and profile information
  • Payment and billing information
  • Communication preferences

Content Data

  • Documents you upload (PDFs, Word files, text files, etc.)
  • YouTube videos and transcripts you connect
  • Website content you provide for scraping
  • Custom training data and chatbot configurations

Usage Information

  • Chatbot interactions and conversations
  • Analytics data and performance metrics
  • Log files and technical data
  • Device information and IP addresses

3. How We Use Your Information

  • Process and analyze your content to create AI embeddings
  • Generate responses for your chatbots using AI models
  • Provide customer support and technical assistance
  • Improve our service performance and features
  • Send service-related notifications and updates
  • Process payments and manage subscriptions
  • Comply with legal obligations and prevent fraud

4. Legal Basis for Processing (GDPR Article 6)

We process your personal data under the following legal bases:

  • Contract performance (Art. 6(1)(b)): Processing necessary to provide our service — account management, chatbot creation, content processing, and AI responses
  • Consent (Art. 6(1)(a)): Analytics cookies (Google Analytics, Vercel Analytics, Vercel Speed Insights) are only loaded after you accept cookies
  • Legitimate interest (Art. 6(1)(f)): Service security, fraud prevention, and AI operation monitoring (Langfuse) to maintain service quality
  • Legal obligation (Art. 6(1)(c)): Tax and billing record retention as required by law

5. AI-Generated Content Disclosure (EU AI Act Article 50)

Several features in our platform use AI to generate content. In accordance with the EU AI Act, we disclose the following:

  • System Prompt Generation: Uses Google Gemini to generate chatbot system prompts based on your input. Outputs are clearly labeled as "AI-Generated"
  • System Prompt Refinement: Uses Google Gemini to refine existing prompts based on your feedback
  • Metric SQL Generation: Uses OpenAI to generate database queries from natural language descriptions
  • Chatbot Responses: All deployed chatbots use LLMs (OpenAI) to generate responses. End-users are informed via a disclaimer modal and a persistent AI-powered indicator

All AI-generated content is marked in the UI and in API responses with metadata indicating the AI model used. You should always review AI-generated content before use.

6. Data Processing and AI Services

Your content is processed using third-party AI services including:

  • OpenAI: For text embeddings and chat completions
  • Google Cloud (Gemini): For document processing, YouTube integration, and AI content generation
  • Pinecone: For vector storage and similarity search
  • Firebase: For authentication and data storage
  • Langfuse: For AI operation observability, cost tracking, and quality monitoring of LLM interactions
  • Vercel: For hosting, deployment, and performance analytics (loaded only with your consent)
  • Stripe: For payment processing and subscription management

These services may process your data according to their respective privacy policies. We use encryption and secure transmission methods to protect your data.

Authentication & Data Storage

Authentication Provider

We use Firebase Authentication (operated by Google LLC) to manage user accounts and secure access to our service.

Data Stored by Firebase Auth

  • Email address
  • Password (hashed using industry-standard encryption, never stored in plain text)
  • Login timestamps and session data
  • Account creation date
  • User ID (randomly generated unique identifier)

Data Location

Important: Firebase Authentication currently stores authentication credentials only in the United States. This includes your email address and hashed password. Your authentication data will be transferred to and processed in the US.

Your Content Data: All other data (chatbot content, uploaded documents, conversations, and analytics) will be stored in the region you select when creating your chatbot (EU or US). If you select EU, all your content stays in the European Union.

Legal Safeguards for EU Users

We rely on Standard Contractual Clauses (SCCs) approved by the European Commission and Google's certification under the EU-US Data Privacy Framework to protect your data when transferred to the US.

Additional Protections:

  • All data encrypted in transit using TLS 1.3
  • All data encrypted at rest using AES-256
  • Access strictly controlled and logged
  • Regular third-party security audits (SOC 2, ISO 27001)

Data Processing Agreement

Firebase acts as a data processor under GDPR. You can review their data processing terms:

Future Plans

When Firebase introduces EU-based authentication, we will migrate EU users to EU storage to provide full data residency in the European Union. We are actively monitoring Google's roadmap for this capability.

Your Rights

You can delete your account at any time from your account Settings page. Upon deletion, all authentication data is permanently removed from Firebase Authentication.

7. Data Sharing and Disclosure

We do not sell your personal information. We may share information in these circumstances:

  • With your explicit consent
  • To comply with legal requirements or court orders
  • To protect our rights, property, or safety
  • With service providers who assist in our operations (under strict confidentiality)
  • In connection with a business transfer or acquisition

8. Data Security

We implement industry-standard security measures:

  • Encryption in transit and at rest
  • Secure authentication and access controls
  • Regular security audits and monitoring
  • Compliance with data protection regulations

9. Your Rights and Choices

You have the right to:

  • Access, update, or delete your personal information
  • Access and review your personal information through your dashboard
  • Opt-out of marketing communications
  • Delete your chatbots and associated content
  • Request restriction of processing

10. Data Retention

We retain your data for as long as your account is active or as needed to provide services. You can delete your data at any time through your account settings. We may retain certain information for legal compliance or legitimate business purposes.

11. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your information in accordance with applicable data protection laws.

12. Children's Privacy

Our service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we become aware of such collection, we will delete the information immediately.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

14. Contact Us

If you have any questions about this Privacy Policy, please contact us:

  • Email: support@wizchat.com
  • Website: https://wizchat.com