Privacy Policy

1. Who we are

Embedded Chat is a drop-in real-time chat widget for websites, operated by DevCloud Software. Throughout this policy, "Embedded Chat", "we", "us", and "our" refer to that operator.

Two distinct groups interact with the service, and we treat their data differently:

• Customers — site owners who sign up at embedded-chat.com and install the chat on their own website (directly, via our Shopify app, or via our WordPress plugin).
• End users — the visitors of a Customer's site who post messages in a chat room. We process their data on the Customer's behalf.

2. What we collect from Customers

When you create an Embedded Chat account, we collect:

• Account info: name, email address, hashed password, the website URL where you'll install the chat.
• Billing info: handled by Stripe (or Shopify if you installed via the Shopify App Store). We never see or store your full card number — we only keep a Stripe customer ID, the last four digits, and the card brand.
• Project configuration: room settings, theme choices, banned-word lists, sub-admin invites, webhook URLs.
• Login telemetry: IP address and user-agent on sign-in, used to detect abuse and send security alerts.

3. What we collect from End Users

When a visitor opens a page on a Customer's website that embeds our chat, the widget connects to our servers to load and send messages. In that flow we process:

• Message content: text the visitor sends, plus images they choose to upload. Image uploads have EXIF metadata stripped (so GPS / camera info doesn't leak) before storage.
• Identity: the display name they pick, the avatar URL, and an email address only if they choose to provide one or if the Customer pre-authenticates them via JWT.
• Connection metadata: IP address, browser/user-agent string, the URL of the page hosting the chat. IP is used for rate limiting, ban enforcement, and abuse detection — it is not sold or used for advertising.
• Anonymous visitors: counted in aggregate ("12 online") with a short-lived session ID; we do not build cross-site profiles.

We act as a processor for End User data. The Customer is the controller — their own privacy policy governs what their visitors are told. We process End User data only as needed to deliver the chat service to that Customer.

4. Cookies and similar technologies

We use a small, focused set of cookies and storage:

• Session cookies — keep you signed in across tabs. Cleared when you sign out.
• CSRF token — anti-forgery protection on form submissions.
• localStorage / sessionStorage — remembers UI preferences (collapsed/expanded state, dismissed hints).

We do not use third-party advertising cookies or cross-site tracking pixels. The chat widget is served from our own CDN.

5. Sub-processors we rely on

Running the service requires a small number of vendors. Each receives only the data needed to do its job, under contract terms that forbid use for any other purpose.

• Stripe — payment processing for self-serve subscriptions.
• Shopify — billing relay for Customers who installed via the Shopify App Store.
• OpenAI — when AI moderation is enabled on a Pro plan, message text is sent to OpenAI's omni-moderation classifier to flag harassment, hate, sexual-minors, self-harm, and graphic-violence content. Results are stored as a flag on the message; OpenAI does not use this content to train models.
• Tenor (Google) — GIF search results, served through our API proxy so Tenor never sees your visitors' IPs directly.
• Google reCAPTCHA — anti-bot check on the public contact form on this website.
• Email delivery provider — transactional emails (account verification, password reset, digest emails, support replies).
• Hosting & CDN — servers and static asset delivery for the widget script.

6. How we use the data

• To deliver and operate the chat service the Customer paid for.
• To prevent abuse — rate limiting, banned-word filtering, IP/CIDR bans, slow mode.
• To send transactional email (sign-up confirmation, password reset, billing receipts, digest summaries you opted in to).
• To compute aggregate analytics shown on the Customer's panel (daily message counts, top rooms, hour-of-day heatmap). Analytics are scoped to a single Customer's project; we never expose one Customer's data to another.
• To respond when you contact us.

We do not sell personal data. We do not share message content with advertisers. We do not use End User content to train AI models.

7. Sharing and disclosure

We share data only in narrow, predictable situations:

• With sub-processors, as listed above, strictly to deliver the service.
• With the Customer, who already controls their own chat: messages, uploaded images, sender identity, IP for moderation actions, and webhook payloads on events like message_posted, mention_received, message_pinned.
• To comply with law, when we receive a valid legal request — subpoena, court order, or equivalent. We push back on overbroad requests and notify the affected account where we're not legally barred from doing so.
• In a business transfer, if Embedded Chat is acquired or reorganized. The acquirer would inherit this Privacy Policy; you'd be notified before any change in how your data is used.

8. Security

Concrete measures, not platitudes:

• HTTPS/TLS for every connection, including the widget websocket.
• Customer passwords are hashed (Django's PBKDF2). Sub-admin passwords are hashed too.
• Webhook payloads are HMAC-signed so receivers can verify they came from us.
• Image uploads run through Pillow validation, EXIF stripping, decompression-bomb checks, and re-encoding before storage.
• JWT auth for the public REST API; CSP frame-ancestors and CSRF protection on the admin panel.
• Internal access to production data is limited to a small ops team, audited, and gated behind 2FA.

No system is unbreakable. If we ever discover a security incident affecting your data, we'll notify you without undue delay and tell you what we know.

9. Data retention

• Messages: kept for as long as the Customer's room exists. Customers can enable auto-clean (rooms older than N days self-prune) or manually delete any message. Deleted messages are soft-deleted first and purged shortly after.
• Uploaded images: removed when the message they belong to is removed.
• Account data: kept while your account is active. We retain billing records for the period required by tax/accounting law (typically 7 years).
• Logs: server access logs are kept for a short rolling window (typically 30 days) for debugging and abuse investigation.

10. Your rights

Depending on where you live (GDPR, UK GDPR, CCPA, LGPD, etc.), you may have the right to:

• Access the personal data we hold about you.
• Correct it if it's wrong.
• Delete it (right to be forgotten), subject to legal retention obligations.
• Export it in a portable format.
• Object to or restrict certain types of processing.
• Withdraw consent for optional processing — for example, unsubscribe from digest emails using the link in any digest.

To exercise any of these rights, email sales@devcloudsoftware.com. End users should contact the Customer who owns the site they're chatting on; we will assist that Customer with the request.

11. International data transfers

Our servers are located in the United States. If you access Embedded Chat from outside the U.S., your data is transferred to and processed in the U.S. By using the service you consent to that transfer. Where required, we rely on Standard Contractual Clauses (SCCs) with sub-processors that handle EU/UK personal data.

12. Children

Embedded Chat is not directed to children under 13 (or under 16 in the EEA). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we'll delete it.

13. Changes to this policy

We may update this policy as the service evolves. Material changes will be announced on this page with a new "last updated" date and, where appropriate, by email to active Customers. Continued use after a change means you accept the updated policy.

14. Contact

Questions about this policy or about how we handle your data?
Email sales@devcloudsoftware.com — we read every message.