Privacy Policy
Last updated: 2025-09-21
This Privacy Policy explains how Quassum MB (“Quassum,” “we,” “our”) collects, uses,
and protects information when you use One Dollar Chatbot.
For service terms, please read our Terms and Conditions.
Overview
We respect your privacy. This policy describes what data we collect, why we collect it, and the choices you have. It applies to all visitors, customers, and end-users of onedollarchatbot.com.
Information We Collect
| Category | Details (examples) |
|---|---|
| Account Data | Name, email address, password hash. |
| Payment & Billing | Managed by Stripe via Polar.sh checkout (PCI-DSS compliant); Quassum never stores raw card data. |
| Usage Data | Prompts, responses, logs, IP address, device/browser metadata, timestamps. |
| Support Comms | Emails, tickets, chat transcripts. |
How We Use Your Information
- Provide and maintain the service
- Troubleshoot, secure, and improve performance
- R&D and model fine-tuning on de-identified data
- Send product updates or marketing emails (opt-out link in every message)
- Comply with legal obligations
Legal Bases for Processing (GDPR)
- Contract – deliver the service you request
- Legitimate interest – improve, secure, and market our service
- Legal obligation – keep records for tax or regulatory purposes
- Consent – marketing emails and cookies
Data Sharing & Processors
| Processor | Purpose | Region | Link |
|---|---|---|---|
| Polar.sh | Subscription & checkout management | EU | polar.sh |
| Stripe | Payment processing | US/EU | stripe.com |
| Vercel | Server hosting | EU/US | vercel.com |
| Railway | Backend hosting (containers) | EU/US | railway.app |
| Neon.tech | Postgres database hosting | EU | neon.tech |
| Upstash | Redis (cache/rate limit) & Workflows/QStash | EU/US | upstash.com |
| Cloudflare | DNS, CDN, WAF, optimization | Global | cloudflare.com |
| Cloudflare R2 | Object storage (file uploads, assets) | Global | developers.cloudflare.com/r2 |
| Google (GTM/Ads/GA) | Tag management, ads, analytics | Global | marketingplatform.google.com |
| Meta (Pixel + CAPI) | Ads measurement and conversions API | Global | facebook.com/business/tools/meta-pixel |
| LinkedIn (Insight + CAPI) | Ads measurement and conversions API | Global | linkedin.com |
| PostHog | Product analytics | EU | posthog.com |
| Axiom | Observability & web vitals | EU/US | axiom.co |
| Resend | Transactional email delivery | US/EU | resend.com |
| Firecrawl | Website crawling / scraping for knowledge ingestion | EU/US | firecrawl.dev |
| OpenAI / Groq / Google AI / X Grok / Cloudflare Workers AI | LLM inference providers (chat, RAG, tools) | Global |
We sign Data Processing Agreements and, where required, Standard Contractual Clauses with all processors.
Cookies & Tracking
We use first-party cookies (session, authentication, preferences) and third-party cookies
(analytics, CDN). Manage preferences at
onedollarchatbot.com/cookies.
Analytics & Ads
- We use
gtag.jsvia Google Tag (GTM/Google Ads/Analytics) where enabled. Consent defaults to denied until granted. - We use PostHog for product analytics; EU data residency is configured where available.
- We load LinkedIn Insight Tag and use LinkedIn Conversions API for measurement.
- We use Meta Pixel and Meta Conversions API (server-to-server). We may read
_fbpand_fbccookies to improve attribution. - You can opt out or adjust preferences at
Settingsor/cookies. Browser-level ad preferences and Do Not Track are respected where supported.
Data Retention
We retain user data for 2 years after the last recorded usage or account deletion, unless law requires longer.
Security Measures
- TLS 1.3 in transit; AES-256 encryption at rest
- Role-based access and least-privilege principles
- Annual third-party penetration tests
- Documented incident-response plan
International Transfers
When data moves outside the EEA, we rely on Standard Contractual Clauses (SCCs) and additional safeguards (encryption, access controls, monitoring).
Your Rights
- GDPR – access, rectify, erase, restrict, portability, object, and avoid automated decision-making
- CCPA – know, delete, opt-out of sale/sharing, freedom from discrimination
To exercise any right, email info@onedollarchatbot.com.
Children’s Privacy
The service is not directed to anyone under 13 years old. If we learn that a child has provided personal data, we will delete it promptly. Parents may contact us to request removal.
Changes to This Policy
We may revise this policy periodically. Material changes will be emailed before they take effect. The “Last updated” date above shows the current version.
Contact
For privacy questions or to reach our Data Protection Officer, email
info@onedollarchatbot.com.
Supported languages: English (canonical). Machine-translated copies are provided for convenience only and are non-binding.
AI Providers
To provide AI responses and tools, your prompts, context (e.g., website content), and the model outputs may be sent to third‑party AI providers you select in the product (OpenAI, Groq, Google AI, X Grok, Cloudflare Workers AI). We configure “no training”/data‑control flags where providers support them. Logs may contain hashed or redacted identifiers. You can change the default model in settings; using a provider implies sharing the necessary data with that provider to perform the request.
Crawling & Indexing
If you connect a site or sitemap, we may fetch and process publicly available pages, files, and metadata to build a knowledge base for your chatbot. We attempt to honor robots.txt and standard crawl-delay directives where feasible. You can request re-crawl or deletion of indexed content at any time; deletions propagate to caches within a reasonable period.
Hosting & Storage
- Application hosting on Vercel; backend containers on Railway.
- Primary database on Neon (Postgres). Caching and background jobs via Upstash (Redis, Workflows/QStash).
- Static and uploaded assets stored on Cloudflare R2.
- DNS/CDN/WAF by Cloudflare.
CCPA “Do Not Sell or Share”
We do not sell personal information. We may “share” data for cross‑context behavioral advertising as defined by CCPA/CPRA when ads/analytics are enabled. You can opt out at /cookies or by contacting support; we will honor Global Privacy Control signals where supported.