Privacy Policy

Last updated: April 27, 2026

This Privacy Policy describes how Peptoid(“we”, “our”, or “us”) collects, uses, and shares information when you use our chatbot platform, our website, the WordPress plugin we distribute, or any chat widget powered by our service (collectively, the “Service”).

1. Who we are

Peptoidis an AI-powered customer service tool that store operators install on their own WooCommerce/WordPress websites. When a visitor chats with an operator's store, that conversation is processed through our service. The store operator controls their own data and is the data controller for their visitors' information; we act as the data processor on their behalf.

2. What we collect

From store operators (our paying customers)

  • Account information: email, name (optional), authentication credentials.
  • Billing information: handled by Stripe; we store only the Stripe customer/subscription IDs and the last four digits/brand of the card.
  • Site information: domain, WordPress and plugin versions, store currency, active theme.
  • Indexed page content: the publicly visible content of your store pages, used to answer customer questions.
  • Configuration: custom answers, restrictions, sales flows, branding.

From end visitors who chat with operators' stores

  • Chat messages and assistant responses.
  • Session identifiers, page URL where the chat happened, IP address, and user agent.
  • Optional contact details (email, phone, name) — only when the visitor voluntarily submits a lead-capture form.
  • For logged-in WooCommerce customers: WordPress user ID, role, and basic order count, when the operator has enabled WooCommerce context.

3. How we use this data

  • To provide chat answers and stream responses through Anthropic's Claude API.
  • To generate vector embeddings via OpenAI for semantic search of indexed content.
  • To enforce per-visitor and per-conversation usage caps.
  • To detect abusive patterns and prompt-injection attempts.
  • To send transactional emails (license keys, trial reminders, payment notifications) via Omnisend.
  • To bill operators via Stripe.
  • To improve the service through anonymized aggregate metrics.

4. Sub-processors

  • Supabase — primary database hosting (US/EU regions).
  • Vercel — application hosting and edge network.
  • Anthropic — Claude AI for chat responses.
  • OpenAI — text embeddings only (no chat content).
  • Stripe — payment processing.
  • Omnisend — transactional email and optional list integrations.
  • Upstash — Redis cache and rate limiting.
  • Cloudflare Turnstile — anti-bot protection on signup.
  • Twilio — phone number verification (only if your operator enables it).

We do not sell personal data. We share data with sub-processors only to the extent needed to operate the Service.

5. Retention

  • Chat conversations: 365 days, then automatically purged.
  • Conversations flagged as suspicious or abusive: 730 days.
  • Webhook delivery logs: 30 days.
  • Crawl job records: 90 days.
  • Account and billing records: retained while your account is active and as required by law.

6. Your rights

Depending on your jurisdiction (GDPR, CCPA, etc.), you may request access to, correction of, or deletion of personal data we hold about you. End visitors should contact the store operator first; we will assist them on request.

Operators can delete their account from the dashboard, which removes their sites, conversations, and license keys. To request deletion of any other data, email us at support@peptide.bot.

7. Security

Data is encrypted in transit (TLS) and at rest (Supabase-managed encryption). Chat messages stored in our database are additionally encrypted with a per-site key. License keys are stored as SHA-256 hashes; we cannot recover the original key for you.

8. International transfers

Our infrastructure is hosted primarily in the United States. If you are accessing the Service from outside the US, your data will be transferred to and processed in the US.

9. Children

The Service is not directed to children under 13, and we do not knowingly collect personal data from them.

10. Changes

We will update this policy as our practices evolve. Material changes will be communicated via email and a prominent notice on the dashboard.

11. Contact

Questions or requests: support@peptide.bot.

This template is a starting point and does not constitute legal advice. Have it reviewed by qualified counsel for your jurisdiction before publishing.