Legal information

Privacy Policy

This Privacy Policy explains how Sitemind Ai Labs collects, uses, stores, protects, and shares personal data when our website, platform, dashboard, AI tools, analytics, and chat widget are used.

Effective date: May 8, 2026.

Sitemind Ai Labs (“Sitemind Ai Labs”, “we”, “our”, or “us”) develops practical web, SaaS, and digital AI tools for online projects, including AI web assistants, content processing, analytics, automation, and related software functions.

This Privacy Policy explains how we process personal data when you visit our website, create an account, use the dashboard, create an AI agent, install or use our widget, contact support, or interact with our services.

This Policy is intended to provide transparent information. It does not create guarantees that are not required by law, and it does not replace the responsibility of customers to provide their own privacy notices where legally required.

1. Controller and scope

The provider responsible for this website and service is Sitemind Ai Labs. Contact details are listed at the end of this Policy and in the Impressum.

For account, billing, support, website, and platform administration data, Sitemind Ai Labs generally acts as the controller. For visitor messages and data processed through a customer’s installed widget, the customer may act as the controller and Sitemind Ai Labs may act as a processor, depending on the specific use case and applicable law.

Customers are responsible for informing their own website visitors about the use of the Sitemind Ai Labs widget and for obtaining any legally required consent or providing any required notice on their own websites.

2. Data we collect

2.1 Account and business data

When you create an account or use our platform, we may process:

  • name, company name, email address, login details, and authentication data
  • account settings, language preferences, plan information, subscription status, and trial status
  • support messages, contact requests, feedback, and related communication
  • security-related data such as login attempts, session data, IP address, user agent, and abuse-prevention signals

2.2 AI agent, widget, and website data

When you create an AI agent, connect a website, or install a widget, we may process:

  • website URL, domain, page URLs, page titles, meta descriptions, headings, internal links, and text previews
  • agent name, welcome message, color settings, configuration, embed information, and similar settings
  • public website content that you provide, authorize, or make available for processing
  • technical metadata needed to connect the widget with the correct website and agent

2.3 Chat, AI, and interaction data

When visitors or users interact with an AI widget or related AI function, we may process:

  • questions, answers, prompts, chat messages, and limited conversation history
  • page context, page URL, page title, website context, language, and configuration data needed to generate relevant answers
  • chat insights, question and answer logs, error logs, moderation signals, and diagnostic information
  • data required to prevent abuse, spam, excessive use, security incidents, or technical misuse

2.4 Analytics, visit, and technical data

Depending on the active features, we may process technical and analytics data such as:

  • page URL, page title, referrer, visit time, session identifier, visit count, and approximate activity duration
  • browser, device type, operating system, user agent, screen or environment information, and diagnostic data
  • approximate location such as country or city if technically available through infrastructure or analytics processing
  • live visitor status, last seen time, and aggregated visitor statistics

2.5 Payment and billing data

For paid plans, subscriptions, invoices, taxes, refunds, fraud prevention, or payment support, payment and billing data may be processed by an external payment provider. We do not store full card numbers on our own servers.

3. How we use data

We may use collected data to:

  • provide, operate, maintain, and improve Sitemind Ai Labs
  • create accounts, authenticate users, manage subscriptions, and provide support
  • create, configure, secure, and operate AI agents, widgets, analytics, and related tools
  • generate AI responses and show relevant website-based context
  • crawl, structure, summarize, and store website content provided or authorized by the customer
  • display analytics, live users, chat insights, and service diagnostics
  • detect, prevent, and investigate abuse, spam, fraud, attacks, unauthorized use, technical failures, or policy violations
  • comply with legal obligations, enforce our Terms, and protect our rights, customers, visitors, and platform integrity

4. Legal bases for processing

Where the GDPR applies, we rely on one or more legal bases depending on the processing activity.

  • Contract performance: to provide accounts, subscriptions, dashboard access, AI agents, widgets, support, and requested services.
  • Legitimate interests: to secure the service, prevent abuse, improve functionality, analyze basic usage, maintain reliability, and protect legal interests, provided those interests are not overridden by individual rights.
  • Consent: where required for optional cookies, certain analytics, marketing, or similar technologies.
  • Legal obligations: where processing is necessary for accounting, tax, legal requests, consumer rights, dispute handling, or regulatory duties.

5. AI processing and important limitations

AI features may process prompts, chat messages, website context, user instructions, configuration data, and technical information in order to generate responses or provide related functionality.

AI-generated responses may be inaccurate, incomplete, outdated, or unsuitable for a particular situation. Users and customers should not rely on AI responses for legal, medical, financial, tax, safety-related, emergency, or other important decisions without independent verification by a qualified person.

Users and visitors should not enter passwords, payment card details, government identification numbers, health data, confidential business secrets, sensitive personal data, or other highly sensitive information into the AI chat or support fields unless specifically requested and legally appropriate.

We may use technical safeguards, rate limits, moderation, filtering, logging, or manual review where necessary to protect the service, prevent abuse, investigate issues, or improve reliability.

6. Website crawling and content processing

Sitemind Ai Labs may crawl, read, structure, summarize, and store content from websites entered by the customer so that AI tools can provide more relevant responses. This may include public page text, page titles, headings, meta descriptions, internal links, and short text previews.

By entering a website, domain, sitemap, page, or content into the platform, the customer confirms that they have the necessary rights and authority to allow this processing and that the content does not unlawfully infringe third-party rights.

We may limit, pause, reject, or remove crawled content if it creates technical risk, legal risk, excessive load, abuse concerns, or violates our Terms or acceptable use rules.

7. Customer responsibility and website visitor notices

Customers are responsible for their own websites, content, legal notices, cookie banners, consent management, visitor communication, and compliance with privacy, consumer, advertising, and industry-specific laws.

If a customer installs the Sitemind Ai Labs widget on their website, the customer is responsible for informing visitors that an AI assistant may process messages and technical context, and for updating their own privacy policy where required.

Customers must not use Sitemind Ai Labs to collect or process personal data unlawfully, to mislead visitors, to provide regulated professional advice without proper qualification, or to process sensitive data without a valid legal basis.

8. Service providers and data sharing

We may share or process data with trusted service providers where necessary to operate the service. These may include providers for hosting, database infrastructure, authentication, AI processing, email delivery, payments, security, analytics, monitoring, and customer support.

Depending on the active setup, service providers may include infrastructure, database, AI model, payment, email, and hosting providers such as Supabase, Vercel, OpenAI, payment providers, email providers, or similar services.

We may also disclose data if required by law, court order, government request, to protect rights and safety, to investigate abuse, or in connection with a merger, acquisition, restructuring, or transfer of business assets.

9. Cookies, local storage, and analytics

We may use cookies, local storage, session storage, and similar technologies to keep users logged in, remember language settings, operate security functions, connect the widget to the correct agent, measure visits, display live visitors, and improve the service.

Some technologies may be technically necessary for the platform to function. Optional analytics, marketing, or non-essential technologies may require consent depending on applicable law and the specific implementation.

10. Data retention

We retain personal data only for as long as reasonably necessary for the purposes described in this Policy, including service operation, account management, security, support, billing, dispute handling, legal compliance, and enforcement of our Terms.

Retention periods may differ depending on the type of data. For example, account and billing records may be kept longer where required by law, while technical logs, analytics visits, live presence records, crawled content, and chat logs may be deleted, aggregated, or anonymized when no longer needed.

If an account is deleted or a service is terminated, some data may remain for a limited period in backups, logs, accounting records, fraud-prevention records, or legal documentation where necessary or legally required.

11. Data security

We use reasonable technical and organizational measures designed to protect data against unauthorized access, loss, misuse, alteration, or disclosure. These measures may include access controls, encryption in transit, restricted administrative access, service-role separation, monitoring, backups, and abuse-prevention mechanisms.

No internet-based service can guarantee absolute security. Customers are responsible for using strong passwords, protecting account access, limiting access to their own accounts, and notifying us without delay of suspected unauthorized use.

12. Your rights

Depending on applicable law, you may have the right to request access, correction, deletion, restriction of processing, objection to processing, data portability, withdrawal of consent, and review of certain automated processing where applicable.

You also have the right to lodge a complaint with a competent data protection authority if you believe that your personal data has been processed unlawfully.

To exercise your rights, contact us using the details below. We may need to verify your identity before responding to a request.

13. Children’s privacy

Sitemind Ai Labs is not intended for children as direct account users. Customers must not intentionally use the service to collect personal data from children without a valid legal basis and all required notices or consents. If you believe a child’s data has been submitted inappropriately, please contact us.

14. International data transfers

Data may be processed in countries outside your country or outside the European Economic Area, depending on the providers and infrastructure used. Where required, we rely on appropriate safeguards such as data processing agreements, standard contractual clauses, adequacy decisions, or other legally recognized transfer mechanisms.

15. Changes to this Privacy Policy

We may update this Privacy Policy when our services, providers, legal requirements, or data processing practices change. The updated version will be published on this page with a new effective date. Continued use of the service after publication means the updated version applies.

16. Contact

If you have questions about this Privacy Policy, data protection, or privacy-related requests, you can contact us at:

Email: info@sitemindai.app

Website: sitemindai.app