websitechatbot.ch
Contact

Privacy policy

This privacy policy informs you about how we process personal data when you visit our website websitechatbot.ch, use our chatbot service or interact with a chatbot embedded on a customer's website. We comply with the Swiss Federal Act on Data Protection (revFADP) and, where applicable, with the European General Data Protection Regulation (GDPR).

1. Data controller

Wistom (2026)
Place de la Palud 5
1003 Lausanne
Switzerland
Email: info@websitechatbot.ch

2. What data we process

Server logs: when you visit our website, our hosting provider automatically collects technical data such as IP address, timestamp, requested URL, referrer and user-agent. This data is used for operational security and is stored briefly.

Email contact: when you write to us, we process your name, your email address and the content of your message in order to answer your enquiry.

Chatbot use: when you chat with a chatbot provided by us, your messages are transmitted to our servers and to our AI providers (see below) to generate a reply. We also process technical data such as IP address and timestamp for the purpose of abuse detection (rate limiting, bot protection).

Customer website content: on behalf of our customers we extract the publicly accessible content of the customer's website in order to train the chatbot. No protected or personal areas are extracted.

Payment and subscription data (for paying customers): when activating a paid chatbot, name, email address, billing address and payment method data are collected directly via our payment service provider Stripe. Full credit card data is processed exclusively at Stripe in a PCI-DSS-compliant manner and is never accessed or stored by the provider. From Stripe we only receive a customer ID, a subscription ID, the status of the subscription, the name and the email address for the purpose of assigning and managing the contractual relationship.

3. Purposes of processing

  • Provision and operation of our website and chatbot service
  • Answering enquiries and communicating with customers
  • Improvement of service quality and error analysis
  • Protection against abuse (e.g. rate limiting, bot detection via Vercel BotID)
  • Billing and contract execution

4. Legal bases

We process personal data on the basis of our legitimate interest in operating and improving our service, to fulfil contractual obligations, to fulfil legal obligations or on the basis of your consent where this is required.

5. Disclosure to third parties and processors

We only disclose personal data to third parties if this is necessary to provide our service. We use the following processors:

  • Vercel Inc. (USA) – hosting, serverless functions, bot protection (BotID). Vercel processes IP addresses and request data to provide the website.
  • Neon Inc. (database, EU region) – storage of business data, chatbot knowledge and technical metadata.
  • Anthropic, PBC (USA) – provision of the language model (Claude) to generate chatbot replies. Messages are transmitted to Anthropic for answering. Under the Zero Data Retention agreements or terms of use, this data is not used for training purposes.
  • Voyage AI (USA) – generation of text embeddings for information search. Only publicly accessible website content is transmitted.
  • Resend, Inc. (USA/EU) – sending transactional emails (e.g. forwarding unanswered enquiries to the relevant customer business, welcome emails to paying customers).
  • Stripe Payments Europe, Ltd. (Ireland) – processing payments and managing subscriptions. Stripe processes name, email address, billing address, IP address and payment method data (credit card). Full payment data is stored exclusively at Stripe in a PCI-DSS-compliant manner. The legal basis is contract performance. Stripe may process data within its own corporate group (including Stripe, Inc. in the USA); the EU standard contractual clauses and the Stripe privacy policy apply.

Data transfers to countries outside Switzerland or the EEA (in particular to the USA) take place on the basis of the EU standard contractual clauses or equivalent safeguards.

6. Retention period

We only retain personal data for as long as this is necessary for the purposes stated above or as long as we are legally required to do so. Specifically:

  • Chat histories (messages between customers and the chatbot) are retained for a maximum of 30 days for quality assurance and as evidence of the replies given, and are then deleted automatically. To identify the session, we store a hashed value of the IP address and the browser user-agent.
  • Rate-limit data is only kept for a few minutes and removed automatically.
  • Email correspondence (including forwarded enquiries) is retained until the end of processing and beyond as part of statutory retention obligations.

7. Cookies and similar technologies

Our website does not set any marketing or analytics cookies and does not embed any third-party trackers. We only use cookies that are technically necessary for the operation of our service:

  • wcb_dash – stores your login session in the customer dashboard so you don't have to log in again on every page change (HttpOnly, Secure, SameSite=Lax; 30-day lifetime). Only set when you actively log in.
  • wcb_demo – remembers which demo preview you last visited so you can return to it later (HttpOnly, Secure, SameSite=Lax; 30-day lifetime).
  • NEXT_LOCALE – stores your language choice (e.g. German, French, Italian or English) once you switch language, so the website is displayed in your preferred language.

To protect against automated requests, Vercel BotID may additionally set technically necessary data (e.g. short-lived tokens) in the browser. These are used exclusively for operation and security of the service. Consent is not required for these technically necessary cookies under art. 5 para. 3 of the ePrivacy Directive or art. 45c para. 1 TCA; you can delete the cookies at any time via your browser settings.

8. Your rights

You have the right to information about the data we process about you, the right to rectification, erasure, restriction of processing and data portability. Where processing is based on your consent, you can withdraw it at any time with effect for the future. You also have the right to lodge a complaint with the competent data protection authority (in Switzerland: FDPIC).

To exercise your rights, please contact us at info@websitechatbot.ch.

9. Data security

We take appropriate technical and organisational measures to protect your data against unauthorised access, loss or abuse. Transmission takes place exclusively in encrypted form (HTTPS/TLS).

10. Changes to this privacy policy

We may adapt this privacy policy at any time to reflect changes in legal requirements or changes to our service. The current version is always available on this page.

As of: April 2026

Questions? Write to us at info@websitechatbot.ch.