Privacy Policy

Last updated: March 2026

AISWise ("we", "us", "our") is committed to protecting your privacy. This policy describes how we collect, use, and protect your personal data in compliance with the General Data Protection Regulation (GDPR) and applicable Spanish legislation (LOPDGDD).

Data Controller

AISWise, operated by Validwise. Contact: [email protected]

Data We Collect

Platform Users (Clients)

• Account information: client ID, display name, email address
• Authentication data: password (stored as SHA-256 hash, never in plain text)
• Business data: contact information, addresses, schedules, services (voluntarily provided)
• Usage data: dashboard activity, configuration preferences

End Users (Chat Widget Visitors)

• Conversation messages: text exchanged with the AI assistant
• Session data: session ID, domain of the website visited
• Geolocation: country, region, and city (derived from IP address, IP itself is not stored)
• Lead information: name, email, phone (only when voluntarily submitted via the contact form)
• Feedback: satisfaction ratings and thumbs up/down responses
• Auto-detected contact data: if you include an email or phone number in a chat message, it may be automatically saved as a lead

Legal Basis for Processing

• Consent: chat widget usage requires explicit consent before any data is collected
• Contract performance: platform client data is processed to deliver the agreed service
• Legitimate interest: anonymous analytics to improve service quality

Purpose of Processing

• Provide and maintain the AI chatbot service
• Capture and manage leads on behalf of platform clients
• Generate analytics and usage reports
• Improve the quality of AI responses
• Comply with legal obligations

Data Retention

Conversation data and leads are retained for a maximum of 12 months from creation, after which they are automatically deleted. Platform client account data is retained for the duration of the service agreement plus 3 years. You may request earlier deletion at any time.

Your Rights

Under the GDPR, you have the right to:

• Access: request a copy of your personal data
• Rectification: correct inaccurate personal data
• Erasure: request deletion of your data ("right to be forgotten")
• Restriction: limit how we process your data
• Portability: receive your data in a machine-readable format
• Objection: object to processing based on legitimate interest
• Withdraw consent: at any time, without affecting prior processing

To exercise these rights, contact us at [email protected] or use the data deletion option available in the chat widget.

Third-Party Processors

We use the following sub-processors:

• Cloudflare (Workers, D1, KV): hosting and data storage — EU/US with adequate safeguards
• Cloudflare Workers AI: AI inference for chatbot responses — data is not used for model training

International Data Transfers

Your data is processed on Cloudflare's global network. Cloudflare maintains EU-approved Standard Contractual Clauses (SCCs) and complies with the EU-US Data Privacy Framework.

Security Measures

• Passwords hashed with SHA-256
• JWT-based authentication with 7-day expiry
• Strict Content Security Policy (CSP)
• HTTPS-only with HSTS preload
• No third-party tracking scripts
• Rate limiting on authentication endpoints

Cookies and Local Storage

We do not use HTTP cookies. We use browser localStorage for:

• Authentication token (session persistence)
• User preferences (theme, language)
• Chat session ID (conversation continuity)
• Cookie consent status

Children's Privacy

Our service is not directed at children under 16. We do not knowingly collect personal data from children.

Changes to This Policy

We may update this policy periodically. Significant changes will be communicated via email to registered clients.

Contact

For privacy inquiries: [email protected]