Privacy Policy

Last updated: 26 January, 2026

This Privacy Policy explains how IvaBot (“we”, “our”, “us”) collects, uses, stores, and protects personal data when you use our website, application, or related services.

By accessing or using IvaBot, you agree to the practices described in this Privacy Policy.

1. Data We Collect

We collect the following categories of data when you interact with our service:

1.1. Account & Authentication Data

Provided by you or through authentication partners (e.g., Memberstack):

• Name
  
  
• Email address
  
  
• Country
  
  
• Login details
  
  
• Account plan or credit balance

1.2. Payment Data

Processed securely by our payment partner (Stripe):

• Cardholder name
  
  
• Billing address
  
  
• Country
  ‍
• Last 4 digits of the card (we never see or store full card numbers) We never store raw credit card information on our servers.

1.3. Usage & Interaction Data

• Pages you audit or analyze
  
  
• Inputs you provide inside Typebot
  
  
• Number of sessions used
  
  
• Flow usage for quota tracking
  ‍
• Logs required for troubleshooting and service monitoring

1.4. Generated Content

• SEO audits
  
  
• Content drafts
  
  
• AI-generated responses
  
  
• Google Docs exports
  
  

This generated content belongs to you.

1.5. Automatic Technical Data

• Cookies
  
  
• IP address
  
  
• Browser/device type
  
  
• Timezone
  ‍
• Analytics data (e.g., Google Analytics)

1.6. SERP Data

We fetch and display search results, keywords, and ranking signals via SERP providers.
We do not store SERP data — it is displayed only during your session.

2. How We Use Your Data

We use your data to:

• Provide access to the IvaBot platform
  
  
• Authenticate your account
  
  
• Track plan quotas and usage limits
  
  
• Process payments and manage purchased credit packs
  
  
• Generate SEO audits and content
  
  
• Export documents to Google Docs
  
  
• Improve product performance and reliability
  
  
• Comply with legal obligations
  
  

We do not sell personal data.
We do not use personal data to train AI models.

AI outputs are generated using third-party AI systems (including ChatGPT), which process prompts only for generating responses.

3. Third-Party Processors

We rely on third-party processors for authentication, payments, database hosting, analytics, and AI content generation.

Main processors include Stripe, Memberstack, Supabase, Google, ChatGPT, and others as needed to operate the service.

Each processor handles data under its own Privacy Policy and GDPR-compliant standards.

We never share more data than required for the service to function.

4. Cookies

We use cookies for:

• Authentication
  
  
• Session management
  
  
• Analytics (Google Analytics)
  
  
• Service performance
  
  

You may disable cookies in your browser, but some features may not work.

5. Your Rights

You may request at any time:

5.1. Access

Receive a copy of your stored personal data.

5.2. Correction

Update or edit your account details.

5.3. Deletion

Request removal of your account and all associated data from our systems. (For example: deleting your Memberstack account also removes usage records in Supabase.)

5.4. Account & Credit Management

You may stop using the Service at any time. Purchased credit packs are non-refundable unless required by law. You may request account deletion as described above.

5.5. Data Export

Upon request, you may receive your personal account data in JSON or CSV format. (Exports include your Memberstack account data and Supabase usage records.)

We may require identity verification to process sensitive requests.

6. Data Retention

We keep your data only as long as necessary to:

• Provide the service
  
  
• Maintain accurate billing
  
  
• Comply with legal and accounting requirements
  
  

When you request deletion, your personal data is removed from active systems.

7. Security

We use industry-standard protections to secure your data, including:

• Encrypted connections (HTTPS)
  
  
• Secure payment handling through Stripe
  
  
• Limited internal access
  
  
• Regular monitoring and audits
  
  

However, no system is 100% secure. Use the service at your discretion.

8. International Data Transfers

Some processors may store data outside your country. All transfers comply with GDPR and other applicable regulations through approved safeguards.

9. Contact

For privacy questions, data requests, or complaints, contact:

ivabot.team@gmail.com

We aim to respond within 30 days.

10. Changes to This Policy

We may update this Privacy Policy when required. The “Last updated” date will reflect the most recent version.

‍