Privacy Policy

1. Introduction and Scope

MoyoChat ("we", "us", or "our") is an Australian business that provides an AI-powered chatbot platform for websites. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website, dashboard, APIs, and embedded chat widgets (collectively, the "Service").

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

2. Information We Collect

We collect the following categories of information:

2.1 Account Information

When you create an account, we collect your name, email address, and password (stored in hashed form). If you subscribe to a paid plan, we collect billing details through our payment processor; we do not store full credit card numbers.

2.2 Website Content and Knowledge Base

You may provide website URLs, documents, or text for your chatbot to learn from. We crawl and store this content to power your AI assistant. You retain full ownership of this content.

2.3 Conversation Data

We store conversations between your chatbot and your website visitors. This may include messages, timestamps, visitor IP addresses (anonymised), and any information the visitor chooses to share (such as their name or email via lead capture forms).

2.4 Analytics and Usage Data

We collect aggregated analytics such as message counts, bot performance metrics, page views, browser type, operating system, and referral URLs. This data helps us improve the Service and provide you with usage insights.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Process your knowledge base content and generate AI responses
• Send transactional emails (account confirmation, billing receipts, usage alerts)
• Provide customer support
• Detect and prevent abuse, fraud, or violations of our Terms of Service
• Generate aggregated, anonymised analytics and insights (we never share identifiable data externally for analytics purposes)
• Comply with legal obligations

4. Data Storage and Security

All customer data is hosted in Australia, specifically in the AWS Sydney region (ap-southeast-2). We implement industry-standard security measures including:

• Encryption in transit (TLS 1.2+) and at rest (AES-256)
• Database-level encryption with AWS-managed keys
• Role-based access controls and principle of least privilege
• Regular security reviews and dependency updates
• Automated backups with point-in-time recovery

While we take reasonable steps to protect your data, no system is 100% secure. We encourage you to use strong, unique passwords for your account.

5. AI and Third-Party Services

MoyoChat uses large language models (LLMs) to power chatbot responses. Our primary AI provider is:

5.1 AWS Bedrock (Anthropic Claude) — Sydney Region

By default, all AI inference runs through AWS Bedrock in the Sydney region (ap-southeast-2). Your data does not leave Australia during standard AI processing. AWS Bedrock does not use your inputs or outputs to train foundation models.

5.2 Optional: OpenAI Integration

On select plans, you may choose to enable OpenAI models. If you opt in, relevant conversation data is sent to OpenAI's API servers, which may be located outside Australia (primarily in the United States). This is an explicit, opt-in configuration. OpenAI's API usage policy states that data submitted via the API is not used to train their models.

6. Data Sharing

We do not sell, rent, or trade your personal information. We may share data only in the following circumstances:

• Subprocessors: We use trusted third-party services to operate the platform, including AWS (hosting and AI), Stripe (payments), Resend (transactional email), and Vercel (frontend hosting). Each subprocessor is bound by data processing agreements.
• Legal requirements: We may disclose information if required by law, regulation, or legal process (e.g., a court order or government request).
• Business transfer: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction. We will notify you of any such change.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Specific retention policies include:

• Conversation data: Retained for the duration configured in your dashboard settings (default: 90 days). You may adjust this or delete conversations at any time.
• Knowledge base content: Retained while your account is active. Deleted within 30 days of account closure.
• Account data: Retained for 30 days after account deletion to allow recovery, then permanently removed.
• Billing records: Retained for 7 years to comply with Australian tax obligations.

8. Your Rights

Under the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), you have the right to:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request that we correct inaccurate or incomplete personal information.
• Deletion: Request that we delete your personal information, subject to our legal retention obligations.
• Data export: Export your conversation data and knowledge base content via the dashboard or API.
• Complaint: Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe we have breached the APPs.

To exercise any of these rights, contact us at privacy@moyochat.com. We will respond within 30 days.

9. Cookies and Tracking

We use cookies and similar technologies for the following purposes:

• Essential cookies: Required for authentication, security, and core functionality.
• Analytics cookies: Used to understand how visitors interact with our website. We use privacy-friendly analytics that do not track individuals across sites.
• Preference cookies: Remember your settings and preferences (e.g., theme selection).

We do not use advertising or cross-site tracking cookies. You can manage cookie preferences through your browser settings.

10. Children's Privacy

The Service is not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will take steps to delete such information promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a prominent notice on our website. The "Last updated" date at the top of this page indicates when the policy was last revised.

12. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Email: privacy@moyochat.com
• General enquiries: hello@consultingcadets.com
• Location: Sydney, Australia

You can also reach us via our contact page.