Privacy Policy

Last Updated: 2026-Feb

1. Introduction

This Privacy Policy explains how we collect, use, and protect personal data when you visit axiachat.org, interact with our AI chatbot, or use the AxiaChat AI plugin.

AxiaChat AI is owned and operated by Esteban García ("we", "us", "our").

We are committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Part A – Website Visitors & Chatbot Users

2. Information We Collect Through Our Website Chatbot

Our website includes an AI-powered chatbot designed to assist visitors and provide information about our products and services.

During chatbot interactions, we may collect:

• Chat messages and conversation transcripts
• Name (if voluntarily provided)
• Email address (if voluntarily provided)
• Any personal data you choose to submit in the chat
• Technical data such as IP address (anonymized where feasible)

If you provide contact details, they may be used to:

• Respond to your inquiry
• Provide product information
• Offer support
• Follow up via email

We do not use chatbot data for automated decision-making with legal or significant effects.

3. Purpose & Legal Basis (GDPR)

We process personal data under one or more of the following legal bases:

• Consent (when you voluntarily provide information)
• Legitimate interest (to provide customer support and improve services)
• Pre-contractual measures (when responding to product inquiries)

By interacting with the chatbot and voluntarily submitting information, you consent to processing as described in this policy.

4. Chat Transcripts & Retention

Chat transcripts may be stored for:

• Customer service quality
• Administrative follow-up
• Improving chatbot performance

We retain chatbot data only as long as necessary for these purposes, unless legal obligations require longer retention.

You may request deletion of your chatbot data at any time by contacting us at: [Insert Contact Email].

5. Cookies & Chat Session Storage

Our website uses limited cookies and local storage mechanisms.

Chat Session Cookie

We use a functional cookie or browser local storage mechanism to:

• Maintain chat session continuity
• Store temporary chat history during your visit
• Improve user experience

This cookie does not track users across websites and is not used for advertising purposes.

You may disable cookies in your browser settings, but this may affect chatbot functionality.

6. Comments & User Accounts (If Applicable)

If you leave comments or register on our website:

• Comments and metadata may be retained indefinitely.
• Registered user profile information is stored until the account is deleted.
• Users can see, edit, or delete their personal information (except usernames).
• Website administrators can also access and edit that information.

Visitor comments may be checked through an automated spam detection service.

7. Your Data Rights (GDPR)

Under GDPR, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Request erasure
• Restrict processing
• Object to processing
• Request data portability

To exercise your rights, contact us at: [Insert Contact Email].

We may retain certain data where legally required for administrative, legal, or security purposes.

8. International Data Transfers

Your data may be processed outside the European Economic Area (EEA) when third-party providers are used.

Such transfers are governed by appropriate safeguards, including Standard Contractual Clauses where applicable.

Part B – Plugin Users (AxiaChat AI)

9. Self-Hosted Nature of the Plugin

AxiaChat AI is a self-hosted WordPress plugin. Most data processing occurs on the website where the plugin is installed.

The website owner acts as the Data Controller. We (the plugin author) do not access or store end-user conversation data unless required for support purposes.

10. Data Processed by the Plugin

Depending on configuration, the plugin may process:

• User prompts
• Conversation history
• Context snippets
• Embedding vectors
• IP addresses (if rate limiting is enabled)

Logging can be disabled in plugin settings.

11. Third-Party AI Providers

The plugin connects directly from the website server to third-party AI services such as OpenAI, Anthropic, and Google (Gemini via Google Cloud).

The plugin author does not proxy or intercept API traffic.

Website administrators are responsible for:

• Managing API keys
• Monitoring API usage
• Paying API-related charges
• Complying with third-party provider policies

12. Google API Services Compliance

If Google services are enabled:

• Authorization is granted via OAuth 2.0.
• OAuth tokens are stored securely in the WordPress database.
• Data access is limited to requested functionality (e.g., Calendar or Sheets).

Use of Google APIs complies with the Google API Services User Data Policy.

Users may revoke access at any time through their Google Account security settings.

13. License & Payment Data

License purchases are processed by Freemius, acting as Merchant of Record.

Freemius processes billing information, VAT/GST, invoices, and payment data. We do not store credit card information.

14. Data Retention (Plugin)

Retention depends on site configuration:

• Chat logs remain until manually deleted
• Embeddings remain until removed
• OAuth tokens remain until revoked

15. Security

We implement reasonable technical measures to protect data.

However, website administrators are responsible for hosting security, WordPress updates, SSL configuration, and API key protection.

16. Children’s Data

Our services are not intended for children under 16 without parental consent.

17. Changes to This Policy

We may update this Privacy Policy at any time. Updates will be published with a revised "Last Updated" date.