Privacy Policy

How ChatFlowIQ collects, uses, shares, protects, and retains data.

Operated by ECBC Technologies, LLC

Version 1.0 | Effective Date: April 25, 2026

1. Overview

This Privacy Policy explains how ECBC Technologies, LLC (“ECBC,” “we,” “our,” or “us”) collects, uses, discloses, retains, and protects information in connection with ChatFlowIQ, including our websites, application, dashboards, reports, integrations, account portals, support channels, and related services (collectively, the “Service”).

ChatFlowIQ helps customers connect authorized chatbot platform data, sync conversations, analyze chatbot interactions, identify common questions, detect unanswered or poorly answered queries, review sentiment, and generate insights intended to improve chatbot performance and customer experience.

By using the Service, you acknowledge that personal information may be processed as described in this Privacy Policy and in our Terms of Service. If you use the Service on behalf of an organization, you represent that you are authorized to do so and to provide or make available data for processing.

2. Who This Policy Covers

This Privacy Policy applies to: (a) customers and prospective customers; (b) authorized users of customer accounts; (c) website visitors; (d) individuals who contact us for support, sales, or business inquiries; and (e) end users whose chatbot conversations or related metadata are processed through a customer’s authorized Supported Platform connection.

Where a customer uploads, connects, syncs, or otherwise provides conversation data or bot data to the Service, the customer is generally the controller or business responsible for that data, and ECBC acts as a service provider or processor to the extent required by applicable law. ECBC separately acts as a controller or business for account administration, billing, marketing, security, analytics, and business operations data.

3. Key Definitions

“Customer” means the organization or individual that creates, purchases, administers, or uses a ChatFlowIQ account.

“Authorized User” means an employee, contractor, consultant, agent, or other person invited to use a customer account.

“End User” means a person who interacts with a customer’s chatbot or whose data appears in conversation records connected to the Service.

“Customer Data” means data, content, records, conversations, metadata, files, reports, settings, credentials, or other materials that a customer or authorized user submits, connects, syncs, or makes available to the Service.

“Personal Information” or “Personal Data” means information that identifies, relates to, describes, can reasonably be associated with, or could reasonably be linked to an identified or identifiable person.

4. Categories of Data We Process

The exact data processed depends on your plan, configuration, connected bots, reporting settings, integrations, and use of the Service.

5. Information We Do Not Intend to Collect

The Service is not designed to collect or process highly sensitive or regulated information unless we have entered into a specific written agreement that permits it and appropriate safeguards are in place.

Customers should not intentionally submit, sync, or allow chatbot conversations to contain: protected health information subject to HIPAA; full payment card numbers; bank account credentials; government identification numbers; passwords; biometric data; children’s data; special categories of personal data; confidential legal, medical, or financial records; or any data subject to heightened regulatory requirements unless legally permitted and expressly approved in writing by ECBC.

Because chatbot conversations are controlled by customers and their end users, Customer Data may accidentally include sensitive information. Customers are responsible for configuring their bots, notices, consent flows, redaction practices, and data minimization controls to reduce unnecessary or sensitive data collection.

6. How We Collect Information

We collect information from: (a) you directly when you create an account, subscribe, contact us, invite team members, or configure settings; (b) your authorized Supported Platform connection or other integrations; (c) payment processors and other service providers; (d) your device, browser, network, and use of the Service; and (e) business partners, referral sources, or public sources where permitted by law.

When a customer connects a Supported Platform, the Service may retrieve available bot, conversation, message, metadata, and usage data according to the access permissions, API limits, availability, retention windows, configuration, and account status of that third-party platform.

7. How We Use Information

• Provide, operate, secure, troubleshoot, and improve the Service.
• Authenticate users, manage accounts, enforce permissions, and prevent unauthorized access.
• Connect to authorized Supported Platform accounts and sync available conversation, message, and bot metadata.
• Generate reports, dashboards, summaries, classifications, sentiment analysis, common-query reports, unanswered-query reports, bot usage metrics, and related insights.
• Process subscriptions, invoices, taxes, renewals, cancellations, plan changes, and payment issues.
• Provide onboarding, customer support, operational notices, product updates, security notices, and administrative communications.
• Detect, investigate, prevent, and respond to fraud, abuse, service misuse, security incidents, technical errors, and policy violations.
• Develop, test, improve, and measure the Service, including using aggregated or de-identified data to understand performance trends and feature usage.
• Comply with legal obligations, enforce agreements, resolve disputes, and protect the rights, safety, and property of ECBC, customers, users, and others.

8. AI Processing and Analytics Outputs

ChatFlowIQ may use automated processing, rules-based analysis, machine learning, or AI-assisted processing to generate insights from Customer Data. Examples include common questions, unresolved or poorly answered queries, sentiment indicators, summaries, themes, trends, and recommended areas for chatbot improvement.

AI-generated or automated outputs may be incomplete, inaccurate, delayed, biased by the underlying data, or unsuitable for certain decisions. Customers are responsible for reviewing outputs before relying on them. The Service is intended for operational analytics and chatbot improvement, not for legal, medical, financial, employment, credit, housing, insurance, or other high-risk automated decision-making.

Where we use third-party AI infrastructure or model providers, we process Customer Data through those providers only as needed to provide requested functionality, subject to applicable provider terms and safeguards. We do not sell Customer Data, and we do not intend to use identifiable Customer Data to train public models.

9. How We Share Information

We share information only as reasonably necessary to operate the Service, support customers, comply with law, enforce our agreements, protect rights and security, or as otherwise described in this Privacy Policy.

• Service providers and subprocessors. Hosting, cloud infrastructure, security, CDN, database, monitoring, analytics, email, support, billing, payment processing, and AI analysis vendors may process information for us under contractual or legal obligations.
• Customer account administrators. Account owners and administrators may access information about authorized users, connected bots, reports, activity, subscription status, and account settings.
• Third-party platforms you connect. When you connect or use a Supported Platform, data may be exchanged with that platform according to your configuration and that platform’s terms and privacy policy.
• Payment processors. Billing and transaction information may be processed by Stripe or another payment processor. We do not intentionally store full payment card numbers on our systems.
• Legal and safety disclosures. We may disclose information to comply with law, legal process, regulatory requests, security obligations, or to protect rights, safety, property, and the integrity of the Service.
• Business transfers. Information may be disclosed or transferred in connection with a merger, acquisition, financing, reorganization, sale of assets, bankruptcy, or similar transaction.
• With your direction or consent. We may share information when you instruct us to do so or authorize an integration, export, disclosure, or workflow.

10. Third-Party Platforms and Infrastructure

The Service depends on third-party systems and services, including Supported Platforms for source chatbot data, AWS or similar cloud infrastructure for hosting and storage, Cloudflare or similar infrastructure for security and content delivery, Stripe or similar providers for payment processing, and other vendors for communications, analytics, monitoring, support, and AI processing.

These providers operate under their own terms, privacy policies, security practices, availability commitments, retention policies, geographic processing locations, and data handling rules. ECBC does not control Supported Platforms, AWS, Cloudflare, Stripe, AI model providers, internet service providers, browsers, customer networks, or other third-party systems.

If a Supported Platform changes its APIs, access permissions, pricing, availability, rate limits, pagination, data retention periods, data fields, export features, or account requirements, the Service may be affected. We are not responsible for data that is unavailable from a Supported Platform or another third-party platform because of retention limits, customer configuration, platform outages, permission issues, rate limits, deleted records, API changes, or account restrictions.

11. Customer Responsibilities for Chatbot End Users

Customers are responsible for providing all required notices and obtaining all required consents from End Users before collecting, recording, syncing, analyzing, exporting, or otherwise processing chatbot conversations or related personal information.

Customers should ensure their chatbot privacy notice, website privacy policy, chatbot disclosure, consent language, and internal policies explain that conversations may be reviewed, analyzed, stored, exported, or processed by third-party service providers for analytics, quality assurance, support, safety, training, reporting, and chatbot improvement.

Customers are also responsible for honoring End User privacy requests, deleting or redacting data where required, restricting access to reports, and ensuring that their use of the Service complies with applicable laws, industry rules, platform terms, and contractual obligations.

12. Cookies and Similar Technologies

We may use cookies, local storage, pixels, log files, device identifiers, and similar technologies to operate the Service, keep users signed in, secure accounts, remember preferences, detect abuse, analyze usage, improve performance, and measure marketing or product effectiveness.

You can control cookies through your browser settings. Some features may not work properly if essential cookies or local storage are disabled. If we later use advertising or cross-context behavioral advertising cookies, we will update this policy and provide legally required choices.

13. Legal Bases for Processing

Where GDPR, UK GDPR, or similar laws apply, we process personal data based on one or more legal bases, including performance of a contract, legitimate interests, consent, compliance with legal obligations, and protection of rights and security.

Examples of legitimate interests include providing and improving the Service, securing accounts, preventing fraud and abuse, communicating with customers, understanding feature usage, and developing analytics functionality, provided those interests are not overridden by applicable privacy rights.

14. Data Retention

We retain information for as long as reasonably necessary to provide the Service, maintain accounts, comply with legal and financial obligations, resolve disputes, enforce agreements, preserve security, maintain backups, and support legitimate business purposes.

Customer Data retention depends on plan limits, configuration, account status, sync settings, deletion requests, backup cycles, and technical constraints. The Service is not intended to be the customer’s only backup, legal archive, or system of record for chatbot conversations. Customers should maintain their own backups and exports where needed.

If a customer disconnects a bot, cancels a subscription, deletes an account, or requests deletion, we will delete or de-identify Customer Data within a commercially reasonable period unless retention is required or permitted by law, necessary for security, billing, dispute resolution, backup integrity, or legitimate business operations. Backup copies may persist for a limited period before being overwritten or deleted in the ordinary course.

Data controlled by Supported Platforms or other third-party platforms is retained according to those platforms’ policies and customer configurations. We cannot retrieve, restore, delete, or alter data that is no longer available to us through an authorized third-party connection.

15. Security

We use commercially reasonable administrative, technical, and organizational safeguards designed to protect information against unauthorized access, loss, misuse, disclosure, alteration, and destruction. These safeguards may include access controls, authentication, limited permissions, monitoring, secure infrastructure providers, and operational controls appropriate to the nature of the Service.

No internet-based service, integration, cloud provider, API, storage system, or transmission method is completely secure. Customers are responsible for using strong passwords, enabling available security controls, limiting team access, protecting API tokens, rotating credentials when appropriate, revoking access for departed personnel, and promptly notifying us of suspected unauthorized access.

16. International Data Transfers

We and our service providers may process information in the United States and other countries where we or our vendors operate. These locations may have data protection laws different from those in your jurisdiction.

Where required, we rely on appropriate transfer mechanisms or safeguards, such as contractual commitments, standard contractual clauses, data processing agreements, or other legally recognized mechanisms.

17. Your Privacy Rights and Choices

Depending on your location and relationship to the data, you may have rights to request access, correction, deletion, portability, restriction, objection, withdrawal of consent, or appeal of a privacy decision. You may also have the right to opt out of certain processing activities where applicable.

Customers and authorized users may update certain account information directly in the Service. To submit a privacy request, contact us using the contact information below. We may need to verify your identity and authority before responding.

If you are an End User of a customer’s chatbot, please contact the customer first because the customer controls the chatbot relationship and the underlying conversation data. We may assist the customer in responding to your request where required by law or contract.

18. U.S. State Privacy Disclosures

Certain U.S. state privacy laws may require additional disclosures. We do not sell personal information for money, and we do not intend to share personal information for cross-context behavioral advertising. If our practices change, we will update this policy and provide required choices.

The categories of personal information we collect, the sources of that information, the purposes for collection, and the categories of recipients are described throughout this Privacy Policy. We retain information as described in the Data Retention section. We do not knowingly collect personal information from children under 13, and the Service is not directed to children.

19. Marketing Communications

We may send administrative messages, security notices, billing notices, product updates, and support communications. These are transactional or service-related and may not offer an unsubscribe option.

Where permitted, we may send marketing communications about ChatFlowIQ or ECBC products and services. You may opt out of marketing emails by using the unsubscribe link or contacting us. Opting out of marketing does not stop transactional or account-related communications.

20. Children’s Privacy

The Service is intended for business use and is not directed to children. We do not knowingly collect personal information from children under 13 or under the applicable age of digital consent in a relevant jurisdiction. Customers must not use the Service to process children’s data unless they have all required legal authority, consents, and written approval from ECBC.

21. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be identified by a revised “Last Updated” or effective date. Material changes may be communicated by email, in-product notice, website notice, or other reasonable method. Continued use of the Service after an update means the updated policy applies to information processed after the effective date.

22. Contact Us

For privacy questions, requests, or concerns, contact ECBC Technologies, LLC at support@chatflowiq.com. If we provide a dedicated privacy contact in the future, we will post it in the Service or on our website.

ECBC Technologies, LLC | United States | support@chatflowiq.com