Skip to main content
Founder pricing · The first 100 customers get Zupport.chat for $79 (normally $99) · Save $20 forever Claim a spot →
Legal

Privacy policy

Last updated: 2026-05-24 · Draft — please review with counsel before publishing

The short version

Zupport.chat's whole architecture is built around not collecting your visitors' data. The chat widget loads an AI model into your visitor's browser once, caches it forever, and runs every question, every retrieval, and every response locally. There is no inference server to log conversations because there isn't an inference server at all.

We do collect a small amount of data from you — the operator who buys an assistant — to run your account and deliver the product. Details below.

1. Visitors to your site

When a visitor uses the Zupport.chat widget embedded on your site, the following happens entirely in their browser:

  • The widget downloads the embed script from our CDN.
  • The first time it runs, it downloads the embedding and AI models from our CDN (or a Hugging Face mirror) and caches them in the browser.
  • The visitor's questions are matched against your curated scenarios locally.
  • If no scenario matches, the local AI model reads your uploaded sources (which the widget fetched once and cached) and generates an answer.

We do not receive, store, or process any visitor question, answer, or conversation on our infrastructure. Standard CDN access logs (IP address, timestamp, file requested) may be retained by our CDN provider for security and abuse purposes only.

2. Account holders (you)

We collect the minimum needed to run your account:

  • Authentication: email address, password hash (via Firebase Auth).
  • Payment: processed by Polar.sh, who handles your billing details. We receive a payment confirmation and an order ID; we never see your card.
  • Assistant data: the scenarios you write, the documents you upload, the website URLs you crawl, and your assistant configuration. Stored in Google Firestore / Firebase Storage.
  • Dashboard usage: minimal product analytics to understand which features are used. No cross-site tracking.

3. Cookies

The marketing site uses essential cookies only (session, auth). The embedded widget uses browser storage (IndexedDB) to cache the AI model and your assistant's knowledge base — this is purely local and never transmitted.

4. Sub-processors

  • Google Firebase (Auth, Firestore, Storage, Hosting) — US/EU regions.
  • Polar.sh — payment processing.
  • Hugging Face — model file mirror (CDN only).

5. Your rights

You may request a copy of your data, correction of inaccuracies, or full deletion at any time by emailing the address on our contact page. Deletion removes your assistants, scenarios, sources, and account within 30 days.

If you're an EU resident, you have rights under the GDPR. If you're a California resident, you have rights under the CCPA. The architecture means most data subject requests resolve to "we don't have any of that" for your visitors.

6. Changes

We'll update this page when material things change and bump the "last updated" date at the top. Old versions are kept in our git history.