Privacy Policy
Last updated: 20 February 2026
Sant Limited ("Sant", "we", "us", or "our") operates the Sant Chat AI platform at sant.chat and the Sant Chat AI WordPress plugin (collectively, the "Service"). We are a company registered in New Zealand.
This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our Service. It applies to website owners who register an account ("Customers"), visitors who interact with the chat widget on Customer websites ("End Users"), and anyone who visits sant.chat ("Visitors").
By using our Service, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use our Service.
1. Who We Are
Sant Limited
New Zealand
Email: hey@sant.chat
For the purposes of the EU General Data Protection Regulation (GDPR), Sant Limited is the data controller for Customer and Visitor data. For End User data collected through the chat widget on Customer websites, the Customer is the data controller and Sant Limited acts as a data processor on their behalf.
2. Information We Collect
2.1 Account Information (Customers)
When you create a Sant Chat AI account, we collect:
- Email address — required for account creation and authentication
- Full name — optional, used for display purposes
- Password — stored as a secure hash (we never store plaintext passwords)
- Organisation name — automatically set to your email, editable later
2.2 Business Information (Customers)
When you configure the plugin, you may provide:
- Business name — used in AI system prompts to personalise responses
- Contact information — phone number, email address, website URL, business hours
- Website content — pages, posts, and custom post types from your WordPress site, ingested via sitemap sync or manual entry
- Sitemap URL — used to discover and index your website pages
- Manual corrections — question-and-answer pairs you create to train the AI
2.3 End User Data (Chat Widget Visitors)
When visitors interact with the Sant Chat AI widget on a Customer's website, the following data may be collected:
- Chat messages — all messages sent by the visitor and AI responses
- Name, email, and phone number — if voluntarily provided through the lead capture feature
- Page URL — the page where the conversation took place
- Session identifier — a randomly generated ID (format:
sant-[timestamp]-[random]) that does not identify individuals - Voice recordings — if the visitor uses Voice Chat Mode, audio is captured via the browser microphone and transmitted for processing
2.4 Billing Information
Payment processing is handled entirely by Stripe. We do not collect, store, or have access to your full credit card number, CVV, or banking details. We store only:
- Stripe Customer ID — a reference to your Stripe account
- Stripe Subscription ID — to manage your plan
- Plan and billing cycle information
2.5 Technical and Usage Data
- IP addresses — used solely for rate limiting; stored temporarily (60 seconds) and never in our permanent database
- Usage logs — each AI response is logged with a query snippet (first 100 characters of the question), token count, AI model used, and timestamp
- Credit and billing metrics — credits consumed, plan tier, voice usage
- Plugin version — reported during API calls for compatibility
2.6 Browser Storage (End Users)
The chat widget uses browser-based storage on the End User's device. No HTTP cookies are set by the widget itself:
- localStorage — stores conversation history for session persistence across page navigations
- sessionStorage — stores current session ID, greeting state, lead capture data, and message count (cleared when the browser tab closes)
2.7 Cookies (sant.chat Website)
Our website uses a single authentication cookie set by Supabase to maintain your login session. See our Cookies Policy for full details.
3. How We Use Your Information
| Purpose | Data Used | Legal Basis (GDPR) |
|---|---|---|
| Provide and operate the Service | Account info, website content, chat messages | Performance of contract |
| Process AI chat responses | Chat messages, knowledge base, business info | Performance of contract |
| Process voice interactions | Audio recordings, transcriptions | Performance of contract |
| Capture and deliver leads | Name, email, phone, conversation transcript | Legitimate interest / Customer's consent |
| Process payments and billing | Stripe IDs, plan information, credit usage | Performance of contract |
| Send lead notification emails | Lead details, conversation context | Performance of contract |
| Prevent abuse and enforce rate limits | IP addresses (temporary) | Legitimate interest |
| Monitor usage and enforce plan limits | Usage logs, credit balances | Performance of contract |
| Provide plugin updates | Version information (no personal data) | Legitimate interest |
| Respond to support requests | Name, email, message content | Performance of contract |
| Analyse website traffic and performance | Anonymised IP, page views, session data (via cookies) | Consent |
| Measure advertising campaign effectiveness | Page views, conversion events (via cookies) | Consent |
4. Third-Party Service Providers (Sub-Processors)
We share data with the following third-party service providers who process data on our behalf:
| Provider | Purpose | Data Shared | Location |
|---|---|---|---|
| OpenAI | AI chat processing, text embeddings, voice transcription (Whisper), text-to-speech | Chat messages, knowledge base content, audio recordings, query text | United States |
| Stripe | Payment processing and subscription management | Email, organisation ID, plan details | United States |
| Brevo (Sendinblue) | Transactional email delivery (lead notifications, support) | Recipient email, lead details, conversation transcripts | France / European Union |
| Supabase | Database hosting, user authentication, real-time services | All account and service data | United States (AWS) |
| Upstash | Rate limiting (Redis) | IP addresses (60-second retention) | United States |
| Vercel | Application hosting and CDN | HTTP requests, static assets | Global (edge network) |
| Google LLC | Website analytics (Google Analytics 4) and tag management (Google Tag Manager) | Anonymised IP address, page views, session data, referral source | United States |
| Meta Platforms, Inc. | Advertising conversion tracking and retargeting (Meta Pixel) | Page views, conversion events, browser metadata | United States |
We require all sub-processors to maintain appropriate security measures and process data only as instructed by us. We do not sell your personal data to any third party. Google Analytics and Meta Pixel are only activated after you give explicit consent via our cookie banner.
5. International Data Transfers
Sant Limited is based in New Zealand. Your data may be transferred to and processed in countries outside your jurisdiction, including the United States and the European Union. We rely on the following safeguards:
- New Zealand has been recognised by the European Commission as providing an adequate level of data protection under GDPR.
- Our sub-processors (OpenAI, Stripe, Supabase, Upstash, Vercel) maintain Standard Contractual Clauses (SCCs) or equivalent protections for international data transfers.
- All data is transmitted over encrypted HTTPS connections.
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Account information | Until you delete your account |
| Website content (knowledge base) | Until the next sync or site deletion |
| Chat message snippets (usage logs) | Retained for billing audit purposes; deleted on account deletion |
| Lead data (WordPress database) | Stored locally on Customer's WordPress site; Customer controls retention |
| Voice audio | Transcribed and discarded immediately; raw audio is not stored |
| IP addresses (rate limiting) | 60 seconds |
| Browser storage (localStorage/sessionStorage) | Controlled by the End User's browser; sessionStorage clears on tab close |
| Billing records | As required by applicable tax and accounting laws |
| Support communications | Up to 2 years after resolution |
7. Data Security
We implement appropriate technical and organisational measures to protect your data, including:
- Encryption in transit — all data is transmitted over HTTPS/TLS
- Encryption at rest — our database provider (Supabase) encrypts data at rest
- Secure API keys — generated using cryptographically secure random bytes, unique per site
- Domain-locked authentication — API keys are validated against registered domains
- Rate limiting — protects against abuse and denial-of-service attacks
- Access controls — administrative access restricted to authorised personnel via email whitelist
- Prompt injection protection — system-level messages are stripped from user input to prevent AI manipulation
- Password security — passwords are hashed using industry-standard algorithms; we never store plaintext passwords
8. Your Rights
8.1 Under the GDPR (EU/UK Residents)
If you are located in the European Economic Area or United Kingdom, you have the right to:
- Access — request a copy of the personal data we hold about you
- Rectification — request correction of inaccurate data
- Erasure — request deletion of your personal data ("right to be forgotten")
- Restriction — request that we limit processing of your data
- Portability — receive your data in a structured, machine-readable format
- Object — object to processing based on legitimate interests
- Withdraw consent — where processing is based on consent, withdraw at any time
You may also lodge a complaint with your local data protection authority.
8.2 Under the CCPA/CPRA (California Residents)
If you are a California resident, you have the right to:
- Know — what personal information we collect, use, and disclose
- Delete — request deletion of your personal information
- Opt out of sale — we do not sell personal information
- Non-discrimination — we will not discriminate against you for exercising your rights
8.3 Under the Privacy Act 2020 (New Zealand Residents)
Under New Zealand's Privacy Act 2020, you have the right to:
- Access — request access to your personal information held by us
- Correction — request correction of any inaccurate information
- Lodge a complaint with the Office of the Privacy Commissioner (privacy.org.nz)
8.4 Under the Australian Privacy Act 1988
Australian residents may access and correct their personal information and lodge complaints with the Office of the Australian Information Commissioner (OAIC).
8.5 Exercising Your Rights
To exercise any of these rights, contact us at hey@sant.chat. We will respond within 30 days (or sooner if required by applicable law). We may ask you to verify your identity before processing your request.
9. Customer Responsibilities (Data Controllers)
If you are a Customer using Sant Chat AI on your WordPress website, you are the data controller for End User data collected through the chat widget on your site. You are responsible for:
- Providing appropriate privacy notices to your website visitors about the use of Sant Chat AI
- Obtaining any required consent for data collection (e.g., lead capture forms)
- Responding to data subject requests from your End Users
- Ensuring your use of the Service complies with applicable data protection laws in your jurisdiction
- Managing the retention and deletion of lead data stored in your WordPress database
10. Children's Privacy
Our Service is not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at hey@sant.chat and we will promptly delete it.
11. Voice Chat and Audio Data
When End Users use Voice Chat Mode on a Customer's website, the following occurs:
- Audio is captured from the End User's microphone via the browser's Web Audio API
- The audio is encoded and transmitted over HTTPS to our servers
- Our servers forward the audio to OpenAI's Whisper API for transcription (speech-to-text)
- The transcribed text is processed through the same AI chat pipeline as text messages
- A spoken response is generated via OpenAI's text-to-speech API
- Raw audio recordings are not stored — audio is transcribed and immediately discarded
12. Automated Decision-Making
Our Service uses AI to generate chat responses and may automatically trigger lead capture prompts based on conversation context (on plans with AI-driven lead capture). These automated processes do not produce legal effects or similarly significant effects on End Users. Customers can configure or disable lead capture at any time.
13. Third-Party Links
Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing any personal information.
14. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date. If changes are significant, we may also notify you via email or through the Service dashboard.
Your continued use of the Service after changes take effect constitutes your acceptance of the updated Privacy Policy.
15. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:
Sant Limited
Email: hey@sant.chat
For complaints related to data protection, you may also contact the Office of the Privacy Commissioner in New Zealand at privacy.org.nz.