Privacy Policy

Last Updated: August 11, 2025
Entity: VunOne, Inc.
EIN: 36-5134406
Address: 1111B S Governors Ave STE 28352, Dover DE, 19904, United States

1. Data Controller

  • The data controller is a sole proprietor (FOP) registered in Ukraine.

  • No Data Protection Officer (DPO) appointed; contact can be made via the designated privacy email on the website.

2. Types of Collected Data

  • Collected through the widget:

    • Text messages entered into the chat interface

    • Current page URL where the user interacts with the widget

    • Date and time of visit

    • UTM parameters (when present)

    • IP address

    • User‑Agent (browser and device info)

    • Session identifier stored in localStorage

  • Technical log files may include:

    • IP address

    • User-Agent

    • Page URL

3. Sources of Data

  • Information is collected solely from publicly available pages, explicitly allowed via the site’s sitemap.

  • Additionally, knowledge may be sourced from documents manually provided by the site owner.

  • No other data sources are used.

4. Purposes of Processing

  • Page URL: to personalize chatbot responses and improve service quality.

  • Session ID: to maintain dialogue continuity across pages and enable anonymized analytics.

  • UTM parameters: for marketing campaign analytics.

  • No referrer tracking is performed.

5. Legal Basis

  • The chat widget can be configured to run only after explicit user consent by the site owner.

  • No obligations under CCPA (service not offered in California).

6. Data Processors

  • Hosting provider: Hetzner (Germany, Nuremberg)

  • Inference providers: OpenAI API, Google Gemini API, Groq API

    • OpenAI: API inputs and outputs may be logged for up to 30 days for abuse detection; some enterprise/Zero Data Retention customers may opt out (Google AI for Developers, Google AI for Developers, Medium).

    • Legal developments (e.g. New York Times court order) may force indefinite retention even of deleted content, though OpenAI is appealing (The Verge).

    • Gemini (Google): retains prompts, contextual data, and outputs for 55 days for abuse prevention (Google AI for Developers).

    • Groq: does not permanently retain prompts, outputs, or training data; they are processed and then discarded promptly (Groq).

7. Data Storage & Retention

  • Logs: stored for 6 months on secured servers in Germany.

  • Sessions: stored until cleared by the user (via browser localStorage).

  • Vector knowledge base: retained until manual deletion by the site owner.

  • Delete requests: may be made via email with session ID or email (if provided to chatbot); processed within 30 calendar days.

8. User Rights

  • Requests for data access, correction, deletion, or export are handled via email on a case-by-case basis.

  • No automated rights portal—requests are managed manually.

9. Cookies & Local Storage

  • Only localStorage (not cookies) is used, storing fully anonymized random session identifiers.

  • This storage is managed by the browser; the service itself cannot clear it.

10. Security Measures

  • All traffic is encrypted (HTTPS/TLS).

  • Databases are accessible only to the site owner and service administrator (upon direct request), not publicly.

  • Security reviews and access controls are enforced.

11. Policy Updates

  • Users (site owners) will be notified of policy changes via email and through blog announcements.