Privacy Policy

Effective date: April 17, 2026

DocsBrew (“DocsBrew”, “we”, “us”) provides an AI-powered sales agent platform that businesses embed on their websites and messaging channels. This policy explains what personal data we collect, how we use it, who we share it with, and the rights you have. It applies to customers who sign up for an account as well as to the end users who interact with a DocsBrew-powered chatbot on a customer’s website or WhatsApp number.

1. Data we collect

Account data

Name, email address, hashed password
Organization name, role, billing status
M-Pesa phone number (if you pay by M-Pesa)
IP address and approximate location for security logging

Content data (supplied by customers)

Website URLs you submit for crawling
Product catalogs, documents, and knowledge base uploads
Configuration: bot persona, discovery schema, channel credentials

Conversation data (supplied by end users of your chatbot)

Messages sent to and from the chatbot
Lead information voluntarily provided (name, email, phone, preferences)
Channel identifiers (widget session ID, WhatsApp number, Telegram chat ID)
Technical metadata: timestamps, user agent, referrer

2. How we use data

To operate the chatbot: retrieve relevant content, generate responses, capture leads.
To provide the dashboard: show conversations, analytics, lead scores to you.
To improve the service: aggregate, de-identified analysis of prompt quality and latency.
To bill you and prevent fraud.
To send transactional email (verification, password reset, billing, hot-lead alerts).

We do not sell personal data and we do not use conversation content to train third-party foundation models.

3. Who processes data on our behalf

We use the following sub-processors. Each is contractually required to protect your data:

Google Cloud Platform (us-central1) — hosting, Cloud SQL database, Cloud Run compute, Cloud Logging.
Anthropic / OpenAI — large language model inference for the sales agent. Requests are transient and are not used to train their models.
Safaricom (Daraja / M-Pesa) — payment processing for Kenyan customers.
Meta / WhatsApp Business Platform, Telegram, Instagram, Facebook — message delivery on connected channels that you choose to enable.
SendGrid (or equivalent SMTP provider) — transactional email delivery.

4. Data retention

Conversation messages: retained for the life of the account, then deleted within 30 days of account closure.
Lead records: retained until the customer deletes them or closes the account.
Audit logs (security events): retained for 12 months.
Billing records: retained for 7 years to meet Kenyan tax requirements.

5. Security

Data is encrypted in transit (TLS 1.2+) and at rest (Google-managed AES-256). Passwords are hashed with bcrypt. Database backups run daily with point-in-time recovery for 7 days. Access to production systems is limited to staff who need it, audited, and protected by multi-factor authentication.

6. Your rights

Depending on where you live, you may have the right to access, correct, delete, or export your personal data, or to object to processing. To exercise any of these rights contact privacy@docsbrew.com. We respond within 30 days.

End users of a DocsBrew-powered chatbot should direct privacy requests to the business operating the chatbot — they are the data controller. We will assist them on your behalf.

7. International transfers

Our primary region is Google Cloud us-central1 (Iowa, USA). If you are outside the USA your data is transferred there under appropriate safeguards (Standard Contractual Clauses where applicable).

8. Children

DocsBrew is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has submitted personal data, contact us and we will delete it.

9. Changes

We will post material changes to this policy on this page and update the effective date. If the change affects how we use existing data, we will also notify account holders by email.

10. Contact

Questions? Email privacy@docsbrew.com.