Privacy Policy
Your data belongs to you. We collect only what we need to run the Service, store it in the EU, and never sell or share it.
What We Collect
Account data: name, email, company, billing info.
Your content: pages and documents you submit for indexing. This is your data — we process it only to deliver the Service.
Usage data: query counts, session IDs, IP addresses, browser type, referrer URLs. Used for analytics, quota tracking, and abuse prevention.
Visitor data: questions asked by your end-users via the widget. You are the data controller for your visitors; we act as your data processor.
Location data: we collect the country and approximate location derived from IP address for analytics and fraud prevention. We do not store precise geolocation.
How We Use It
To operate and improve the Service.
To send billing alerts, product updates, and support responses.
To enforce Terms and prevent abuse.
To meet legal obligations.
We may use anonymized, aggregated usage statistics (e.g. “average queries per session”) to improve the product. This data cannot be linked back to any individual account.
Storage & Security
Our infrastructure is hosted within the European Union. All data is encrypted at rest and in transit using industry-standard protocols.
Each customer account is fully isolated — it is architecturally impossible for one customer’s data to be accessed by another.
We perform regular security reviews and maintain detailed access logs. Our team operates on a strict least-privilege access model: no engineer has standing access to production customer data. All access is logged and auditable.
API keys are stored as one-way cryptographic hashes and cannot be recovered — only reset.
Retention
Data kept for subscription duration + 30 days after cancellation. Then permanently deleted.
Earlier deletion available on request at any time.
Sub-processors
We work with a small number of trusted infrastructure providers in the EU and USA. All sub-processors are:
- Bound by Data Processing Agreements (DPAs)
- Prohibited from using your data for any purpose other than service delivery
- Required to maintain security standards equivalent to our own
- Subject to regular review
Full list available on request: info@slatech.ai
Your Rights (GDPR)
As a data subject under GDPR or the Israeli Privacy Protection Law, you have the right to:
- Access: request a copy of all personal data we hold about you
- Rectification: correct inaccurate or incomplete data
- Erasure: request deletion of your data (“right to be forgotten”)
- Restriction: ask us to stop processing while a dispute is resolved
- Portability: receive your data in a machine-readable format
- Objection: object to processing based on legitimate interests
- Withdraw consent: where processing is based on consent, withdraw it at any time
To exercise any of these rights, email info@slatech.ai with subject “Privacy Request”. We will respond within 30 days. Identity verification may be required.
You also have the right to lodge a complaint with your local data protection authority.
Cookies
Marketing site uses minimal analytics cookies.
The chatbot widget uses only session storage — no persistent cookies on your visitors’ browsers.
Data Breach Notification
In the unlikely event of a data breach affecting your rights, we will notify all affected users within 72 hours of detection, in compliance with GDPR Article 33.
The notification will include: nature of the breach, data categories affected, likely consequences, and remediation steps already taken.
Contact & DPO
Data Controller: SLAtech LTD
Address: Israel
Privacy inquiries: info@slatech.ai (subject: “Privacy Request”)
Response time: within 30 days