SnobBot Privacy Policy

Last updated: 17 November 2025

This Privacy Policy explains how SnobBot (“we”, “us”, “our”) collects and uses personal data when you use:

• our website and admin dashboard at snobbots.com (the “Dashboard”),
• our embeddable website chatbot widget (the “Chatbot”), and
• our SEO utilities (e.g., FAQ/Blog generators, site audits, and content analysis) (collectively, the “Services”).

We comply with the UK GDPR and the Data Protection Act 2018. If you are in the EEA, we also comply with the EU GDPR via equivalent safeguards. We also respect privacy rights worldwide and apply similar protections globally.

1) Who we are and how to contact us

SnobBot is operated by Snob Monkey Ltd.
Email: contactus@snobmonkey.com
For privacy questions or to exercise your rights, email contactus@snobmonkey.com.

2) Scope & roles (controller vs processor)

• When you visit our site, sign up, pay us, or use the Dashboard, we act as Data Controller.
• When our clients deploy the Chatbot on their own websites or run SEO/audit scans on domains they control, we generally act as a Data Processor and the client is the Data Controller. We process end-user data strictly under our client’s instructions and our Data Processing Agreement (DPA) (available on request).

3) What we collect

1. Account & billing data (controller)

• Identity & contact: name, email, company, role.
• Authentication & usage: login credentials (hashed), session IDs, audit logs, feature flags.
• Billing: plan, invoices, payment tokens via our payment provider (we do not store full card details).

1. Chatbot data (processor by default)

• End-user inputs: messages typed into the Chatbot, optional contact details users choose to share.
• Chat context: conversation history, language, timestamps, browser metadata (non-sensitive).
• Client knowledge base (if used): URLs scanned, uploaded docs/text, FAQs; embeddings produced by the system to enable retrieval.

Clients control what they ingest. If you upload or point us at content, we will store and index it to run your bot and tools.

1. SEO/Audit & content tools (processor by default)

• Scan targets: domain/URLs you enter, crawl results (publicly accessible pages), performance/SEO metrics, and reports.
• Generative tools: prompts you provide (e.g., “write blog on X”), output drafts, and generation metadata.

1. Website & analytics data (controller)

• Device/usage data: IP address, user-agent, pages viewed, referrers, approximate location (city/region), cookie IDs.
• Cookies: essential cookies for login/session; optional analytics cookies (see Cookies section).

1. Support & comms

• Emails, tickets, and call notes when you contact support.

We do not seek special category data. Please don’t include sensitive personal information in prompts or uploads unless your own policies/lawful bases cover it and you instruct us to process it.

4) Purposes and lawful bases

• Provide and administer the Services (contracts with you/your organisation).
• Operate the Chatbot and SEO/Audit tools for your sites and workspaces (legitimate interests; or processor acting under your instructions).
• Security, abuse detection, troubleshooting, and auditing (legitimate interests; legal obligations).
• Billing and account management (contract; legal obligations).
• Product analytics and service improvement (legitimate interests; cookies only with consent where required).
• Marketing communications (consent or soft opt-in where lawful; you can opt out anytime).

5) AI model usage & training

By default, we use third-party AI model providers to generate responses and analyses. We do not allow providers to train on your data unless you (or your client-controller) opt in or such training is disabled by default at the provider level. We configure models to not retain prompts/outputs for training wherever such controls are available. If a provider’s retention/training setting cannot be disabled, we will disclose this in our sub-processor list or DPA so you can make an informed choice.

6) White-label/agency workspaces

If you access SnobBot via a white-label portal provided by an agency or reseller, that organisation may be your primary controller. We will process your data on their instruction, and they will provide you with the relevant privacy notices.

7) Sharing your data

We share data only as needed to run the Services:

• Hosting, databases, and infrastructure providers.
• AI model providers (to process prompts/inputs and generate outputs).
• Email, support, and analytics vendors.
• Payment processor (for billing).
• Authorised partners/resellers (white-label contexts).
• Legal, security, and compliance recipients when required by law or to protect rights.

We enter into appropriate contracts (including DPAs and Standard Contractual Clauses/UK IDTA where applicable).

8) International transfers

Where data is transferred outside the UK/EEA, we use recognised safeguards (UK IDTA, UK Addendum to EU SCCs, EU SCCs) and monitor relevant case law and guidance.

9) Data retention

• Account data: for the life of your account plus up to 7 years (for tax/audit).
• Chat transcripts & knowledge bases (processor): as configured by the client; we provide deletion tools and retention settings.
• SEO/audit results: retained for comparison/history until you delete them or your workspace admin sets shorter retention.
• Backups: time-limited rolling backups for disaster recovery.

10) Security

We apply technical and organisational measures appropriate to risk, including TLS in transit, encryption at rest for key stores, role-based access controls, least-privilege administration, logging, and regular vulnerability management. We continually review vendor security and data-processing practices.

11) Your Rights

We recognise that privacy laws differ across countries, but we apply a consistent, transparent standard globally.

You have the right to request:

• Access – a copy of the personal data we hold about you.
• Correction – to fix inaccurate or incomplete data.
• Deletion – to request that we erase your personal data (subject to legal or contractual obligations).
• Restriction – to limit how your data is processed in certain cases.
• Objection – to object to processing based on our legitimate interests or direct marketing.
• Portability – to receive your data in a structured, machine-readable format.
• Withdraw consent – where we rely on consent, you can withdraw it at any time.

These rights are based on the principles of the UK GDPR and EU GDPR, but we extend similar options to all users worldwide — including where local laws such as the California Consumer Privacy Act (CCPA/CPRA), PIPEDA (Canada), or Australia’s Privacy Act apply.

If you wish to exercise any of these rights, contact us at contactus@snobmonkey.com

If you’re based in the UK or EU, you also have the right to complain to your local supervisory authority (for example, the Information Commissioner’s Office (ICO) in the UK).

We may request proof of identity before processing your request, to protect your data from unauthorised access.

12) Cookies and similar tech

• Strictly necessary cookies enable login, session continuity, and security.
• Analytics/functional cookies (if enabled) help us understand usage and improve the product. Where required, we’ll seek consent via a cookie banner with granular controls.

13) Children’s data

Our Services are not directed to children under 16. If you believe a child has provided us personal data, contact us and we’ll delete it.

14) Third-party links and client sites

Our Dashboard may link to third-party sites we don’t control. The Chatbot may run on client websites with their own privacy notices. We are not responsible for those sites’ practices.

15) Changes to this Policy

We will post updates here and adjust the “Last updated” date. Significant changes will be notified via the Dashboard or email.

16) Data Processing Agreement (DPA) & sub-processors

• Our DPA sets out our processor obligations (confidentiality, security, assistance with data subject requests, breach notification, deletion/return on termination).
• We maintain a current sub-processor list (infrastructure, AI model providers, analytics, support tools) available on request, including jurisdictions and safeguards.