Trust & Security

GDPR & privacy

When your AI agent talks to your website visitors, it can handle personal data. This page explains, in plain terms, who is responsible for that data, what the agent may collect, the providers involved, and the practical steps you can take to delete data or answer a privacy request.

This is practical guidance, not legal advice. It describes how Ultimo Bots works today so you can meet your own obligations. It is not a substitute for advice from a qualified data-protection professional, and it does not change whatever is written in your contract or our terms. If you need something binding, talk to us and to your own adviser.

Ultimo Bots is built and run by a Switzerland-based company and is used by customers in the EU, the UK, and elsewhere, so the General Data Protection Regulation (GDPR) and similar laws may apply to how you use it. The good news is that most of what GDPR asks of you maps onto a few concrete actions in the product, plus knowing who to contact for the rest.

Who is the controller and who is the processor

GDPR splits responsibility between two roles, and it matters which one you are:

  • You are the data controller. Your website and your agent are yours. You decide to collect visitor messages and contact details, and you decide what to do with them afterwards. That makes you responsible for having a lawful basis, for telling visitors what you collect (your own privacy notice), and for honouring their requests.
  • Ultimo Bots is the data processor. We store and process that data on your behalf, to run the service you asked for. We act on your instructions and do not use your visitors' conversations to sell to third parties or to train our own models.

In short: the people in your conversations and leads are your contacts, not ours. We hold them so your agent can do its job, and you stay in control of them.

Your visitors should know your agent is there. Because you are the controller, it is your responsibility to mention the AI agent and the data it may collect in your own website privacy notice, the same way you would mention any other form or chat tool on your site.

What personal data the agent may collect

How much personal data is involved depends on how you configure your agent and on what visitors choose to type. In practice it comes down to two things: the conversation itself, and any contact details captured as a lead.

  • Conversation messages. The agent stores the chat between a visitor and your agent so you can review it later in Conversations and so the lead inbox can show the chat that produced a lead. A visitor may type personal information into a message, so treat transcripts as potentially containing personal data.
  • Captured leads. When the agent turns a conversation into a contact, it saves the fields the visitor shared, typically a name, an email address, and a phone number, plus any custom fields you configured. These appear in Leads. See that page for exactly how capture works.
  • Basic technical details. To run the chat and your analytics, the agent also records ordinary technical data tied to a conversation, such as an approximate country derived from the visitor's network address. Country-level analytics appear in Insights.

Your own account details (your name, email, and password) and your knowledge base are covered separately on the Data security page.

Collect less, store less. Only ask the lead form for the fields you actually need to follow up. Fewer fields means less personal data to look after, which is exactly what data minimisation under GDPR is about. You can adjust the captured fields on your agent at any time.

Providers involved (sub-processors)

To run your agent, Ultimo Bots relies on a small set of named providers that process data on our behalf. These are our sub-processors. The table below lists who they are and what they handle, so you can include them in your own records of processing.

ProviderRoleWhat it handles
Microsoft AzureHosting and storageRuns the Ultimo Bots application and database, where conversations and leads are stored, and holds files you upload as knowledge.
OpenAIAI responsesGenerates your agent's answers. At reply time, the visitor's message and the knowledge needed to answer it are sent to OpenAI.
PineconeKnowledge searchStores the searchable index of your knowledge base so the agent can find the right passage to answer with. Each agent has its own isolated namespace.
Google (Gmail API)Email deliverySends transactional and notification emails, such as new-lead alerts and account emails, which can include a lead's contact details and a conversation excerpt.
StripeBillingProcesses subscription payments. Your billing details are entered into Stripe's secure checkout. Visitor and lead data are not sent to Stripe.
IP geolocation providerApproximate locationLooks up an approximate country from a visitor's network address so your country-level analytics work. It receives the network address only, not the conversation or any contact details.
Logging and monitoring providerDiagnosticsReceives application logs and error reports that help us keep the service running. Logs can include technical details tied to a request, so we keep them to what is needed to operate and troubleshoot.

These are the core providers for running the service. Connected sources and channels that you choose to enable, for example a Google Drive or OneDrive import, or a messaging channel, also involve the relevant provider for that integration. For the providers tied to the AI experience specifically, see the hosting section on the Data security page.

Need the current list for a vendor review? Sub-processors can change as the product evolves. If you need the up-to-date list confirmed in writing for a compliance or procurement review, contact us and we will provide it.

How to delete personal data

You can remove personal data yourself from the dashboard. Which action you take depends on whether you want to remove one record or everything tied to an agent.

To removeDo thisWhat is removed
A single leadOpen Leads and use the trash icon on the row, or select several and delete in bulk.The lead record and its captured contact fields. The originating conversation transcript is kept (see the note below).
A whole agentDelete the agent from your agent list. See Manage agents.The agent and the data attached to it, including its leads, its knowledge base, and its live chat sessions.
Your whole accountContact the team to have your account and its agents closed and removed.Your account, your agents, and the data attached to those agents.
Deleting a lead keeps the conversation. Removing a lead deletes the captured contact fields but, by design, leaves the chat transcript that produced it in place, so your analytics stay intact. If a visitor message also contains personal data that must be erased, deleting the lead alone is not enough. Ask us to remove the underlying conversation, since there is no self-serve button for that today.
There is no automatic deletion schedule. Conversations and leads are kept until you delete them or ask us to. Ultimo Bots does not currently auto-expire old records after a set period, so deciding how long to keep this data, and clearing it out, is part of your role as the controller.

Handling a visitor data request

If one of your visitors asks you to access, correct, or delete their data (a data-subject request under GDPR), you handle it as the controller. Ultimo Bots gives you the tools to find and act on the record:

  1. Find the person

    Look them up in Leads by their name or email, or in Conversations if they only chatted. The lead view shows the contact details captured and the conversation behind them.

  2. Give them their data (access request)

    To produce a copy of what you hold, use the Export option on the Leads view to download the lead and its transcript as a spreadsheet, then share the relevant part with the person. There is no one-click "send everything to this visitor" feature, so you assemble the response from these exports.

  3. Delete or correct it (erasure request)

    Delete the lead from the Leads view. To also remove the underlying conversation, or to erase every record for one person across several conversations, contact the team with the details and we will remove them, since deletion in the product is per record and there is no delete-by-email tool today.

Verify who is asking. Before you act on a request, make sure it really comes from the person whose data it is. Confirming identity before disclosing or deleting is part of handling these requests responsibly, and it is your call as the controller.

Requesting a DPA or asking a privacy question

Under GDPR, a controller and a processor should have a data processing agreement (DPA) in place. If your organisation needs one, or you have any other privacy or data-protection question, the right step is to reach out so a person can handle it directly. We do not have a self-serve, click-to-sign DPA in the product today.

  • To request a DPA, email build@ultimo-bots.com and tell us the legal name of your company. We will take it from there.
  • For any other privacy question, including the current sub-processor list, where data is stored, or how a specific case should be handled, email the same address or see Help & support for all the ways to reach us.
Prefer to talk it through? If a privacy or compliance topic is easier to cover live, you can also book a call and we will walk through it with you.

Where to go next

Privacy and security go together. To see how data is protected and where it is hosted, or to work directly with the records this page refers to, follow these:

Our website uses intelligent AI agents powered by Ultimo Bots to improve customer service.