Privacy Policy
Last updated: April 2026
This Privacy Policy describes how ForwardSlash.Chat (“we,” “us,” or “our”) collects, uses, and shares information when you use our website, dashboard, chat experiences, and related services (collectively, the “Service”).
Important: This is a generic template for a product that uses Clerk, Stripe, OpenAI, Firecrawl, Vercel, a Postgres database, and Resend. Have qualified legal counsel review this Policy for your entity, jurisdictions where you have users (including GDPR/UK if applicable), and your actual data practices.
1. Who we are
Controller / business name: [YOUR LEGAL ENTITY NAME — REPLACE]
Contact: [PRIVACY OR SUPPORT EMAIL — REPLACE]
If you are in the European Economic Area or UK, you may also contact us regarding GDPR-related requests at the email above.
2. Information we collect
2.1 You provide directly
- Account data: name, email, and authentication identifiers when you sign up or sign in (often processed by Clerk).
- Business and project data: business name, domain, website URL, billing details entered at checkout, and preferences in the dashboard.
- Communications: messages you send to us (support), and content you submit in forms or chat where you are the logged-in operator of the Service.
2.2 We collect automatically
- Usage and device data: IP address, approximate location derived from IP, browser type, pages viewed, and diagnostic logs (often processed by Vercel and our application logs).
- Payment metadata: transaction identifiers and payment status via Stripe (we do not store full card numbers on our servers; Stripe handles card data under its policies).
2.3 We process from websites you authorize
When you provide a URL for scanning, crawling, or chat grounding, we fetch and store extracted text and related metadata (for example page title, URL, and content excerpts) as needed to operate the Service. Do not submit URLs for sites you do not have the right to process in this way.
2.4 Chat and AI
When end users interact with a chat experience we host for you:
- We process messages and related context to generate responses using AI providers (e.g. OpenAI).
- Depending on configuration, conversation content may be short-term (session-only) or logged for debugging and improvement; state clearly in your own policy what you enable. This template assumes we process message content to deliver the Service and may retain it as described in Section 5.
2.5 Demo, marketing, and customer chat widgets
If you use a demo chat or lead form, we may collect contact information you choose to provide (for example name, email, phone) and usage data for follow-up and analytics.
For chat widgets we host for paying customers (their branded assistant on their page or domain), end visitors may see an optional contact step (name, email, optional phone) that they can skip. If provided, we store it so that customer (the business) can follow up, and we may show it in their dashboard. Message content in the chat may still be processed by AI as described above; full conversation logging may be added later and should be reflected here when enabled.
3. How we use information
We use information to:
- Provide, operate, secure, and improve the Service.
- Authenticate users, process payments, and send transactional emails (e.g. receipts, DNS instructions, status updates) via Resend.
- Crawl and index permitted website content; generate chat responses with AI.
- Detect abuse, fraud, and security incidents; comply with law.
- Analyze aggregated or de-identified usage to improve the product.
We do not sell your personal information as traditionally defined (“for money”). We may use cookies or similar technologies as described below.
4. Subprocessors and sharing
We share information with service providers who process data on our behalf under contractual obligations:
| Category | Examples | Purpose |
|---|---|---|
| Authentication | Clerk | Sign-in, session security |
| Payments | Stripe | Checkout, fraud prevention, receipts |
| AI | OpenAI (and similar) | Chat completions and related features |
| Crawling | Firecrawl (and similar) | Website extraction |
| Hosting | Vercel | Application hosting, edge, logs |
| Database | Neon (Postgres) | Storing accounts, orders, content, logs |
| Resend | Transactional and product email |
We may also disclose information: (a) to comply with law or lawful requests; (b) to protect rights, safety, and security; (c) in connection with a merger, acquisition, or asset sale (with notice where required); (d) with your direction or consent.
5. Retention
We retain information as long as necessary to provide the Service, comply with law, resolve disputes, and enforce agreements. Examples (tune to your actual DB and backups):
- Account and billing records: for the life of the account plus a statutory period.
- Crawled website content: until you delete the project or we delete it per your instructions or Terms.
- Logs: a limited period for security and debugging.
- Marketing leads: until you opt out or we delete per internal policy.
Backup and replication may delay deletion; we will delete active copies when feasible.
6. Security
We use administrative, technical, and organizational measures appropriate to the nature of the Service (e.g. access controls, encryption in transit via HTTPS, secrets in environment configuration). No method of transmission or storage is 100% secure.
7. International transfers
If you access the Service from outside the country where our servers or providers are located, your information may be transferred across borders. Where required, we use appropriate safeguards (e.g. Standard Contractual Clauses). Replace with your actual transfer mechanism after legal review.
8. Your rights and choices
Depending on your location, you may have rights to access, correct, delete, restrict, or object to certain processing, and to data portability. You may also have the right to lodge a complaint with a supervisory authority.
To exercise rights, contact [PRIVACY EMAIL — REPLACE]. We may verify your request. Some rights may be limited (e.g. we must retain billing records).
Marketing: You may opt out of promotional emails using the unsubscribe link or by contacting us. Transactional emails may continue.
9. Children
The Service is not directed to children under 13 (or the age required in your jurisdiction). We do not knowingly collect personal information from children. Contact us if you believe we have done so.
10. Cookies and similar technologies
We and our providers may use cookies or local storage for authentication, preferences, security, and analytics. You can control cookies through browser settings; disabling some cookies may affect functionality.
11. California residents (CCPA/CPRA summary)
If California law applies: we describe categories of personal information in Sections 2–3. We use it for the business purposes in Section 3. You may have rights to know, delete, and correct personal information, and to opt out of certain sharing (we do not “sell” personal information in the conventional sense as described in Section 3). Have counsel add full CCPA text if you serve California consumers at scale.
12. Changes
We may update this Policy by posting a new version and changing the “Last updated” date. For material changes, we will provide additional notice where appropriate.
13. Contact
Privacy inquiries: [PRIVACY EMAIL — REPLACE]