We believe you shouldn't need a law degree to understand how your data is used. Here is our transparent, plain-English guide to what we collect and how we protect it.
Last updated: August 15, 2025
The most important things you need to know about how we handle your information.
We have never sold your personal data or your customers' data to third-party advertisers or brokers, and we never will.
The documents you upload to train your AI belong to you. You grant us a limited license solely to provide the service to you.
We strictly isolate your data. We do not use your knowledge base or chat logs to train our underlying foundational AI models.
If you cancel your account or request deletion under GDPR/CCPA, we purge your data from our active databases within 30 days.
To provide you with our AI support services, we collect information in three distinct categories. We logically separate account data from your proprietary training data.
Information you provide when creating a DuDiBa account.
The proprietary documents you feed to our AI for training.
Information generated when your website visitors interact with the DuDiBa widget.
We use your data strictly to operate, maintain, and improve the DuDiBa platform for you.
We generate vector embeddings of your Knowledge Base Data to allow the AI to retrieve accurate answers to your customers' questions.
We process chat transcripts to generate aggregated dashboards for you, showing resolution rates and common customer questions.
We use Account Data to process payments, send invoices, and respond to your technical support requests.
We analyze usage logs and telemetry to detect and prevent fraud, abuse, DDoS attacks, and security incidents.
DuDiBa requires certain third-party sub-processors to function. We only share the minimum amount of data necessary, and all sub-processors are strictly vetted for SOC 2 and GDPR compliance.
Cloud infrastructure, database hosting, and encrypted storage.
LLM inference. We use strictly commercial APIs with Zero Data Retention policies. They do not train on your data.
Secure payment processing. We never store your full credit card details.
We may disclose your information if required to do so by law, or in response to a valid subpoena, court order, or government request. We will attempt to notify you of any such request unless legally prohibited.
Whether you are protected by the GDPR (Europe), CCPA (California), or neither, we believe in giving all our users universal data rights.
You can request a complete export of your account data and configurations at any time via the dashboard.
The right to be forgotten. You can permanently delete your account, embeddings, and chat logs with one click.
You can log in at any time to correct or update inaccurate billing or profile information.
We provide machine-readable CSV/JSON exports of your chat transcripts to move your data freely.
Want to exercise your rights? Submit a secure Data Subject Request (DSR) directly to our privacy team.
We use cookies and similar tracking technologies to keep you logged in, analyze site traffic, and understand how our product is used.
Required for the platform to function (e.g., authentication tokens, CSRF protection). These cannot be disabled.
We use basic tracking to see which features are used most often, helping us improve the UI.
When you embed DuDiBa on your site, our widget uses localStorage solely to maintain the chat session history for the user. We do not track your users across other websites.
Our Data Protection Officer (DPO) and privacy team are available to answer any specific questions you have about our data handling practices.
Email privacy@dudiba.comDuDiBa Inc.
100 Market Street, Suite 300, San Francisco, CA 94105