Privacy Policy
Your privacy matters. We are committed to transparent, lawful data handling.
Contents
1. Who We Are
Silux Control UK Ltd T/A Silux Chat ("Silux Chat", "we", "us", "our") is the data controller for the personal data collected through our website at www.siluxchat.com and our Smart Chatbot and live chat platform (the "Service").
We are registered in England and Wales. Our principal place of business is in Chesterfield, S43 3QE, United Kingdom.
This Privacy Policy explains how we collect, use, store, and share personal data about you when you use our Service, in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Data We Collect
2.1 Data You Provide Directly
- Account registration: Name, email address, password (hashed), organisation name, phone number
- Profile information: Job title, profile photo, preferences
- Payment data: Billing address, VAT number (actual card details are handled by our payment processor, Stripe; we do not store card numbers)
- Contact forms: Name, email, message content, company name
- Newsletter subscription: Email address
2.2 Data Generated When You Use the Service
- Chatbot configuration: Bot names, knowledge base content, response templates you create
- Conversation data: Messages sent to and from chatbots deployed on your website
- Usage data: Pages visited, features used, session duration, click patterns
- Log data: IP address, browser type and version, operating system, referring URL, date/time of access
- Device identifiers: Browser fingerprint for security purposes
2.3 Your Customers' Data (Data Processor Role)
When your website visitors interact with a Silux Chat chatbot widget you have deployed, we process their conversation data on your behalf. In this context, you are the data controller and Silux Chat is the data processor. Please ensure your own privacy policy notifies your visitors of this processing.
2.4 Data from Third Parties
- Google OAuth: If you sign in with Google, we receive your name, email, and profile photo from Google
- Facebook OAuth: If you sign in with Facebook, we receive your name and email from Facebook
3. How We Use Your Data
- To provide, maintain, and improve the Silux Chat platform
- To process payments and manage subscriptions
- To send transactional emails (account confirmation, password reset, billing receipts)
- To send service updates, security alerts, and support messages
- To send marketing communications (only with your explicit consent; you can opt out at any time)
- To analyse platform usage and improve our product features
- To detect, prevent, and investigate fraud or security incidents
- To comply with our legal obligations
- To respond to your enquiries and support requests
4. Legal Basis for Processing (UK GDPR Article 6)
We process your personal data under the following lawful bases:
- Contract (Art. 6(1)(b)): To provide our Service to you and fulfil our contractual obligations
- Legitimate interests (Art. 6(1)(f)): To improve our platform, detect fraud, and send service-related communications
- Consent (Art. 6(1)(a)): For marketing emails and non-essential cookies — you may withdraw consent at any time
- Legal obligation (Art. 6(1)(c)): Where required by UK law, including tax and accounting obligations
5. Data Sharing and Third-Party Processors
We share your personal data with trusted third parties only where necessary:
- Stripe: Payment processing (PCI-DSS Level 1 certified)
- Google: OAuth authentication, analytics (where enabled)
- Email service providers: For transactional and marketing emails
- Cloud hosting providers: For server infrastructure (data may be hosted in UK/EEA datacentres)
- Customer support tools: To manage support tickets
We do not sell your personal data to third parties. We do not share your data for third-party advertising purposes without your explicit consent.
All third-party processors are bound by data processing agreements and are required to handle your data in compliance with UK GDPR.
6. Data Retention
- Account data: Retained for the duration of your account plus 12 months after account closure
- Conversation data: Retained for up to 24 months from the conversation date, unless you request earlier deletion
- Financial records: Retained for 7 years in compliance with UK tax law
- Log files: Retained for up to 90 days for security purposes
- Marketing preferences: Retained until you withdraw consent
7. Your Rights Under UK GDPR
As a UK data subject, you have the following rights:
- Right of access (Art. 15): Request a copy of all personal data we hold about you
- Right to rectification (Art. 16): Correct inaccurate personal data
- Right to erasure (Art. 17): Request deletion of your personal data ("right to be forgotten")
- Right to restrict processing (Art. 18): Restrict how we use your data in certain circumstances
- Right to data portability (Art. 20): Receive your data in a structured, machine-readable format
- Right to object (Art. 21): Object to processing based on legitimate interests or for direct marketing
- Rights related to automated decision-making (Art. 22): Not be subject to solely automated decisions that significantly affect you
To exercise any of these rights, please contact us at the details in Section 12. We will respond within 30 days.
If you are dissatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
9. International Data Transfers
Where we transfer personal data outside the UK, we ensure appropriate safeguards are in place, such as the UK Government's International Data Transfer Agreement (IDTA) or transfers to countries with an adequacy decision. We will not transfer your data to countries that do not provide an adequate level of protection without appropriate safeguards.
10. Security
We take the security of your personal data seriously. We use industry-standard measures including:
- TLS/HTTPS encryption for all data in transit
- Encryption of sensitive data at rest
- Access controls and least-privilege principles for staff
- Regular security reviews and penetration testing
- Secure password hashing (bcrypt)
- Two-factor authentication options
No system is 100% secure. If you believe your data has been compromised, please contact us immediately at the details below.
11. Children's Privacy
Our Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.
12. International Users — Your Rights by Region
Silux Chat is operated from the United Kingdom but is used by businesses and individuals worldwide. We aim to comply with the data protection law that applies to you, and the rights below are in addition to those in Section 7. Where your local law gives you stronger or additional rights, those mandatory local rights apply.
United Kingdom & European Economic Area (UK GDPR / EU GDPR)
If you are in the UK or EEA, you have the rights of access, rectification, erasure, restriction, portability, and objection, and the right to lodge a complaint with your supervisory authority (in the UK, the Information Commissioner's Office). Where we rely on consent, you may withdraw it at any time. EEA users may contact our EU representative where one is appointed.
United States (including California — CCPA/CPRA)
If you are a US resident, you may have the right to know what personal information we collect, to access and delete it, to correct it, and to opt out of the "sale" or "sharing" of personal information and of targeted advertising. We do not sell personal information for money. California residents may exercise CCPA/CPRA rights, including the right not to receive discriminatory treatment for exercising them. Similar rights apply under other US state privacy laws (e.g. Virginia, Colorado, Connecticut).
Africa (e.g. South Africa POPIA, Nigeria NDPA)
If you are in South Africa, you have rights under the Protection of Personal Information Act (POPIA), including access, correction, and the right to complain to the Information Regulator. If you are in Nigeria, you have rights under the Nigeria Data Protection Act (NDPA). Equivalent rights under other African data-protection laws are respected where they apply to you.
Asia-Pacific (e.g. Australia, India, Singapore)
If you are in Australia (Privacy Act / Australian Privacy Principles), India (Digital Personal Data Protection Act), Singapore (PDPA), or another APAC jurisdiction, you may exercise the access, correction, and consent rights provided under your local law, and complain to your relevant regulator.
Everywhere else
Wherever you are, you can contact us to exercise the rights available to you under your local data-protection law. If we cannot verify your identity or are legally required to retain certain data, we will explain why.
13. Contact the Data Controller
For any privacy-related questions, data subject access requests, or complaints, please contact us:
We may update this Privacy Policy from time to time. Where changes are significant, we will notify you by email or by a prominent notice on our website. This policy was last updated on 11 May 2026.