Privacy Policy

Your privacy matters. We are committed to transparent, lawful data handling.

Last updated: 11 May 2026

1. Who We Are

Silux Control UK Ltd T/A Silux Chat ("Silux Chat", "we", "us", "our") is the data controller for the personal data collected through our website at www.siluxchat.com and our Smart Chatbot and live chat platform (the "Service").

We are registered in England and Wales. Our principal place of business is in Chesterfield, S43 3QE, United Kingdom.

This Privacy Policy explains how we collect, use, store, and share personal data about you when you use our Service, in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data We Collect

2.1 Data You Provide Directly

  • Account registration: Name, email address, password (hashed), organisation name, phone number
  • Profile information: Job title, profile photo, preferences
  • Payment data: Billing address, VAT number (actual card details are handled by our payment processor, Stripe; we do not store card numbers)
  • Contact forms: Name, email, message content, company name
  • Newsletter subscription: Email address

2.2 Data Generated When You Use the Service

  • Chatbot configuration: Bot names, knowledge base content, response templates you create
  • Conversation data: Messages sent to and from chatbots deployed on your website
  • Usage data: Pages visited, features used, session duration, click patterns
  • Log data: IP address, browser type and version, operating system, referring URL, date/time of access
  • Device identifiers: Browser fingerprint for security purposes

2.3 Your Customers' Data (Data Processor Role)

When your website visitors interact with a Silux Chat chatbot widget you have deployed, we process their conversation data on your behalf. In this context, you are the data controller and Silux Chat is the data processor. Please ensure your own privacy policy notifies your visitors of this processing.

2.4 Data from Third Parties

  • Google OAuth: If you sign in with Google, we receive your name, email, and profile photo from Google
  • Facebook OAuth: If you sign in with Facebook, we receive your name and email from Facebook

3. How We Use Your Data

  • To provide, maintain, and improve the Silux Chat platform
  • To process payments and manage subscriptions
  • To send transactional emails (account confirmation, password reset, billing receipts)
  • To send service updates, security alerts, and support messages
  • To send marketing communications (only with your explicit consent; you can opt out at any time)
  • To analyse platform usage and improve our product features
  • To detect, prevent, and investigate fraud or security incidents
  • To comply with our legal obligations
  • To respond to your enquiries and support requests

5. Data Sharing and Third-Party Processors

We share your personal data with trusted third parties only where necessary:

  • Stripe: Payment processing (PCI-DSS Level 1 certified)
  • Google: OAuth authentication, analytics (where enabled)
  • Email service providers: For transactional and marketing emails
  • Cloud hosting providers: For server infrastructure (data may be hosted in UK/EEA datacentres)
  • Customer support tools: To manage support tickets

We do not sell your personal data to third parties. We do not share your data for third-party advertising purposes without your explicit consent.

All third-party processors are bound by data processing agreements and are required to handle your data in compliance with UK GDPR.

6. Data Retention

  • Account data: Retained for the duration of your account plus 12 months after account closure
  • Conversation data: Retained for up to 24 months from the conversation date, unless you request earlier deletion
  • Financial records: Retained for 7 years in compliance with UK tax law
  • Log files: Retained for up to 90 days for security purposes
  • Marketing preferences: Retained until you withdraw consent

7. Your Rights Under UK GDPR

As a UK data subject, you have the following rights:

  • Right of access (Art. 15): Request a copy of all personal data we hold about you
  • Right to rectification (Art. 16): Correct inaccurate personal data
  • Right to erasure (Art. 17): Request deletion of your personal data ("right to be forgotten")
  • Right to restrict processing (Art. 18): Restrict how we use your data in certain circumstances
  • Right to data portability (Art. 20): Receive your data in a structured, machine-readable format
  • Right to object (Art. 21): Object to processing based on legitimate interests or for direct marketing
  • Rights related to automated decision-making (Art. 22): Not be subject to solely automated decisions that significantly affect you

To exercise any of these rights, please contact us at the details in Section 12. We will respond within 30 days.

If you are dissatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8. Cookies

We use cookies and similar technologies. Please see our full Cookie Policy for details of what we use and how to manage your preferences.

9. International Data Transfers

Where we transfer personal data outside the UK, we ensure appropriate safeguards are in place, such as the UK Government's International Data Transfer Agreement (IDTA) or transfers to countries with an adequacy decision. We will not transfer your data to countries that do not provide an adequate level of protection without appropriate safeguards.

10. Security

We take the security of your personal data seriously. We use industry-standard measures including:

  • TLS/HTTPS encryption for all data in transit
  • Encryption of sensitive data at rest
  • Access controls and least-privilege principles for staff
  • Regular security reviews and penetration testing
  • Secure password hashing (bcrypt)
  • Two-factor authentication options

No system is 100% secure. If you believe your data has been compromised, please contact us immediately at the details below.

11. Children's Privacy

Our Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

12. International Users — Your Rights by Region

Silux Chat is operated from the United Kingdom but is used by businesses and individuals worldwide. We aim to comply with the data protection law that applies to you, and the rights below are in addition to those in Section 7. Where your local law gives you stronger or additional rights, those mandatory local rights apply.

United Kingdom & European Economic Area (UK GDPR / EU GDPR)

If you are in the UK or EEA, you have the rights of access, rectification, erasure, restriction, portability, and objection, and the right to lodge a complaint with your supervisory authority (in the UK, the Information Commissioner's Office). Where we rely on consent, you may withdraw it at any time. EEA users may contact our EU representative where one is appointed.

United States (including California — CCPA/CPRA)

If you are a US resident, you may have the right to know what personal information we collect, to access and delete it, to correct it, and to opt out of the "sale" or "sharing" of personal information and of targeted advertising. We do not sell personal information for money. California residents may exercise CCPA/CPRA rights, including the right not to receive discriminatory treatment for exercising them. Similar rights apply under other US state privacy laws (e.g. Virginia, Colorado, Connecticut).

Africa (e.g. South Africa POPIA, Nigeria NDPA)

If you are in South Africa, you have rights under the Protection of Personal Information Act (POPIA), including access, correction, and the right to complain to the Information Regulator. If you are in Nigeria, you have rights under the Nigeria Data Protection Act (NDPA). Equivalent rights under other African data-protection laws are respected where they apply to you.

Asia-Pacific (e.g. Australia, India, Singapore)

If you are in Australia (Privacy Act / Australian Privacy Principles), India (Digital Personal Data Protection Act), Singapore (PDPA), or another APAC jurisdiction, you may exercise the access, correction, and consent rights provided under your local law, and complain to your relevant regulator.

Everywhere else

Wherever you are, you can contact us to exercise the rights available to you under your local data-protection law. If we cannot verify your identity or are legally required to retain certain data, we will explain why.

13. Contact the Data Controller

For any privacy-related questions, data subject access requests, or complaints, please contact us:

Silux Control UK Ltd T/A Silux Chat, Chesterfield, S43 3QE, United Kingdom

We may update this Privacy Policy from time to time. Where changes are significant, we will notify you by email or by a prominent notice on our website. This policy was last updated on 11 May 2026.