Privacy Policy

Your privacy matters. We are committed to transparent, lawful data handling.

Last updated: 11 May 2026

Contents

  1. Who We Are
  2. Data We Collect
  3. How We Use Your Data
  4. Legal Basis for Processing
  5. Data Sharing
  6. Data Retention
  7. Your Rights (UK GDPR)
  8. Cookies
  9. International Transfers
  10. Security
  11. Children's Privacy
  12. Contact the Data Controller

1. Who We Are

Silux Chat Ltd ("Silux Chat", "we", "us", "our") is the data controller for the personal data collected through our website at www.siluxchat.com and our Smart Chatbot and live chat platform (the "Service").

We are registered in England and Wales. Our principal place of business is in Chesterfield, S43 3QE, United Kingdom.

This Privacy Policy explains how we collect, use, store, and share personal data about you when you use our Service, in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data We Collect

2.1 Data You Provide Directly

  • Account registration: Name, email address, password (hashed), organisation name, phone number
  • Profile information: Job title, profile photo, preferences
  • Payment data: Billing address, VAT number (actual card details are handled by our payment processor, Stripe; we do not store card numbers)
  • Contact forms: Name, email, message content, company name
  • Newsletter subscription: Email address

2.2 Data Generated When You Use the Service

  • Chatbot configuration: Bot names, knowledge base content, response templates you create
  • Conversation data: Messages sent to and from chatbots deployed on your website
  • Usage data: Pages visited, features used, session duration, click patterns
  • Log data: IP address, browser type and version, operating system, referring URL, date/time of access
  • Device identifiers: Browser fingerprint for security purposes

2.3 Your Customers' Data (Data Processor Role)

When your website visitors interact with a Silux Chat chatbot widget you have deployed, we process their conversation data on your behalf. In this context, you are the data controller and Silux Chat is the data processor. Please ensure your own privacy policy notifies your visitors of this processing.

2.4 Data from Third Parties

  • Google OAuth: If you sign in with Google, we receive your name, email, and profile photo from Google
  • Facebook OAuth: If you sign in with Facebook, we receive your name and email from Facebook

3. How We Use Your Data

  • To provide, maintain, and improve the Silux Chat platform
  • To process payments and manage subscriptions
  • To send transactional emails (account confirmation, password reset, billing receipts)
  • To send service updates, security alerts, and support messages
  • To send marketing communications (only with your explicit consent; you can opt out at any time)
  • To analyse platform usage and improve our product features
  • To detect, prevent, and investigate fraud or security incidents
  • To comply with our legal obligations
  • To respond to your enquiries and support requests

5. Data Sharing and Third-Party Processors

We share your personal data with trusted third parties only where necessary:

  • Stripe: Payment processing (PCI-DSS Level 1 certified)
  • Google: OAuth authentication, analytics (where enabled)
  • Email service providers: For transactional and marketing emails
  • Cloud hosting providers: For server infrastructure (data may be hosted in UK/EEA datacentres)
  • Customer support tools: To manage support tickets

We do not sell your personal data to third parties. We do not share your data for third-party advertising purposes without your explicit consent.

All third-party processors are bound by data processing agreements and are required to handle your data in compliance with UK GDPR.

6. Data Retention

  • Account data: Retained for the duration of your account plus 12 months after account closure
  • Conversation data: Retained for up to 24 months from the conversation date, unless you request earlier deletion
  • Financial records: Retained for 7 years in compliance with UK tax law
  • Log files: Retained for up to 90 days for security purposes
  • Marketing preferences: Retained until you withdraw consent

7. Your Rights Under UK GDPR

As a UK data subject, you have the following rights:

  • Right of access (Art. 15): Request a copy of all personal data we hold about you
  • Right to rectification (Art. 16): Correct inaccurate personal data
  • Right to erasure (Art. 17): Request deletion of your personal data ("right to be forgotten")
  • Right to restrict processing (Art. 18): Restrict how we use your data in certain circumstances
  • Right to data portability (Art. 20): Receive your data in a structured, machine-readable format
  • Right to object (Art. 21): Object to processing based on legitimate interests or for direct marketing
  • Rights related to automated decision-making (Art. 22): Not be subject to solely automated decisions that significantly affect you

To exercise any of these rights, please contact us at the details in Section 12. We will respond within 30 days.

If you are dissatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8. Cookies

We use cookies and similar technologies. Please see our full Cookie Policy for details of what we use and how to manage your preferences.

9. International Data Transfers

Where we transfer personal data outside the UK, we ensure appropriate safeguards are in place, such as the UK Government's International Data Transfer Agreement (IDTA) or transfers to countries with an adequacy decision. We will not transfer your data to countries that do not provide an adequate level of protection without appropriate safeguards.

10. Security

We take the security of your personal data seriously. We use industry-standard measures including:

  • TLS/HTTPS encryption for all data in transit
  • Encryption of sensitive data at rest
  • Access controls and least-privilege principles for staff
  • Regular security reviews and penetration testing
  • Secure password hashing (bcrypt)
  • Two-factor authentication options

No system is 100% secure. If you believe your data has been compromised, please contact us immediately at the details below.

11. Children's Privacy

Our Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

12. Contact the Data Controller

For any privacy-related questions, data subject access requests, or complaints, please contact us:

Silux Chat Ltd, Chesterfield, S43 3QE, United Kingdom
privacy@siluxchat.com

We may update this Privacy Policy from time to time. Where changes are significant, we will notify you by email or by a prominent notice on our website. This policy was last updated on 11 May 2026.