Legal
Privacy Policy
This draft explains the data flows currently visible in Plug & Play. It must be completed with the business details and practices listed below before publication.
Information used by the service
Plug & Play processes account sign-in information through its authentication service. It also stores workspace profile details, such as the business name and assistant settings.
When an administrator uploads a document, the document name and extracted text are stored in the workspace knowledge base. When a website visitor chats with an assistant, the service stores the visitor's messages, assistant responses, conversation title, rating, and related analytics information.
How information is used
Uploaded content is used to build the assistant's searchable knowledge base. Chat messages and relevant conversation history are used to generate responses. Workspace administrators can review conversations, ratings, summaries, and unanswered questions in the admin workspace.
Do not upload or submit information unless you are authorised to share it. Website visitors should avoid sending sensitive information through the chat widget.
AI and service providers
The current application sends uploaded document text to OpenAI to create search embeddings. It sends chat content, relevant knowledge-base context, and conversation content used for summaries to DeepSeek to generate responses and summaries.
The application architecture also uses Supabase for authentication and database services. Production hosting and edge services must be confirmed before a final policy identifies all providers and applicable data locations.
Storage and deletion
Workspace administrators can delete individual documents and conversations from the admin workspace. The application deletes the corresponding active database records and document chunks.
This draft does not state a retention period or make a claim about backups, logs, or third-party retention. Those details must be confirmed before publication.
Your questions and choices
A final policy must identify the organisation responsible for Plug & Play, provide a privacy contact, explain available privacy choices, and state how requests are handled. Those details are not yet configured in the application.