Legal

Privacy Policy — ClickaByte

Effective date: September 16, 2025

Questions? Email [email protected].

1) Who we are

This Privacy Policy explains how ClickaByte (“ClickaByte”, “we”, “us”, “our”) processes personal data when you:

  • Visit or interact with our website at clickabyte.co.uk (the “Site”).
  • Use our software development services or contact us for enquiries and support.
  • Use or interact with WP AI Chat for WordPress and its related API services (the “Plugin” and the “Service”).

Legal entity: ClickaByte Ltd
Contact email: [email protected]
Owner: George Barnes

2) Scope & roles

This Policy covers all processing of personal data carried out by ClickaByte in connection with the Site, our services, and WP AI Chat.

  • Visitors to clickabyte.co.uk: When you visit the Site, use our contact forms, or use chat on clickabyte.co.uk, ClickaByte acts as the controller of your personal data.
  • Customers of ClickaByte: When you purchase or subscribe to our products and services (including WP AI Chat), we are the controller of your account, billing, and support data.
  • End users of WP AI Chat on Customer Sites: When WP AI Chat is installed on a third-party WordPress site (a “Customer Site”), the Customer (site owner or administrator) is the controller for visitor chats and related content; ClickaByte acts as a processor (or sub-processor as applicable) for those chats.

This Policy supplements each Customer Site’s own privacy policy. Site owners who use WP AI Chat should disclose the information in the “WP AI Chat for WordPress” section below in their own policies.

3) Data we process

A. Visitors to clickabyte.co.uk

Information you provide directly:

  • Contact details (e.g., name, email address, company) when you use forms, book a demo, or email us.
  • Information in messages you send (project details, support requests, feedback).
  • Content you enter via any chat interface on clickabyte.co.uk (including chats powered by WP AI Chat).

Information we collect automatically:

  • Standard log data such as IP address, browser type/version, time zone, and URLs you visit on the Site.
  • Device and usage data collected through analytics tools (see Cookies & tracking), such as pages viewed, time spent, and actions taken.

Sensitive data: Please do not include special category data (e.g., health, financial account numbers, precise location, government IDs) in contact forms or chat unless we specifically ask for it and you choose to provide it.

B. Customers (people and organisations who work with ClickaByte)

  • Account data: name, email, organisation, job title/role (if supplied), login identifiers (if we provide an account interface), WP AI Chat API key(s) and configuration metadata.
  • Billing data: plan, invoices, tax information, country, subscription details, and payment status. Card details are processed by our payment provider (e.g., Stripe); we do not store full card numbers.
  • Service & security logs: usage counts, timestamps, model/route, request sizes, status/HTTP codes, error messages, calling server IPs, and abuse-prevention signals.
  • Support data: messages, attachments, and other information you share with us via email, chat, or other channels.

C. End users of WP AI Chat on Customer Sites

We receive/process via the Customer Site’s server:

  • Chat content that the visitor submits (message text) to the WP AI Chat widget.
  • Conversation context from the site (provided by the Customer, not the visitor): site name, URL, language, tagline, and short excerpts of relevant public pages (title, URL, excerpt) used to generate answers.
  • Operational metadata created by our systems (timestamps, response time, success/error codes, rate-limit events).

What we do not collect by default:

  • We do not set cookies specifically for the WP AI Chat widget.
  • We do not use localStorage or sessionStorage in the widget for behavioural tracking.
  • We do not normally receive the visitor’s IP address or browser fingerprint directly when the integration is configured as intended. Requests to our Service are made server-to-server from the Customer Site’s server to our endpoint, so our logs contain the Customer Site/server IP (not the visitor’s device IP). If a Customer customises the integration to call our API directly from the browser, the visitor’s IP could be visible to us — this is off by default.

Sensitive data caution: The WP AI Chat input field is free text. Visitors should avoid entering sensitive information (e.g., health, financial, precise location, government IDs, passwords). Customers are responsible for informing their own users and can add their own notices.

D. WordPress storage on Customer Sites (WP AI Chat)

  • WP AI Chat stores configuration (including your API key) in the WordPress options table under the plugin’s option key (for example, aisa_options).
  • By default, the Plugin does not create custom database tables or store visitor chat transcripts in WordPress.
  • Site administrators can remove settings via Settings → WP AI Chat (or equivalent) and may also remove the option directly in the database if desired. Uninstalling the Plugin does not always purge all settings unless the reset/cleanup options are used.

4) Purposes & legal bases (GDPR/UK GDPR)

Purposes

  • Operating and improving the Site, including content, navigation, and security.
  • Providing and operating our software and development services, including WP AI Chat and related APIs.
  • Responding to enquiries, providing support, and communicating with you about our services.
  • Managing Customer accounts, billing, and subscriptions.
  • Monitoring, securing, and maintaining the performance and integrity of our systems (fraud/abuse detection, rate-limiting, debugging).
  • Improving the quality and relevance of our products (using aggregated or de-identified usage analytics where possible).
  • Complying with legal obligations and enforcing our contracts.

Legal bases

  • Contract (Art. 6(1)(b) GDPR / UK GDPR): where processing is necessary to perform a contract with you, for example to provide WP AI Chat, manage your subscription, or respond to pre-contract enquiries.
  • Legitimate interests (Art. 6(1)(f)): for example, to secure our systems, prevent abuse, understand service usage, and improve our offerings in ways that do not override your rights and freedoms.
  • Consent (Art. 6(1)(a)): where required for optional cookies, analytics, or marketing communications, or where local law mandates consent. You can withdraw consent at any time using the mechanisms we provide or by contacting us.
  • Legal obligation (Art. 6(1)(c)): where we must retain or disclose information to comply with tax, accounting, or other legal requirements.

Model training: We do not use Customer or Visitor content from WP AI Chat to train models unless a Customer explicitly opts in or we have a separate written agreement. By default, such content is used only to fulfill the request, maintain the service, and ensure security and quality.

5) Sharing & disclosures

We share personal data only as necessary to operate our business and services:

  • Cloud hosting & infrastructure: Providers that host our application code, databases, and logs (for example, cloud platforms or edge runtimes) to deliver the Site and WP AI Chat.
  • Payment processing: Payment service providers (e.g., Stripe) that handle billing and subscription payments on our behalf.
  • Communication & support tools: Email and helpdesk providers we use to respond to your enquiries.
  • Professional advisors: Legal, accounting, or other professional advisors under appropriate confidentiality obligations.
  • Law enforcement and legal obligations: Where we are required to do so by applicable law or where disclosure is necessary to protect our rights, your safety, or the safety of others.

Where required, we put in place appropriate data processing agreements and, for international transfers, Standard Contractual Clauses and similar safeguards.

6) International data transfers

We may process and store personal data in countries outside your own, including outside the UK and EEA. Where such transfers occur and no adequacy decision applies, we rely on lawful transfer mechanisms such as the EU Standard Contractual Clauses, together with the UK Addendum/IDTA where relevant, and implement additional safeguards where appropriate.

7) Retention

  • Site analytics & logs: kept for a period appropriate to monitor performance, security, and usage (typically up to 12–24 months), after which they are deleted or anonymised.
  • Visitor request data via WP AI Chat: retained in our systems for up to 30 days, then deleted or anonymised unless we need to keep it longer for security, debugging, or legal reasons.
  • Customer account and billing data: retained for the life of the account and then typically 6–7 years after closure to satisfy tax and audit obligations.
  • Support correspondence: retained for around 12–24 months, or longer where necessary for dispute resolution or legal reasons, unless deletion is requested and permitted.

8) Security

We use appropriate technical and organisational measures to protect personal data, including TLS for data in transit, access controls and least-privilege permissions, encrypted secret management, audit logging, and regular reviews of our sub-processors’ security posture. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

9) Children

Our Site, services, and WP AI Chat are not directed to children under 16 (or the age defined by local law). We do not knowingly collect or process personal data from children. If you believe a child has provided us with personal data, please contact us so we can take appropriate steps, including deletion.

10) Your rights

Depending on your location and applicable law, you may have some or all of the following rights:

  • To request access to personal data we hold about you.
  • To request correction (rectification) of inaccurate or incomplete data.
  • To request deletion (erasure) of your data in certain circumstances.
  • To request restriction of processing of your data.
  • To object to certain types of processing, including profiling based on legitimate interests.
  • To request portability of your data, where technically feasible.
  • To withdraw consent where we rely on your consent.

EEA/UK/Swiss users:

You can exercise your rights by emailing [email protected]. You also have the right to lodge a complaint with your local data protection authority.

California residents (CCPA/CPRA):

  • You may request to know what personal information we collect, use, and disclose.
  • You may request deletion of your personal information, subject to certain exceptions.
  • You may ask whether we “sell” or “share” your personal information. We do not sell personal information and do not share it for cross-context behavioural advertising.
  • You may exercise your rights directly or through an authorised agent, subject to verification requirements.

We will respond to requests within the time frames required by applicable law.

11) Cookies & tracking

On clickabyte.co.uk

  • We use cookies and similar technologies that are necessary for the operation and security of the Site (for example, load balancing, session management, and basic functionality).
  • We may use analytics tools such as Google Analytics to understand how visitors use the Site (e.g., page views, time on page, referrers). These tools use cookies and similar identifiers. Where required by law, we will obtain your consent before setting non-essential cookies.
  • You can control cookies through your browser settings and, where provided, through our cookie banner or preferences tool.

WP AI Chat plugin & API Service

  • The WP AI Chat Plugin itself does not set cookies for tracking visitor behaviour by default.
  • Our API is typically called server-to-server from the Customer Site. We do not inject third-party marketing tags into Customer Sites via WP AI Chat.
  • Customers may choose to log chats or use additional analytics on their own sites; such use is governed by their own privacy and cookie policies.

12) Automated decision-making

WP AI Chat and related AI features automatically generate draft answers to messages you or your visitors submit. These responses are generated based on prompts, configuration, and site content. Apart from these user-initiated AI outputs, we do not make decisions with legal or similarly significant effects based solely on automated processing.

13) WP AI Chat for WordPress (Plugin & API Service)

A. Summary for visitors using WP AI Chat on clickabyte.co.uk

  • When you send a message via the WP AI Chat widget on clickabyte.co.uk, your message is sent to our API to generate a reply.
  • We use parts of our own Site content (such as page titles and excerpts) as context to help answer your questions. This content is taken from public pages only.
  • Your chats may be temporarily logged for security and debugging (typically up to 30 days) and then deleted or anonymised unless we need to keep them longer to investigate abuse or technical issues.

B. Summary for Customer Sites that install WP AI Chat

  • When a visitor sends a message via the WP AI Chat widget on your own site, the message plus limited site context and short excerpts of public pages are sent to our API to generate a reply.
  • The Plugin normally communicates server-to-server over HTTPS; our systems see your site/server IP address, not the visitor’s device IP, unless you customise the integration to call us directly from the browser.
  • The Plugin stores your API key and design/settings in the WordPress options table. It does not store chat messages by default. You may choose to store transcripts separately (for example, in your own logs); if you do, you are responsible for disclosing this and setting your own retention period.
  • Admins can reset all Plugin settings (including the API key) from the Plugin settings page and may remove the options from the database or on uninstall, depending on how you configure it.
  • If you as the site owner save conversations or use them for profiling or marketing, you must disclose this in your own privacy policy and obtain consent if required by applicable law.

Controller/processor reminder: For chats on your own WordPress site, you are the controller of visitor data; ClickaByte acts as your processor for those chats. For chats on clickabyte.co.uk, ClickaByte is the controller.

14) Data Processing Addendum (DPA)

If you are a Customer and require a Data Processing Addendum governing processing performed on your behalf (for example, for WP AI Chat), please contact us at [email protected]. We can provide a DPA with details of our processing activities and sub-processors.

15) Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. The “Effective date” at the top of this page indicates when it was last updated. If we make material changes, we may provide additional notice (for example, by email to Customers or by a prominent notice on the Site).

16) Contact

If you have questions or requests about this Policy or your data rights, you can contact us at:

Email: [email protected]

WordPress note: If you use WP AI Chat on your own WordPress site, suitable parts of this content can be surfaced inside the WordPress Privacy Policy Guide using wp_add_privacy_policy_content().