Privacy Policy
Last updated: 2 July 2026
Ask Leya (“Ask Leya”, “we”, “us”) operates askleya.io and the embeddable chat widget. This policy explains what we collect and why. It covers two groups: customers (businesses who sign up) and visitors (people who chat with the widget on a customer’s website).
Information we collect
- Account data — your name, email, company name, and a securely hashed password.
- Configuration & content — your bot settings and the knowledge base you provide (FAQs, policies, product info).
- Conversations — messages exchanged with the widget, stored as transcripts.
- Leads — contact details a visitor voluntarily submits (name, email, phone, message).
- Technical data — IP address, session identifiers, and usage metrics (e.g. message counts).
- Billing data — subscription and plan information. Payments are processed by Stripe; we do not store card numbers.
How we use information
- To provide the service — generate AI responses, deliver leads, and run your assistant.
- To meter usage and process billing.
- To secure the platform and prevent abuse.
- To communicate with you about your account and important service updates.
AI processing
To answer a question, the visitor’s message and the most relevant portions of your knowledge base are sent to our AI provider to generate a reply. We instruct the model to answer only from that content.
Service providers (sub-processors)
We rely on trusted providers to run Ask Leya:
- Neon — database hosting.
- OpenRouter — AI model processing for chat responses.
- Cloudinary — hosting bot avatar images.
- Stripe — subscription payments.
- Email provider — sending lead notifications and account emails.
Cookies & local storage
We use browser local storage to keep you signed in and to maintain a stable chat session. We do not use third-party advertising or cross-site tracking cookies.
Data retention & deletion
We retain data while your account is active. You can request deletion of your account and associated data at any time by emailing privacy@askleya.io.
Security
Data is encrypted in transit (TLS). Sensitive secrets such as bring-your-own AI keys are encrypted at rest (AES-256-GCM). Every customer’s data is isolated by tenant, and widget embedding can be restricted to allowed domains.
Roles & responsibilities
For visitor data collected through the widget on a customer’s website, the customer (website owner) is the data controller and Ask Leya acts as a data processor. Customers are responsible for informing their visitors and obtaining any required consent.
Your rights
Depending on your location (e.g. GDPR/CCPA), you may have the right to access, correct, delete, or export your personal data. To exercise these rights, contact privacy@askleya.io.
Children
Ask Leya is not directed to children under 16 and we do not knowingly collect their data.
Changes
We may update this policy; material changes will be reflected by the “Last updated” date above.
Contact
Questions about privacy? Email privacy@askleya.io.