Our promise, in one paragraph
We do not take, mine, sell, share, or "enrich" the data your customers send through the widget. We do not build leads from it. We do not train AI on it. Each workspace is isolated from every other workspace at the application and database layer — your tenant is queried by id on every read and write, with no path to cross over. The same architectural isolation that banks and healthcare SaaS use is the bar we hold ourselves to.
Who we are
"Assistthewchat" (also "we", "us") is a SaaS product operated by Aabhaysa Technology. We act as a data processor for the customers (workspaces) that use our service, and as a data controller for the small set of operational data we collect about workspace admins and visitors to our marketing site.
What we collect
From workspace admins / agents
- Account profile: name, email, password hash, timezone, optional phone.
- Workspace info: company name, billing address, billing card token (held by our payment provider, not us).
- Audit log: every administrative action (invites, suspensions, billing changes, role grants).
From end-users (visitors who chat with you)
- Conversation transcripts and any data the visitor types into the widget.
- Optional identity (name, email) if your widget config asks for it or your app calls
identify(). - Operational metadata: page URL the chat opened on, IP address, user agent.
End-user data is collected on behalf of the workspace and belongs to the workspace. We process it only to deliver the chat product to that workspace — never to ourselves.
What we don't do — explicitly
- We don't sell, rent, or barter personal data. No exceptions, no "anonymised" loopholes.
- We don't generate leads from your visitors. Visitor identity stays inside your workspace; we don't sweep it into a marketing CRM, ours or anyone else's.
- We don't train models on your conversations. Your customers' messages are not used to fine-tune, evaluate, or seed any AI / ML system.
- We don't share data with advertising networks. The widget loads no third-party trackers — open the network tab and check.
- We don't read your messages for support. Engineers debug with redacted metadata only; access to message content requires a written request from your workspace owner.
- We don't use sub-processors for analytics. All product analytics are computed on our own infrastructure.
How workspaces are isolated
Every database row carries a workspace_id that's enforced on every query. The dashboard, the agent app, and the widget API each authenticate against a single workspace before any read happens. We run no cross-workspace background jobs that read message content. A breach of one workspace does not give the attacker a path to any other.
How long we keep it
- Active conversations are stored for the lifetime of your workspace.
- If you cancel, we keep workspace data for 30 days so a restore is possible, then delete it.
- Audit log entries are retained for 24 months for compliance.
- Billing records are retained as required by tax regulations (typically 7 years).
Where it lives
Production data is stored in our ap-south region (Mumbai) by default. Enterprise customers can request us-east or eu-west residency.
Your rights
You can access, correct, export, or delete your personal data at any time. Workspace admins can do this from Dashboard → Settings → Data. End-users should reach out to the workspace they chatted with — we'll forward verified requests to them on request.
Cookies
We use a single first-party session cookie on the dashboard for sign-in. The widget sets a persistent identifier so a returning visitor sees their chat history. There are no third-party advertising cookies.
Security
TLS everywhere, AES-256-Fernet on stored secrets (mailbox passwords, integration tokens), bcrypt password hashing, scoped database roles, and audited backups. Detailed controls live on the Security page.
Contact
Privacy questions go to info@aabhyasainc.com. For everything else, the contact form reaches a real human.