Privacy Policy

What Onboardi.ai Is

Onboardi.ai is an AI-powered onboarding assistant for SaaS products. SaaS owners ("Customers") install a chat widget on their websites. The widget answers questions from the owners' end users ("End Users") using a knowledge base that Onboardi.ai automatically generates by crawling the Customer's website.

Onboardi.ai is a B2B SaaS tool that provides AI chat widgets for SaaS products. It processes data on behalf of its customers (SaaS owners) and their end users (website visitors who interact with the chat widget).

This Privacy Policy explains what data we collect from both Customers and End Users, how we use it, and what rights you have.

Information We Collect

Account Information (SaaS Owners)

When you create an Onboardi.ai account, we collect:

• Email address and name — provided via Google OAuth or email/password registration
• Website URL — the URL you provide for your product, which Onboardi.ai crawls to build a knowledge base
• Additional URLs — any extra pages or domains you add for crawling or widget installation

We use this information to create and manage your account, crawl your website, and provide the Onboardi.ai service.

Widget User Data (End Users)

When an End User interacts with the Onboardi.ai widget on a Customer's website, we collect:

• Chat messages — the questions End Users type and the AI-generated responses
• Email address — only if the End User voluntarily provides it when the widget cannot answer a question
• Feedback data — thumbs up/down ratings and optional feedback text on AI responses

The Onboardi.ai chat widget collects only the messages users type, optional email addresses (when users choose to provide them), and response feedback. Onboardi.ai does not track End Users across websites and does not collect personal data beyond what users explicitly provide in the chat.

Automatically Collected Data

We automatically collect limited technical data:

• Session identifiers — anonymous session tokens stored in the browser to maintain conversation context within a single visit
• Theme data — CSS variables and computed styles from the host website, used to visually match the widget to the site's design. This is purely visual data and contains no personal information.

We do not collect IP addresses, device fingerprints, geolocation data, or any tracking identifiers from End Users.

How We Use Your Information

We use collected information for the following purposes:

For Customers (SaaS Owners):

• Providing the Onboardi.ai service — crawling websites, building knowledge bases, powering the AI chat widget
• Account management — authentication, billing (when applicable), and support
• Service improvement — analyzing aggregate usage patterns to improve the product
• Communication — sending essential service notifications (not marketing, unless you opt in)

For End Users:

• Answering questions via the AI chat widget
• Enabling the Customer to follow up on unanswered questions (only if the End User provided an email)
• Improving AI response quality through feedback analysis

Onboardi.ai never sells personal data. Data collected through the chat widget is used solely to provide the AI assistant service and to help SaaS owners improve their products.

AI Processing and Data Handling

Onboardi.ai uses artificial intelligence to provide its core service. Here is how AI interacts with your data:

Knowledge base generation: When a Customer provides a website URL, Onboardi.ai crawls the publicly accessible pages of that website, extracts the text content, and converts it into vector embeddings using OpenAI's embedding models. These embeddings are stored in a vector database and used to find relevant information when End Users ask questions.

Chat responses: When an End User asks a question, the widget sends the question to Onboardi.ai's backend. The system retrieves relevant knowledge base content and sends it, along with the question, to OpenAI's language model (GPT-4o-mini) to generate a response. The conversation history within a session is included for context.

What goes to OpenAI:

• Publicly available website content (already public)
• End User chat messages and conversation history within a session
• No Customer account data, no End User email addresses, no feedback data

Onboardi.ai uses OpenAI's GPT-4o-mini model to generate chat responses. Only the End User's chat messages and publicly available website content are sent to OpenAI. Personal account data and email addresses are never shared with AI providers.

OpenAI's data usage policy applies to data sent to their API. As of the date of this policy, OpenAI does not use data submitted via their API to train their models. For the most current information, refer to OpenAI's API data usage policy.

Data Sharing and Third-Party Services

We share data with third-party service providers only as necessary to operate Onboardi.ai:

We do not sell, rent, or trade personal data to third parties. We do not share data with advertising networks. We do not use third-party analytics or tracking scripts on the chat widget.

Onboardi.ai does not sell or share personal data with advertisers. Third-party services (OpenAI, Pinecone, hosting providers) receive only the minimum data necessary to operate the service.

Data Storage and Security

Your data is stored on servers provided by our hosting infrastructure. We implement industry-standard security measures including:

• Encrypted data transmission (TLS/HTTPS) for all connections
• Encrypted data at rest for databases
• Authentication and access controls for all administrative systems
• Isolated data per Customer — each Customer's knowledge base and chat data is logically separated

We regularly review and update our security practices. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

Note: Specific hosting regions and providers will be documented here as our infrastructure is finalized. If your use case requires data residency in a specific region, please contact us.

Data Retention

Customer account data: Retained for the duration of your active account, plus 30 days after account deletion to allow for recovery.

Chat messages and session data: Retained for as long as the Customer's account is active. Customers can request deletion of specific chat sessions or all chat data at any time.

End User email addresses: Retained for as long as the associated Customer account is active, or until the Customer deletes them.

Knowledge base data: Retained for as long as the Customer's account is active. Deleted when the Customer removes pages, deletes the agent, or closes their account.

After account deletion: All associated data (account information, knowledge base, chat history, End User data) is permanently deleted within 30 days.

Your Rights Under GDPR

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR):

• Right of access — request a copy of your personal data
• Right to rectification — request correction of inaccurate data
• Right to erasure — request deletion of your personal data
• Right to restrict processing — request that we limit how we use your data
• Right to data portability — request your data in a machine-readable format
• Right to object — object to our processing of your data
• Right to withdraw consent — withdraw consent at any time where processing is based on consent

Legal basis for processing:

• Contract performance — processing necessary to provide the Onboardi.ai service (Article 6(1)(b))
• Legitimate interests — service improvement and security (Article 6(1)(f))
• Consent — where applicable, such as optional email collection from End Users (Article 6(1)(a))

For End Users: If you are an End User who interacted with an Onboardi.ai widget on a Customer's website, please note that the Customer is the data controller for your chat data. Onboardi.ai acts as a data processor on behalf of the Customer. To exercise your rights regarding chat data, contact the website owner directly. You may also contact us, and we will assist in forwarding your request.

To exercise your GDPR rights, contact us at [email protected].

Your Rights Under CCPA

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with the following rights:

• Right to know — request what personal information we collect, use, and share
• Right to delete — request deletion of your personal information
• Right to opt-out of sale — we do not sell personal information, so this right is already satisfied
• Right to non-discrimination — we will not discriminate against you for exercising your rights

Onboardi.ai does not sell personal information as defined by the CCPA. California residents can request access to or deletion of their personal data by contacting [email protected].

To exercise your CCPA rights, contact us at [email protected].

Data Processing Agreement Provisions

When Onboardi.ai processes End User data on behalf of a Customer, the Customer is the data controller and Onboardi.ai is the data processor under GDPR. The following provisions apply:

• Onboardi.ai processes End User data only on the Customer's behalf and according to the Customer's instructions (i.e., providing the AI assistant service).
• Onboardi.ai does not use End User data for its own independent purposes beyond what is necessary to provide and improve the service.
• Onboardi.ai implements appropriate technical and organizational security measures to protect End User data.
• Onboardi.ai will notify the Customer without undue delay if it becomes aware of a personal data breach affecting the Customer's End User data.
• Upon termination of the Customer's account, Onboardi.ai will delete all End User data within the retention period specified above.
• Onboardi.ai engages sub-processors (listed in the "Data Sharing and Third-Party Services" section) and will notify Customers of any changes to sub-processors.
• Onboardi.ai will assist the Customer in responding to data subject access requests from End Users.

By using Onboardi.ai, Customers agree to these data processing terms.

Cookies and Local Storage

Onboardi.ai uses minimal browser storage:

On the Onboardi.ai website (onboardi.ai):

• Authentication cookies — to keep Customers logged in to the admin dashboard
• Essential session cookies — for security and functionality

On Customer websites (the chat widget):

• localStorage — stores the AI-generated widget theme to prevent visual flash on return visits. This data contains CSS values only — no personal information.
• Session storage — maintains conversation context during a browser session

The Onboardi.ai widget does not use third-party cookies, tracking cookies, or advertising cookies. We do not use analytics scripts within the widget.

The Onboardi.ai chat widget does not use tracking cookies or third-party analytics. It stores only a visual theme cache in localStorage (no personal data) and session data for conversation continuity.

Children's Privacy

Onboardi.ai is a B2B service intended for use by SaaS businesses. We do not knowingly collect personal information from children under the age of 16 (or the applicable age in your jurisdiction). If you believe a child has provided personal data through an Onboardi.ai widget, please contact us and we will delete it promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page. For material changes that affect how we handle personal data, we will notify Customers via email.

We encourage you to review this page periodically.

Contact Us

If you have questions about this Privacy Policy, your data, or your rights, contact us at:

Email: [email protected]

For GDPR-related requests, please include "GDPR Request" in the subject line.
For CCPA-related requests, please include "CCPA Request" in the subject line.