Plain English Summary: We collect the information you give us to provide our service. We do not sell your data. We do not share it with advertisers. We use trusted third-party services to run our platform. You can request deletion of your data at any time.
Who We Are
Winter Tech AI ("we", "us", "our") operates the website at wintertechai.com and provides AI automation tools including AI chatbots, email automation and CRM services.
For the purposes of data protection law, Winter Tech AI is the data controller of the personal information we collect about you.
Contact: hello.wintertechai@gmail.com
What Information We Collect
Information you provide directly
- Name and email address when you sign up for an account or trial
- Business name, phone number and other details you enter during signup
- Messages you send us through contact forms or email
- Payment information (processed securely by Stripe — we never store card details)
- Content you upload to configure your chatbot (knowledge base, FAQs, etc.)
Information collected automatically
- IP address and browser type when you visit our website
- Pages visited, time on site and referring URL
- Device type and operating system
- Chatbot conversation data (messages sent to and from your AI chatbot)
- Usage data within your dashboard
Information from third parties
- Authentication data from Supabase (our authentication provider)
- Payment status information from Stripe
How We Use Your Information
We use the information we collect to:
- Create and manage your account
- Provide and improve our AI automation tools
- Process payments and send billing notifications
- Send you product updates and important account notifications
- Respond to your support requests and enquiries
- Send you marketing emails (only if you have opted in — you can opt out anytime)
- Analyse usage patterns to improve our platform
- Comply with legal obligations
- Prevent fraud and ensure platform security
Legal basis for processing (UK/EU users)
- Contract: Processing necessary to provide the service you signed up for
- Legitimate interests: Improving our platform, preventing fraud, analytics
- Consent: Marketing emails (you can withdraw consent anytime)
- Legal obligation: Where required by law
How We Store Your Data
Your data is stored securely using the following services:
- Supabase: Database and authentication — hosted on AWS infrastructure with encryption at rest
- Cloudflare: Website hosting and API proxy — global CDN with DDoS protection
- Stripe: Payment processing — PCI DSS Level 1 compliant
- Resend: Email delivery — SOC 2 compliant
All data transmission between your browser and our servers is encrypted using TLS (HTTPS). We never transmit or store payment card details — this is handled entirely by Stripe.
Security: We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure or destruction. However, no internet transmission is 100% secure. If you believe your account has been compromised, contact us immediately.
Who We Share Data With
We do not sell your personal data. We share data only with the following categories of trusted service providers who help us operate our platform:
- Supabase — database, authentication and storage
- Cloudflare — hosting, CDN and security
- Stripe — payment processing
- Resend — transactional email delivery
- Groq — AI language model API (conversation processing)
- FormSubmit — contact form processing
Each of these providers is contractually required to protect your data and use it only for the purposes we specify.
We may also disclose your information:
- If required by law, court order or regulatory authority
- To protect the rights, property or safety of Winter Tech AI, our clients or the public
- In connection with a business merger or acquisition (you will be notified)
Chatbot conversation data
When visitors interact with chatbots deployed by our clients, their conversation data is stored in our database and visible to the chatbot owner (our client). Conversation content may be processed by Groq's AI models to generate responses. We do not use visitor conversation data for any purpose other than operating the chatbot service.
Cookies and Tracking
We use minimal cookies essential for the platform to function:
- Authentication cookies: To keep you logged in to your dashboard
- Session cookies: Temporary cookies that expire when you close your browser
- Preference cookies: To remember your settings (e.g. billing toggle)
We do not use advertising cookies, tracking pixels or third-party analytics beyond what is needed to operate the service. We do not track you across other websites.
You can disable cookies in your browser settings. Note that disabling all cookies will prevent you from logging into your dashboard.
Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your personal data
- Portability: Request your data in a machine-readable format
- Restriction: Request that we restrict processing of your data
- Objection: Object to processing based on legitimate interests
- Withdraw consent: Withdraw consent for marketing emails at any time
To exercise any of these rights, email us at hello.wintertechai@gmail.com with the subject "Data Request". We will respond within 30 days.
You also have the right to lodge a complaint with your local data protection authority. In the UK this is the Information Commissioner's Office (ICO).
Data Retention
- Active accounts: Data retained for the duration of your subscription
- Cancelled accounts: Data retained for 90 days after cancellation, then deleted
- Trial accounts (expired, not converted): Deleted after 90 days
- Contact form submissions: Retained for 2 years for reference
- Payment records: Retained for 7 years as required by law
- Chatbot conversation logs: Retained for the duration of the client subscription, then deleted with the account
You can request immediate deletion of your account and data at any time by emailing us. Payment records required by law cannot be deleted early.
Children's Privacy
Our services are intended for businesses and are not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe a child under 16 has provided us with personal data, please contact us immediately and we will delete it.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for legal reasons. We will notify you of significant changes by:
- Sending an email to the address registered with your account
- Displaying a notice in your dashboard
- Updating the "Last updated" date at the top of this page
Continued use of our services after changes take effect constitutes acceptance of the updated policy.
Contact Us
If you have any questions about this Privacy Policy or how we handle your data, please contact us: