Typebot Privacy Policy

The content of this document is greatly inspired by the Plausible's Privacy Policy. Plausible is a big source of inspiration for us in terms of transparency and privacy.

In this policy, we lay out what data we collect and why, how your data is handled and your rights to your data. We promise we never sell your data.

At Typebot, we are committed to complying with the GDPR and ensuring the highest level of data protection for our users. As part of this commitment, we are ISO/IEC 27001:2022 certified, demonstrating our dedication to rigorous information security standards.

As a visitor to the typebot.io website

As a visitor to the typebot.io website:

  • No personal information is collected beyond what is described below
  • A first-party cookie named "typebot" is stored in the browser to track anonymous usage patterns and remember consent preferences. This cookie contains:
    • Anonymous visitor ID for analytics purposes
    • Session information to track visit duration
    • Consent status (whether you've accepted or declined anonymous analytics tracking)
    • Last authentication provider used (if you sign in)
  • No information is shared with advertising companies
  • No information is monetized

We use PostHog EU to collect anonymous data. The goal is to track overall trends in our website traffic. Data collected includes referral sources, top pages, visit duration, information from the devices (device type, operating system, country and browser) used during the visit and more.

As a user of Typebot, the chatbot builder

Our guiding principle is to collect only what we need to provide the best service to you. We use a select number of trusted external service providers for certain service offerings.

Cookies

  • Authentication: A persistent first-party session cookie is stored to remember you're logged in.

  • Typebot telemetry: The same typebot cookie described above is used to link your anonymous visitor activity to your user account when you sign in.

Services we use

  • We use Vercel for web app hosting. The Vercel platform caches all static content at their Edge Network by default. This means you will get static files like HTML, CSS, and JavaScript served from servers that are closest to you. Server Functions (API calls) are hosted on servers in London, UK (lhr1). See Vercel privacy policy for full details.

  • We use Planetscale for database hosting. The database is ultimately hosted in AWS eu-west-2 (London) region. See Planetscale privacy policy for full details.

  • We use AWS S3 in eu-west-3 (Paris) region for file storage.

  • We use Cloudflare for DDoS protection and CDN services. See Cloudflare privacy policy for full details.

  • The payment process is handled by a third-party payment provider. If you choose to upgrade to a Typebot paid plan, the billing information and the payment process is handled by Stripe. See the Stripe privacy policy for full details.

  • We use Sentry for anonymous error tracking only on the server's end. This allows us to meet our software quality standard. See the Sentry privacy policy for full details.

  • We use PostHog EU to collect anonymous behavioral data. This allows us to ultimately greatly improve the product. See the PostHog privacy policy for full details.

  • All emails are sent using a third-party email provider. Transactional emails and email reports are sent using Brevo. See the Brevo privacy policy for full details.

Third-Party Service Integrations

Typebot offers optional integrations with various third-party services to enhance your chatbot functionality. When you choose to connect these services, we handle your data with the following practices:

OAuth Authentication: If you choose to sign in with or connect third-party services (such as Google, GitHub, or other providers), we collect your basic profile information (name, email address, and profile picture) to create and maintain your Typebot user account. This information is stored securely in our encrypted database.

Service Credentials: All authentication credentials, including OAuth access tokens, refresh tokens, API keys, and other authentication secrets, are encrypted using industry-standard encryption before being stored in our database. These credentials are used exclusively to authenticate and authorize API calls to the connected services on your behalf.

Service Integrations: When you use integration blocks in your typebots (such as Google Sheets, OpenAI, Anthropic, or other third-party services), we access your data through the respective APIs. We only access the specific resources and data you explicitly configure in your typebot blocks. This data is processed in real-time and is not stored permanently on our servers unless specifically required for the integration to function.

Data Protection and Sharing:

  • We do not share, sell, or transfer your third-party service data to any other parties except as necessary to provide the services you've requested
  • We only access the specific services and data you explicitly authorize
  • We comply with each service provider's API terms of service and data usage policies

Data Retention: Third-party credentials are retained as long as your Typebot account is active or until you disconnect the service. Integration data is processed in real-time and is not permanently stored on our servers. You can delete your account and all associated data at any time.

Google Workspace APIs Compliance: The use of information received from Google Workspace APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

As a user of a typebot (the web chatbot itself)

You are bound to what the chatbot creator has set up in terms of data collection and data handling. We do not collect any personal data from chatbot users. We do not use behavioral insights to sell advertisements. We will never collect or store any personally identifiable information and we will never abuse your user’s privacy.

If the Remember user setting is on, data is stored to either local or session storage of the browser. This is to remember the user's answers if they leave the chatbot and come back later.

Third-Party Services in Typebots: If the typebot creator has configured third-party integrations (such as Google Sheets, Gmail, or other service blocks), your interactions with the typebot may result in data being sent to those third-party services. This data handling is controlled by the typebot creator and is subject to the respective service providers' privacy policies. We only facilitate the connection between the typebot and third-party services as configured by the creator.

Services we use

  • We use Vercel for hosting. The Vercel platform caches all static content at their Edge Network by default. This means you will get static files like HTML, CSS, and JavaScript served from servers that are closest to you. Server Functions (API calls) are hosted on servers in London, UK (lhr1). See Vercel privacy policy for full details.

  • We use Planetscale for database hosting. The database is ultimately hosted in AWS eu-west-2 (London) region. See Planetscale privacy policy for full details.

  • We use Cloudflare for DDoS protection and CDN services. See Cloudflare privacy policy for full details.

  • We use Sentry for anonymous error tracking only on the server's end. This allows us to meet our software quality standard. See the Sentry privacy policy for full details.

  • Payment input block uses a payment process handled by Stripe. See the Stripe privacy policy for full details.

  • Send email blocks that use the default [email protected] will ultimately use AWS SES in eu-west-3 (Paris).

Retention of data

We will retain your information as long as your account is active, as necessary to provide you with the services or as otherwise set forth in this policy.

We will also retain and use this information as necessary for the purposes set out in this policy and to the extent necessary to comply with our legal obligations, resolve disputes, enforce our agreements and protect Typebot’s legal rights.

You can ask to delete your Typebot account at any time by contacting us. All your data will be permanently deleted immediately.

Changes and questions

We may update this policy as needed to comply with relevant regulations and reflect any new practices.

Contact us if you have any questions, comments, or concerns about this privacy policy, your data, or your rights with respect to your information.

Last updated: July 18, 2025