Privacy Policy
Last updated: 26 May 2026
This Privacy Policy describes what personal data Chatbotscape collects when you use our website, how we use and share that data, and the rights you have under the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the Brazilian General Data Protection Law (LGPD), and other applicable privacy laws.
Who we are
Chatbotscape is an independent editorial publication operating chatbotscape.com. We are the data controller for personal data processed through this site.
For data protection inquiries: privacy@chatbotscape.com
What we collect
We collect three categories of data through your use of our website:
1. Information you provide directly. When you submit our contact form, request a methodology audit, sign up for our newsletter (if offered), or email us at any of our editorial addresses, you provide us with personal data: your name, email address, the message content, and any additional information you choose to share. We collect this data because you have provided it to us for the purpose of receiving a response.
2. Information collected automatically when you visit. When you visit chatbotscape.com, our servers and analytics tools automatically collect technical data about your visit: IP address, device type, browser type and version, operating system, the page URL you visited, the referring URL that brought you to our site, the date and time of your visit, and your interaction with the page (scroll depth, time on page, exit links clicked). We collect this data to operate the site reliably, measure aggregate readership, and identify performance issues.
3. Affiliate click attribution data. When you click an affiliate link on a Chatbotscape review and complete a paid sign-up on the linked platform, the platform records that the sign-up came from Chatbotscape via a tracking identifier appended to the URL. The tracking identifier is platform-controlled, not Chatbotscape-controlled. We see the aggregate attribution report from each platform's affiliate program (how many sign-ups, how much commission) but do not see your personal identity unless you choose to disclose it to the linked platform.
Cookies and similar tracking technologies
Chatbotscape uses cookies and similar tracking technologies (web beacons, pixel tags, local storage) to operate the site, measure aggregate traffic, and surface affiliate-link attribution. The cookies we set are categorized as:
Strictly necessary cookies — required for the site to function (session cookies, security cookies, load-balancing cookies). These cannot be disabled.
Analytics cookies — measure aggregate traffic patterns (page views, session duration, geographic distribution). We use a privacy-focused analytics service for this purpose. You can opt out of analytics cookies through the cookie banner on first visit or via your browser settings.
Affiliate attribution cookies — set by affiliate program providers (not by Chatbotscape directly) when you click an affiliate link. These cookies typically have a 30-90 day lifetime and are set by the destination platform's affiliate program infrastructure.
Preference cookies — store your display preferences (dark mode, locale) for return visits. You can disable these through your browser settings.
We do not set advertising cookies, third-party retargeting cookies, or behavioral profiling cookies. We do not participate in real-time bidding ad ecosystems.
A complete list of cookies currently set by chatbotscape.com is available in our cookie management dashboard (linked from the site footer).
Third-party services we use
We rely on the following third-party services to operate Chatbotscape. Each service processes some categories of personal data:
| Service | Purpose | Data shared | Data processing agreement |
|---|---|---|---|
| Vercel | Site hosting and content delivery | IP addresses, request logs | DPA in place |
| Analytics provider | Aggregate readership analytics | Anonymized visit data | DPA in place |
| Email delivery provider | Newsletter delivery, contact form responses | Email addresses, message content | DPA in place |
| Error monitoring service | Site error detection and resolution | Error context, partial request data | DPA in place |
| Affiliate program providers (varies by platform) | Affiliate-click attribution and commission tracking | Click events, conversion events | Per each program's terms |
| Ahrefs (read-only API consumer) | Brand search volume data | None — we are the data consumer, not the data subject | N/A |
All processors marked DPA-in-place have signed our standard data-processing agreement that imposes GDPR Article 28-equivalent obligations. We periodically re-verify processor compliance and update this table when the processor set changes.
How we use the data
We use the data we collect for these specific purposes:
- Responding to your inquiries — when you email us or submit a contact form, we use your email address and message content to respond. We retain this correspondence for as long as the inquiry remains active plus a reasonable archival period (typically 3 years).
- Site operation and reliability — server logs, error reports, and aggregate analytics are used to keep the site operational and to detect performance issues.
- Aggregate readership measurement — anonymized analytics data is used to understand which pages are read most, which referral sources drive traffic, and which content needs refresh prioritization. We do not use analytics data to profile individual visitors.
- Newsletter delivery (if you subscribe) — your email address is used to send the newsletter you subscribed to. You can unsubscribe at any time via the link in every newsletter.
- Affiliate attribution accounting — aggregate commission data is used to operate Chatbotscape's affiliate revenue infrastructure. We do not use affiliate data to profile or contact individual readers who clicked affiliate links.
- Legal compliance — where required by law (tax records, subpoena response, regulatory inquiry), we retain and disclose data as required by applicable law.
We do not sell your personal data to third parties. We do not share your personal data with third parties for their independent marketing purposes. We do not engage in cross-context behavioral advertising.
Lawful basis for processing (GDPR)
Where you are an EU/EEA/UK resident, our lawful basis for processing your personal data under GDPR Article 6 depends on the processing activity:
- Consent (Article 6(1)(a)) for analytics cookies (we obtain consent via the cookie banner), newsletter subscription, and any optional data collection
- Performance of a contract (Article 6(1)(b)) for responding to inquiries you initiate
- Legitimate interests (Article 6(1)(f)) for site operation, security, and aggregate readership measurement — our legitimate interest is operating a sustainable independent review publication, balanced against your privacy interests
- Legal obligation (Article 6(1)(c)) where required by tax, fraud-prevention, or regulatory compliance law
You can object to processing under legitimate interests at any time by contacting privacy@chatbotscape.com.
Your privacy rights
Depending on your jurisdiction, you have the following rights:
Right of access. Request a copy of the personal data we hold about you. Response within 30 days for GDPR, 45 days for CCPA, 15 days for LGPD.
Right of rectification / correction. Request that inaccurate personal data be corrected or completed.
Right of erasure ("right to be forgotten"). Request that we delete your personal data, subject to exceptions for legal compliance, fraud prevention, and legitimate-interest balancing tests.
Right to data portability. Request your personal data in a structured, machine-readable format.
Right to object. Object to processing based on legitimate interests, including direct marketing.
Right to restrict processing. Request that processing be paused while a dispute about data accuracy or legitimate interest is resolved.
Right to withdraw consent. Where processing is based on consent (analytics cookies, newsletter), you can withdraw consent at any time without affecting the lawfulness of prior processing.
Right to lodge a complaint with a supervisory authority. Where you are an EU/EEA/UK resident, you can complain to your national data protection authority. Where you are a California resident, you can complain to the California Privacy Protection Agency.
To exercise any of these rights, contact privacy@chatbotscape.com. We do not require account creation to exercise privacy rights; we will verify your identity through reasonable means proportionate to the request.
Data retention
| Data type | Retention period |
|---|---|
| Contact form / email correspondence | 3 years after last interaction, then anonymized or deleted |
| Newsletter subscriber email | Until unsubscribe; subscription log retained 3 years after unsubscribe |
| Server access logs | 90 days, then aggregated |
| Analytics data | 26 months for individual session data, indefinite for aggregate statistics |
| Affiliate attribution data | Per the relevant affiliate program's retention policy (typically 90-180 days for click attribution) |
| Audit request correspondence | 5 years (longer if subject to ongoing legal or regulatory matter) |
International data transfers
Chatbotscape operates servers in the United States. Where your personal data is transferred outside your jurisdiction (e.g., from EU to US for analytics processing), we rely on:
- Standard Contractual Clauses (SCCs) for transfers to processors outside the EU/EEA
- Adequacy decisions where the European Commission has issued an adequacy decision for the destination jurisdiction
- Your explicit consent where neither of the above applies
Specific transfer mechanisms used by each processor are documented in our processor inventory.
Children's privacy
Chatbotscape is a B2B review publication for adult SMB owners and operators. We do not knowingly collect personal data from children under 16 (or the applicable minimum age under your jurisdiction's privacy law). If you believe we have inadvertently collected data from a minor, contact privacy@chatbotscape.com and we will delete the data promptly.
Security
We use industry-standard security practices to protect personal data: encrypted connections (TLS 1.3), encrypted-at-rest storage, access controls limiting data access to editorial team members on a need-to-know basis, regular security audits, and incident response procedures. Where a personal data breach occurs that poses risk to your rights, we will notify you and the relevant supervisory authority within the timeframes required by applicable law (72 hours under GDPR).
Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our processing activities, applicable law, or processor relationships. Material changes will be announced in the version history below; minor changes (clarifications, typo fixes) will be made without separate announcement. The "Last updated" date at the top of this page reflects the most recent change.
Contact
For privacy inquiries:
- Email: privacy@chatbotscape.com
- Supervisory authority (EU/EEA residents): You have the right to lodge a complaint with your national data protection authority. A list of EU supervisory authorities is available at edpb.europa.eu.
- California residents: You may contact the California Privacy Protection Agency.
Version history
- 26 May 2026 — Initial version published.
Related pages
- Terms of Service — usage terms
- Affiliate Disclosure — commercial relationship transparency
- Editorial Policy — editorial standards
- About Chatbotscape — site overview