Privacy
This page explains what Support Microbot stores, which third-party services process data, and what controls exist around site ownership and widget access.
Support Microbot stores the account email and name used to sign in, the sites you create, the documents or URLs you ingest for those sites, and conversation transcripts generated through the widget. Billing metadata such as plan, Stripe customer ID, subscription ID, and usage counters are also stored so the service can enforce limits and manage subscriptions.
Uploaded files and fetched URLs are processed into searchable chunks so the widget can retrieve relevant context and answer questions. That indexed content is scoped to the site you selected when ingesting it. It is not shared across different customer sites.
When a visitor uses the widget, the question is sent to the answer API for the configured site. The service searches that site's indexed content, generates a response, and stores the question and answer in the dashboard transcript history for the site owner to review.
Support Microbot relies on Supabase for database storage, OpenAI for answer generation and embeddings, Google OAuth for login, and Stripe for billing. Those providers process the minimum data required to deliver their part of the service.
Each site can define an allowed origin for answer requests. Authenticated dashboard actions that modify sites, documents, or transcripts are restricted to the signed-in owner of that site. Billing limits are enforced at the customer account level.
Site owners can delete indexed documents from the dashboard, which also removes their stored chunks. Conversation transcripts remain until removed from the database. If you need account-level deletion, contact the operator of the service so customer records, billing references, and site data can be removed.
Support Microbot is designed to restrict access by authenticated ownership checks and per-site origin rules, but you should not upload secrets or regulated data unless you have separately validated that the deployment meets your requirements. The product is intended for documentation and support content, not sensitive record storage.
If you need a data export, deletion request, or clarification about how your content is processed, use the contact page for this service. It should point to the support inbox that handles account and privacy requests.