1. Information We Collect
We collect only what is necessary to provide the service.
Account & Beta Signup Data
When you join the beta or create an account, we collect your email address, name, and company name. This is used to provision your account and communicate with you about the service.
Usage Data
We collect information about how you interact with the Phenee dashboard — pages visited, features used, session duration, IP address, browser type, and device identifiers. This is used for product improvement and security monitoring.
Knowledge Base Content
When you upload documents, PDFs, help articles, or other content to Phenee, that content is stored and indexed to power your AI widget. You own this content and it is never shared across tenants or used to train our models.
2. How We Use Your Information
- Provision and maintain your Phenee account and widget
- Send transactional emails — account setup, billing, and service updates
- Respond to support requests and onboarding queries
- Analyze aggregate usage patterns to improve the product
- Detect and prevent abuse, fraud, and security incidents
- Comply with legal obligations
We do not sell your data. We do not use your data or your customers' data for advertising. We do not train AI models on your content.
3. Data Processed Through the Widget
When your customers interact with the Phenee widget embedded on your site, we process:
- Chat messages (questions asked and AI responses returned)
- Session identifiers (anonymous, randomly generated per session)
- Approximate geolocation (country-level only, derived from IP)
Phenee automatically redacts PII (email addresses, phone numbers, credit card numbers) from all chat messages before they are stored. As a business using Phenee, you are the data controller for your customers' data. We act as a data processor under your instructions.
4. Third-Party Services
We use the following third-party infrastructure providers. Each is bound by their own privacy policies and data processing agreements.
| Provider | Purpose |
|---|---|
| Anthropic / OpenAI / Google | LLM inference for AI responses |
| Qdrant | Vector database for semantic search |
| Redis | Session and cache storage |
| PostgreSQL | Persistent account and configuration data |
| Resend | Transactional email delivery |
LLM providers receive only the relevant query and retrieved context — they do not receive your full knowledge base or account data. We use provider APIs under zero-data-retention agreements where available.
5. Data Security
We implement security controls appropriate for a production SaaS service:
- Strict tenant data isolation — your data is never co-mingled with another customer's
- Automatic PII redaction from all stored chat messages
- Encryption in transit (TLS 1.2+) and at rest
- Role-based access controls on all internal systems
- SOC 2 Type II compliance in progress; GDPR-aligned data handling
No method of transmission over the internet is 100% secure. We work to protect your data but cannot guarantee absolute security.
6. Data Retention
Account data is retained for the duration of your subscription plus 30 days after cancellation, during which you may export your data. After 30 days, your account, knowledge base, and chat history are permanently deleted.
Chat session data stored in Redis is capped at 100 messages per session and automatically expires. Analytics data is retained in aggregate for up to 24 months.
7. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Right to access — request a copy of the data we hold about you
- Right to rectification — correct inaccurate or incomplete data
- Right to erasure — request deletion of your personal data
- Right to data portability — receive your data in a machine-readable format
- Right to object — object to processing based on our legitimate interests
- Right to restrict processing — ask us to limit how we use your data
To exercise any of these rights, email us at privacy@phenee.com. We will respond within 30 days.
9. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email at least 14 days before the changes take effect. Continued use of the service after that date constitutes acceptance of the updated policy. The effective date at the top of this page will always reflect the latest version.
10. Contact Us
For privacy inquiries, data requests, or to report a concern: