LinoChat

Privacy Policy

Last updated: March 25, 2026

1. Introduction

LinoChat ("we," "our," or "us") operates the LinoChat platform (linochat.com), an AI-powered customer support solution. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our website, platform, APIs, and embedded chat widget (collectively, the "Service").

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Full name (first and last name)
  • Email address
  • Password (stored securely using bcrypt hashing)
  • Company name and website URL
  • Optional: phone number, location, bio, avatar

2.2 Google OAuth Data

If you sign in with Google, we request the following OAuth scopes:

  • openid — to verify your identity
  • profile — to access your name and profile picture
  • email — to access your email address

From these scopes, we receive and store:

  • Google account ID (used solely to link your account)
  • Full name (used to populate your profile)
  • Email address (used as your account email)
  • Profile picture URL (used as your avatar)

How we use Google data: Google user data is used exclusively for authenticating your identity and creating or linking your LinoChat account. We do not access your Google contacts, calendar, drive, files, or any other Google services.

How we store Google data: Your Google account ID and profile picture URL are stored in our encrypted database alongside your account record. This data is protected by the same security measures described in Section 5.

How we delete Google data: When you delete your LinoChat account, your Google account ID, profile picture URL, and all associated account data are permanently deleted from our systems immediately. Backup copies are purged within 30 days.

Google API Services User Data Policy: LinoChat's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Limited Use disclosure: LinoChat's access to Google user data is limited to the practices explicitly disclosed in this privacy policy. Specifically, Google user data received by LinoChat is:

  • Used only for providing and improving user-facing features (authentication, profile display)
  • Not transferred to third parties, except as necessary to provide the Service or as required by law
  • Not used for serving advertisements, retargeting, or interest-based advertising
  • Not used for creating, training, or improving machine learning or AI models outside of personalized user features
  • Not sold to data brokers, information resellers, or any other third party
  • Not used to determine creditworthiness or for lending purposes

If you revoke LinoChat's access through your Google Account permissions, your LinoChat account will remain functional using email/password authentication, but your Google-linked sign-in will be disabled.

2.3 Customer/Visitor Data (Chat Widget)

When end-users interact with the LinoChat widget embedded on our customers' websites, we collect:

  • Chat messages and conversation content
  • Name, email, and phone number (if voluntarily provided during conversation)
  • Browser type and device type
  • Current page URL and referrer URL
  • A unique visitor identifier (anonymized, stored in browser localStorage)

2.4 Support Ticket Data

When support tickets are created (manually or via AI), we collect: customer name, email, phone number, ticket subject, description, and any replies.

2.5 Usage and Log Data

We automatically collect:

  • IP address (for security and rate limiting)
  • User agent (browser/device information)
  • Activity logs (actions performed within the platform)
  • Failed login attempts (email, IP, timestamp — for security)

2.6 Cookies and Session Data

We use session cookies for authentication. Our cookies are:

  • HttpOnly: Not accessible by JavaScript
  • Secure: Only sent over HTTPS
  • SameSite: Lax: Protected against CSRF attacks

We do not use third-party tracking cookies. We do not use Google Analytics or any third-party analytics service.

3. How We Use Your Information

We use the collected information to:

  • Provide, operate, and maintain the Service
  • Authenticate users and manage accounts
  • Process and respond to customer support conversations
  • Generate AI-powered responses to customer inquiries
  • Send transactional emails (password resets, ticket notifications, invitations)
  • Monitor and improve platform security
  • Comply with legal obligations

We do not use your data for advertising, sell your data to third parties, or use it for purposes unrelated to the Service.

4. Third-Party Services

We share data with the following third-party services only as necessary to operate the platform:

ServicePurposeData Shared
OpenAIAI-powered chat responsesChat message content (no PII identifiers)
Google OAuthUser authenticationEmail, name, profile picture (from Google)
ResendTransactional email deliveryRecipient email, email content
PusherReal-time WebSocket messagingChat events, typing indicators
Expo PushMobile push notificationsDevice tokens, notification content

Optional integrations (configured by account owners): Frubix — if enabled, conversation data and customer contact information may be forwarded to the Frubix platform for appointment scheduling and lead management.

5. Data Security

  • Passwords are hashed using bcrypt (never stored in plaintext)
  • All data transmitted over HTTPS/TLS encryption
  • API authentication via Sanctum tokens with expiration
  • Rate limiting on sensitive endpoints (login, password reset)
  • Account lockout after 5 failed login attempts
  • Company data isolation — each company's data is completely separated
  • WebSocket channels are authenticated and scoped per user/project

6. Data Retention and Deletion

We retain your data for as long as your account is active or as needed to provide the Service.

6.1 Account Deletion

You can delete your account at any time through your account settings in the LinoChat dashboard, or by contacting us at privacy@linochat.com. Upon account deletion, the following data is permanently removed:

  • Account profile data (name, email, phone, avatar, Google account ID)
  • All projects, chat conversations, and ticket data
  • Knowledge base articles and training documents
  • Notification preferences and device tokens
  • Authentication tokens and session data (revoked immediately)

6.2 Google-Specific Data Deletion

When you delete your account, all data received from Google APIs is deleted immediately, including your Google account ID and profile picture URL. No Google user data is retained after account deletion, except in encrypted backups which are purged within 30 days.

6.3 Retained Data

Certain data may be retained after account deletion for the following limited purposes:

  • Encrypted backups: Purged automatically within 30 days
  • Anonymized activity logs: Retained for security auditing (no PII)
  • Legal compliance: If required by law, specific records may be retained for the legally required period

7. Your Rights

You have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Update or correct your information via your account settings
  • Deletion: Delete your account and all associated data through the dashboard or by email
  • Portability: Request an export of your data in a standard format
  • Objection: Object to specific processing of your data
  • Restriction: Request restriction of processing under certain conditions
  • Revoke consent: Revoke Google OAuth access at any time via Google Account permissions

To exercise any of these rights, contact us at privacy@linochat.com. We respond to all requests within 30 days.

8. Children's Privacy

The Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children. If we discover that we have collected data from a child, we will promptly delete it.

9. International Data Transfers

Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place for international data transfers in compliance with applicable data protection laws.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at: