Who we are
Solviro is operated by BPS Designs Limited, registered in England and Wales under company number 05360014. Our registered office is shown at the end of this policy.
We are the controller for personal data used to run our website, sales, subscriptions, customer accounts, security and our own support operations.
For personal data placed in a customer’s chatbot conversations, knowledge or workspace, the Solviro customer will generally be the controller and we act as its processor. If your question concerns a chatbot on another company’s website, you should normally contact that company first.
Information we collect
Website and enquiry information
Our hosting and security providers may process technical request information such as IP address, device and browser details, requested pages, timestamps and security signals. The public Solviro website does not currently use advertising or non-essential analytics cookies.
The contact form opens your own email application and does not itself upload the fields to Solviro. If you send the resulting email, we receive your name, email address, company name, message and the usual email metadata.
Customer and account information
We process names, work email addresses, authentication identifiers, account roles, sign-in timestamps, company details, billing contacts, company and VAT numbers, subscription status, permitted domains, assistant settings and support history.
Knowledge and chatbot information
Solviro processes approved website URLs and page content, crawl and approval records, exclusions, embeddings and source references. Chat records can include a random session identifier, page URL, message text, generated answer, source pages, feedback, timestamps and technical usage information such as latency and token counts.
Billing information
Stripe collects payment-card, billing, address and tax information. We receive and store identifiers and status information needed to administer the subscription, but we do not receive or store full payment-card numbers.
How and why we use information
| Purpose | Typical lawful basis |
|---|---|
| Responding to enquiries and discussing setup | Steps towards a contract and our legitimate interest in responding |
| Creating accounts and delivering Solviro | Contract and our legitimate interest in administering business users |
| Subscriptions, invoices, VAT and accounting | Contract and legal obligation |
| Customer chatbot content and conversations | The customer determines the lawful basis; we generally act as processor |
| Service security, fraud prevention and fault diagnosis | Our legitimate interests in protecting the service, customers and users |
| Meeting legal requirements and handling claims | Legal obligation and legitimate interests |
How AI processing works
When a visitor asks a question, Solviro searches the relevant approved knowledge and sends the question, relevant extracts and necessary instructions to OpenAI’s API to generate a response. Approved knowledge is also processed to create numerical embeddings used for search.
Customers should avoid asking visitors to provide unnecessary personal or sensitive information. Solviro does not use chatbot answers to make decisions that produce legal or similarly significant effects about individuals.
Who receives information
We use specialist service providers including:
- Cloudflare for website, API, security and global delivery;
- Neon for hosted PostgreSQL database and vector storage;
- Google Firebase for account authentication;
- OpenAI for language-model and embedding processing; and
- Stripe for subscriptions, payments, tax calculation and billing.
Information is also available to the relevant customer’s authorised account users and may be shared with professional advisers, insurers, auditors, regulators, courts, law enforcement or a buyer of our business where reasonably necessary and lawful.
We do not sell personal data.
International transfers
Some service providers may process information outside the United Kingdom. Where UK personal data is transferred internationally, we use a lawful mechanism such as UK adequacy regulations, the UK International Data Transfer Agreement, the UK Addendum to approved standard contractual clauses, or another safeguard permitted by law.
You can ask us for more information about relevant safeguards. We may redact confidential commercial information from copies we provide.
How long we keep information
We keep personal data only for as long as reasonably necessary for the purpose for which it was collected, including service delivery, security, accounting, dispute handling and legal obligations.
- Chat conversations are normally retained for 90 days. A customer arrangement or platform setting may use a different period between 30 and 730 days.
- Account and configuration data is generally kept while the service is active and for a limited period afterwards to close the account and handle queries.
- Knowledge content is kept while required to operate the customer’s assistant and is deleted or anonymised after the service ends, subject to backup cycles.
- Enquiry and support correspondence is kept for as long as needed to respond and maintain an appropriate business record.
- Transaction and tax records are normally kept for six years or longer where the law requires.
Backups and security records may remain for a short additional period before being overwritten or deleted securely.
Cookies and browser storage
The public marketing website does not currently set advertising or non-essential analytics cookies. Cloudflare may use strictly necessary technologies for security, traffic management and reliable delivery.
The customer dashboard uses Firebase technology that is necessary to sign users in and maintain an authenticated session. The chatbot uses session storage to keep a random conversation identifier in the visitor’s browser so that messages remain in the same conversation. That identifier does not contain the visitor’s name or email address and normally ends with the browser tab’s session.
If we introduce non-essential analytics, advertising or similar technologies, we will update this policy and use an appropriate consent mechanism where required.
How we protect information
We use proportionate technical and organisational measures including managed identity, access controls, tenant separation, encrypted connections, protected production credentials, domain checks, rate limiting, logging, backups and approval controls. No online system can be guaranteed completely secure, but we review and improve safeguards as the service develops.
Your data-protection rights
Depending on the circumstances, you may have rights to request access, rectification, erasure, restriction, portability and information about how your personal data is used. Where processing is based on consent, you may withdraw it at any time without affecting earlier lawful processing.
You may object to processing based on legitimate interests. You have an absolute right to object to personal data being used for direct marketing.
Rights are not always absolute and an exemption may apply. We may need to verify your identity. If Solviro processes the data for one of our customers, we may refer the request to that customer or assist them in responding.
Children
Solviro is a business service and is not directed at children. We do not knowingly create accounts for anyone under 18. Customers whose own websites are intended for children must tell us before using the chatbot and must meet the additional legal requirements that apply to children’s data.
Changes to this policy
We may update this policy when the service, providers or law changes. We will publish the updated version here and change the effective date. We will give customers additional notice where a change is material and it is reasonable to do so.
Contact and complaints
Contact us if you have a privacy question, want to exercise a right or wish to complain about our use of personal data:
BPS Designs Limited2A Swordfish Business Park, Swordfish Close
Higgins Lane, Burscough, Lancashire
United Kingdom, L40 8JW
Company number: 05360014
Email: support@bpsdesigns.co.uk
You may also complain to the Information Commissioner’s Office. Visit theICO complaints page for current contact details and guidance. We would appreciate the opportunity to address your concern first.