Privacy Policy

Last updated: 22 March 2026

1. Who We Are

CrawlRoo ("we", "us") is an Australian SaaS platform that provides AI-powered website chatbot services. We are committed to protecting your privacy in accordance with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs).

2. What Data We Collect

  • Account data: Email address and authentication credentials (managed by Supabase).
  • Website content: Publicly available text from URLs you submit for crawling.
  • Chat logs: Questions asked by your website visitors and AI-generated answers. Personal information in chat messages is automatically redacted before storage.
  • Usage data: Bot usage counts, plan tier, and billing information.

3. How We Use Your Data

  • To provide and improve our chatbot service.
  • To generate AI responses using your website content (retrieval-augmented generation).
  • To bill your account and track plan usage.
  • To detect and prevent security incidents.

We do not use your data to train or fine-tune AI models.

4. Data Storage and Security

  • All data is stored in Australian data centres (AWS ap-southeast-2, Sydney).
  • Chat messages containing detected PII are automatically redacted.
  • Sensitive fields are encrypted at rest using AES-256 (Fernet) encryption.
  • All API communications use TLS 1.2+.

5. Data Retention

  • General chat logs: retained for 90 days, then automatically deleted.
  • Service request records: retained for up to 7 years (regulatory requirement).
  • Audit logs: retained indefinitely for security compliance.

6. Your Rights (APP 12 & APP 13)

You have the right to:

  • Access: Export all your data at any time from your account settings.
  • Correction: Update your account information at any time.
  • Deletion: Delete all your data, including bots, chat logs, and subscription records, from your account settings.

7. Cookies

We use only essential cookies for authentication and session management. Our embeddable chat widget uses localStorage (not cookies) to remember user preferences. We do not use tracking or advertising cookies.

8. Third-Party Services

  • Supabase: Authentication and database hosting.
  • AWS Bedrock (Sydney): AI model inference — data does not leave Australia.
  • Stripe: Payment processing (PCI DSS compliant).

9. Contact

For privacy enquiries or complaints, contact us at privacy@crawlroo.com.

If you are unsatisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).