RAGSellRAGSell
Get started for free

Privacy Policy

Last updated: June 16, 2026

This Privacy Policy explains what data RAGSell ("we", "us") collects and how we use it. It covers both account holders (website owners) and end visitors who interact with the RAGSell widget on a customer's website. We collect only first-party data needed to run the service.

1. What We Collect

Account holders:

  • Account data: name, email, hashed password, and authentication metadata (login IP and user agent for security).
  • Site configuration: the website URL you connect, branding settings, and knowledge-base content crawled from your site.
  • Usage data: conversation counts, message counts, and (where voice is enabled) voice seconds, for billing and analytics.

End visitors (collected on the customer's website via the widget):

  • A randomly generated visitor identifier stored in the browser, used to remember a conversation across page views.
  • Page views: the page URL and referrer, used for an "active now" indicator and aggregate analytics.
  • Chat transcripts and any contact details a visitor voluntarily provides (name, phone, email) to request a callback or message.

2. What We Do Not Collect

We do not use third-party advertising or cross-site tracking cookies, and we do not sell personal data. The widget is designed for pre-sale and support interactions; visitors are asked not to share sensitive personal information.

3. How We Use Data

  • To operate the widget: answer visitor questions from your knowledge base and capture leads.
  • To authenticate account holders and secure accounts.
  • To enforce plan limits and bill usage.
  • To improve reliability and diagnose issues.

4. Cookies and Local Storage

We use a small number of strictly necessary and functional cookies and browser storage items. Full details are in our Cookie Policy.

5. Third-Party Processors

We share data with infrastructure providers strictly to deliver the service: AWS Bedrock (language models), OpenAI (text embeddings), MongoDB Atlas (storage), and — where voice is enabled — Deepgram, Cartesia, and LiveKit. These providers process data on our behalf under their own security and privacy commitments.

6. Data Retention

We retain account and conversation data for as long as your account is active and for a reasonable period afterward, unless you request deletion sooner. Authentication sessions expire automatically.

7. Security

Passwords are hashed with argon2id. Dashboard sessions use HttpOnly cookies with CSRF protection. We follow reasonable technical and organizational measures to protect data, though no method of transmission or storage is perfectly secure.

8. Your Rights

You may request access to, correction of, or deletion of your personal data by emailing ragsell.ai@gmail.com. End visitors should contact the website owner who operates the widget, or us, to exercise these rights.

9. International Transfers

Our providers may process data in regions outside your country. By using the service you consent to such transfers, subject to appropriate safeguards.

10. Children

The service is not directed to children under 16, and we do not knowingly collect their personal data.

11. Changes to This Policy

We may update this Policy. The "Last updated" date reflects the latest version. Material changes will be communicated where practicable.

12. Contact

Privacy questions? Email ragsell.ai@gmail.com.