A.I. Chatbot for your Website

GDPR Ready

NinjaiBot Privacy Policy (AI Chatbot)

This Privacy Policy explains how NinjaiBot (“Chatbot”, “we”, “us”, or “our”) collects, uses, and protects the personal data of users (“Users”) in compliance with the EU General Data Protection Regulation (GDPR), the UK GDPR, and the California Consumer Privacy Act (CCPA/CPRA).

By using the Chatbot, you agree to this Policy.

1. Who We Are and Scope

This Privacy Policy applies to the AI chatbot service provided by NinjaiBot, developed and operated by:

Data Controller (for demo and direct use):
AlgeniaLab Srl – Via Cavour 2, 22074 Lomazzo (CO), Italy – info@algenialab.com

When NinjaiBot is embedded on a client’s website or app, the Client acts as the Data Controller, and AlgeniaLab Srl (NinjaiBot) acts as Data Processor under Article 28 GDPR.

This policy covers all chatbot interactions, APIs, and connected channels (such as websites, WhatsApp, or other integrated messaging tools).

2. Categories of Personal Data

NinjaiBot may process the following categories of data:

Conversation Data: Messages and inputs sent by users through the Chatbot interface.

Technical and Usage Data: IP address, device type, browser information, timestamps, and session logs (used for diagnostics, security, and performance).

Cookies and Tracking Technologies: Only essential cookies required for the operation of the Chatbot. Non-essential cookies are used only with user consent.

Contact Information (optional): Name, email, or phone number — collected only when voluntarily provided (e.g. via forms or follow-up requests).

Sensitive Data: The Chatbot does not request or intentionally process special categories of personal data (Article 9 GDPR). Users are advised not to share such data.

3. Purpose and Legal Basis for Processing

The collected data is utilized to:

PurposeData CategoriesLegal Basis (Art. 6 GDPR)
Providing the chatbot service and responding to messagesConversation, technical dataContract performance (6.1.b)
Service maintenance, quality assurance, securityLogs, technical dataLegitimate interest (6.1.f)
Handling contact or support requestsContact data, conversation dataContract performance or pre-contractual measures (6.1.b)
Sending newsletters or marketing communicationsContact dataConsent (6.1.a)
Compliance with legal obligationsRelevant dataLegal obligation (6.1.c)

AI Training and Fine-tuning:
NinjaiBot does not use customer or user conversation data to train public AI models. Any optional model fine-tuning is opt-in only, based on a written agreement or explicit consent.

4. Data Retention

Personal data are kept only for the time strictly necessary to fulfill the purposes outlined above:

5. Data Sharing and Sub-Processors

We share personal data only where necessary, under data processing agreements ensuring confidentiality and security.

Recipients may include:

All sub-processors are bound by Data Processing Agreements (DPAs) compliant with Article 28 GDPR and, where applicable, Standard Contractual Clauses (SCCs) for international data transfers.

6. International Data Transfers

When data are transferred outside the European Economic Area (EEA), appropriate safeguards are applied:

Whenever possible, data are stored and processed within the EU.

7. Security Measures

NinjaiBot implements state-of-the-art security measures to protect personal data, including:

No online system is 100% secure, but continuous improvements are in place.

8. Cookies and Similar Technologies

The Chatbot uses only strictly necessary cookies to operate.
Any non-essential cookies (analytics, marketing) are disabled by default and activated only with explicit user consent, which can be withdrawn at any time through cookie settings.

9. Children’s Privacy

Our services are not intended for children under 14 (Italy’s minimum age for digital consent).
If we become aware of data collected from minors without parental consent, it will be erased immediately.

10. Automated Decision-Making

NinjaiBot does not perform automated decision-making that produces legal or similarly significant effects.
AI responses aim solely to assist or inform users and do not constitute profiling under Article 22 GDPR.

11. Your GDPR Rights

Under the GDPR, you may:

To exercise these rights, email privacy@ninjaibot.com or info@algenialab.com.
You can also contact your local Data Protection Authority — in Italy, the Garante per la Protezione dei Dati Personali (www.garanteprivacy.it).

12. California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

Your rights include:

You can submit a verified consumer request by emailing privacy@ninjaibot.com.
If necessary, we will verify your identity before acting on your request.

We may collect the following categories of information under the CCPA definitions:

We retain data only as long as necessary for the purposes described above and in accordance with applicable law.

13. Data Controller and Contact

AlgeniaLab Srl
Via Cavour 2, 22074 Lomazzo (CO), Italy
Email: info@algenialab.com
Privacy inquiries: privacy@ninjaibot.com

If a Data Protection Officer (DPO) is appointed, contact details will be published here.

14. Policy Updates

We may modify this Privacy Policy from time to time.
Updates will be posted on this page with a revised “Last updated” date.
For significant changes, we will notify users via the Chatbot or email (where applicable).

15. For Business Clients (B2B Integration)

When a client embeds NinjaiBot on their own website or app:

Compliance Standards:


Last Updated: 2025-10-10