Privacy Policy – Chitty AI Live Chat WordPress Plugin

1 Overview

The Chitty – AI Live Chat plugin ("Plugin", "Chitty", "we", "us") is a WordPress plugin developed by Mubashir Hassan. When installed on a WordPress website, it displays a chat widget to website visitors. This Privacy Policy applies to data collected through that widget and the plugin's admin functionality.

This policy is intended to help WordPress site owners (the "Site Owner") comply with their privacy obligations — including GDPR, CCPA, and WordPress.org Guideline #7 — when using the Chitty plugin on their websites.

ℹ️ Important Distinction

Chitty operates as a data processor on behalf of the Site Owner (data controller). The Site Owner is responsible for maintaining their own Privacy Policy and obtaining appropriate consent from their website visitors.

2 Data We Collect

The Chitty plugin may collect the following types of data from website visitors:

2.1 Voluntarily Provided Data (Lead Capture Form)

When a visitor submits the pre-chat lead form, the following information is collected:

Field	Type	Required	Purpose
Full Name	Text	Optional	Personalise chat greeting and follow-up
Email Address	Email	Optional	Lead identification, email notifications, drip emails
Phone / WhatsApp Number	Text	Optional	WhatsApp outreach, lead contact
Marketing Consent	Boolean (checkbox)	Optional	Permission to send follow-up emails

2.2 Automatically Collected Data

Data	How Collected	Can Be Disabled
IP Address	Server-side on chat API request	✅ Yes — IP anonymization setting
Chat messages (visitor)	Stored per session in WordPress database	✅ Yes — admin can delete sessions
Chat messages (AI bot)	Stored per session in WordPress database	✅ Yes — admin can delete sessions
Session key (SK)	Cookie set in visitor's browser	⚠️ Required for chat to function
Session timestamp	Recorded when chat session starts	✅ Deleted with session
Language detected	Detected from visitor's message content	✅ Deleted with session
Visitor page journey	Pages visited tracked in sessionStorage	✅ Cleared on session end/restart
Thumbs up/down ratings	Stored per session message in database	✅ Deleted with session

2.3 WooCommerce Data (if WooCommerce is active)

Data	Source	Purpose
Order ID	WooCommerce order	Match completed order to chat session
Order total (revenue)	WooCommerce order	Revenue tracking dashboard
Customer email / phone / name	WooCommerce order	Match order to existing chat lead

✅ What Chitty Does NOT Collect

Chitty does not collect payment information, credit card details, passwords, government IDs, biometric data, or any sensitive personal data categories under GDPR Article 9.

3 How Data Is Used

Data collected by the Chitty plugin is used exclusively for the following purposes:

Providing the AI chat service — visitor messages are sent to the selected AI provider (Anthropic, OpenAI, OpenRouter, or NVIDIA NIM) to generate a response
Lead management — storing visitor contact info in the WordPress database for the Site Owner to view and follow up
Personalisation — recognising returning visitors by name using browser localStorage (SK-bound)
Email notifications — notifying the Site Owner when a new lead is captured (if enabled)
Drip email sequences — sending Day 1, Day 3, and Day 7 follow-up emails to leads who have provided marketing consent
Revenue tracking — matching WooCommerce orders to chat sessions to measure conversion attribution
AI quality improvement — thumbs up/down ratings used to identify high-quality conversations for the auto-learn feature (optional)
Real-time web search — visitor messages may trigger a web search query via the configured search engine API (Serper, Brave, or SerpAPI)

⚠️ Legal Basis for Processing (GDPR)

The Site Owner is responsible for establishing the correct legal basis for processing visitor data. Common bases include: Legitimate Interest (chat support), Consent (lead capture form, marketing emails), and Contract performance (WooCommerce order matching).

4 Data Storage

All visitor data collected by Chitty is stored exclusively in the Site Owner's own WordPress database. Chitty does not operate external servers, does not upload data to Chitty/developer servers, and does not have access to the collected data.

4.1 Database Tables Created

Table	Contents	Retention
{prefix}_wpc_sessions	Session key, lead name, email, phone, IP, language, consent, timestamps, conversion status	Until admin deletes or plugin uninstalled
{prefix}_wpc_chat	Individual chat messages (sender, content, timestamp) linked to session	Until session deleted
{prefix}_wpc_ratings	Thumbs up/down ratings per message	Until session deleted
{prefix}_wpc_drip	Drip email queue (session_id, email, lead_name, send date, sent status)	Until drip sequence completes or session deleted

4.2 WordPress Options Table

Plugin settings (API keys, Knowledge Base content, appearance settings) are stored in the WordPress wp_options table. API keys are stored server-side only and are never exposed to the visitor's browser or included in front-end JavaScript.

5 Cookies & Local Storage

5.1 Cookies Set by Chitty

Cookie Name	Purpose	Duration	Type
wpc_sk	Unique session key to identify and persist the visitor's chat session	Configurable (default 30 days)	Functional / Required

5.2 Browser localStorage

Key	Contents	Purpose	Cleared When
wpc_visitor_data	JSON: {name, sk, ts}	Remember returning visitor's name for personalised greeting	User clicks "Restart chat" or clears browser data
wpc_lead_state	JSON: lead form completion state	Prevent showing lead form again to same visitor	User clicks "Restart chat" or clears browser data

5.3 Browser sessionStorage

Key	Contents	Purpose	Cleared When
wpc_chat_state	Chat messages, UI state	Restore chat on page reload within same tab	Tab closed
wpc_journey	Array of page titles visited	Visitor journey tracking for AI context	Tab closed
wpc_exit	Boolean flag	Prevent exit intent from firing more than once per session	Tab closed
wpc_tdis	Boolean flag	Prevent timed discount from firing more than once per session	Tab closed

ℹ️ Cookie Consent Recommendation

Site Owners operating in the EU/EEA should include the wpc_sk cookie in their cookie consent banner. The wpc_sk cookie is functionally required for the chat widget to operate.

6 Third-Party Services

Chitty integrates with optional third-party services. No third-party service is contacted without explicit configuration by the Site Owner. Each service is only used when the Site Owner provides an API key and enables the feature.

🔍 Serper.dev

serper.dev/privacy

Real-time Google search API. When enabled, visitor messages containing search trigger keywords are sent as a search query. No visitor PII is included in search queries.

Optional

🦁 Brave Search API

search.brave.com/help/privacy

Alternative real-time search API. Same usage as Serper — only search query text is transmitted. No visitor PII included.

Optional

🔎 SerpAPI

serpapi.com/privacy

Premium search API. Only search query text transmitted. No visitor PII included.

Optional

📧 WordPress SMTP / wp_mail

WordPress core email function

Used to send lead notification emails and drip email sequences to lead email addresses. Uses whatever SMTP plugin or host mail server the Site Owner has configured.

Optional (if email features enabled)

7 AI Providers & Data Transmission

When a visitor sends a chat message, that message — along with contextual system prompt data (business knowledge base, conversation history) — is transmitted to the AI provider selected by the Site Owner. No AI provider is contacted without the Site Owner providing a valid API key.

🤖 Anthropic (Claude)

anthropic.com/privacy

Visitor chat messages and conversation history are sent to Anthropic's API to generate responses. Anthropic's data usage policies apply.

Required if Anthropic selected

💡 OpenAI (GPT-4)

openai.com/privacy

Visitor chat messages sent to OpenAI API. OpenAI's data usage and zero data retention policies apply based on your API tier.

Required if OpenAI selected

🌐 OpenRouter

openrouter.ai/privacy

Routes requests to various free and paid AI models. Chat messages transmitted through OpenRouter's API. Their privacy policy applies.

Required if OpenRouter selected

🟢 NVIDIA NIM

nvidia.com/privacy

NVIDIA's free AI inference API (Llama 4 Maverick, Nemotron). Chat messages transmitted to NVIDIA's API endpoints. NVIDIA's privacy policy applies.

Required if NVIDIA selected

⚠️ Site Owner Responsibility

By using any AI provider integration, the Site Owner agrees to that provider's Terms of Service and Privacy Policy. Site Owners should inform their visitors in their own Privacy Policy that chat messages are processed by an AI provider.

7.1 What Is Sent to AI Providers

The visitor's chat message(s) and conversation history (up to the configured history limit)
The system prompt (business knowledge base content configured by Site Owner)
Visitor journey pages (page titles visited, if journey tracking is enabled)
Optionally: a summarized version of earlier conversation (rolling summarization)

7.2 What Is NOT Sent to AI Providers

Visitor email addresses, phone numbers, or IP addresses
Lead form data (name/email/phone are captured separately, not injected into AI context)
WooCommerce order or payment data
WordPress admin credentials or API keys

8 Email Communications

8.1 Lead Notification Emails

When a visitor submits the lead capture form, an optional notification email is sent to the Site Owner's admin email address. This email contains the visitor's name, email, phone, and their last chat message.

8.2 Drip Email Sequences

If the Site Owner enables the drip email feature and the visitor has provided explicit marketing consent, the plugin sends automated follow-up emails on Day 1, Day 3, and Day 7 after lead capture.

Emails are only sent if marketing_consent = 1 AND unsubscribed = 0
Every drip email contains a one-click unsubscribe link
Emails include a List-Unsubscribe header per RFC 2369
Visitors can also unsubscribe by typing "unsubscribe", "stop", "opt out", or similar in the chat
The Site Owner can manually unsubscribe any lead from the WordPress admin Leads panel

8.3 Unsubscribe Mechanism

Each unsubscribe link contains a unique token (unsub_token) stored in the database. Clicking the link sets unsubscribed = 1 for that lead, permanently stopping all future drip emails.

9 WooCommerce Data Integration

If WooCommerce is active on the site, Chitty listens to woocommerce_order_status_completed and woocommerce_payment_complete hooks to automatically match completed orders to existing chat sessions.

Matching Logic

Plugin retrieves the customer's email, phone, and billing name from the completed order
Searches for a matching chat session (created within the last 24 hours) using email first, then phone, then name
If a match is found, the session record is updated: converted = 1, order_id, order_total
A duplicate guard prevents the same order from being recorded twice

ℹ️ No External Data Transfer

WooCommerce order data is accessed locally within WordPress and never transmitted to external servers. Revenue data is stored only in the Site Owner's WordPress database.

10 Data Retention

Data Type	Default Retention	How to Delete
Chat sessions & messages	Indefinite until manual deletion	Admin panel → Conversations → Delete session(s) or bulk delete
Lead records	Indefinite until manual deletion	Admin panel → Leads → Delete individual lead
Drip email queue	Cleared after Day 7 email sent	Automatic, or delete lead to clear queue
Visitor browser cookie (wpc_sk)	30 days (configurable)	Visitor clears browser cookies / Site Owner adjusts cookie_days setting
Visitor localStorage data	Indefinite until cleared	Visitor clears browser data or clicks "Restart Chat"
Plugin settings & API keys	Until plugin uninstalled	Deactivate + delete plugin from WordPress admin

Data Deletion on Uninstall

When the Chitty plugin is deleted (not just deactivated) from WordPress, all plugin database tables (wpc_sessions, wpc_chat, wpc_ratings, wpc_drip) and all plugin options are removed from the WordPress database.

11 User Rights (GDPR / Data Subject Rights)

Chitty is built to support GDPR data subject rights. The Site Owner is responsible for honouring these rights when requested by visitors.

👁️

Right of Access

Visitors can request a copy of their personal data. Chitty supports WordPress's built-in Personal Data Export tool (Tools → Export Personal Data).

🗑️

Right to Erasure

Visitors can request deletion of their data. Chitty supports WordPress's built-in Personal Data Erasure tool (Tools → Erase Personal Data).

✏️

Right to Rectification

Site Owner can manually edit lead records in the Admin → Leads panel to correct inaccurate personal data.

🚫

Right to Object / Opt-Out

Visitors can unsubscribe from marketing emails at any time via the one-click link in emails or by typing "stop" in chat.

📦

Right to Portability

Chat session data can be exported in machine-readable format via WordPress's Personal Data Export tool.

⏸️

Right to Restrict Processing

Site Owners can manually unsubscribe leads and stop drip sequences from the Admin → Leads panel at any time.

WordPress Privacy Tools Integration

Chitty fully integrates with WordPress's built-in privacy framework:

Personal Data Export — Chitty registers a data exporter that includes all chat sessions and messages associated with a given email address
Personal Data Erasure — Chitty registers a data eraser that deletes all sessions and messages associated with a given email address

12 Children's Privacy

The Chitty plugin is designed for use on business websites and is not directed at children under the age of 13 (or 16 in the EU). The plugin does not knowingly collect data from children.

Site Owners whose websites may be accessed by children are responsible for implementing appropriate age verification and obtaining parental consent where required by applicable law.

13 Security Measures

API keys stored server-side only — AI provider keys, search API keys are stored in WordPress options and never exposed in front-end JavaScript or HTML
Nonce verification — All AJAX and REST API requests are verified using WordPress nonces to prevent CSRF attacks
Input sanitization — All visitor inputs are sanitized using WordPress sanitization functions before storage
Prompt injection protection — The system prompt includes explicit instructions to prevent visitors from manipulating the AI through injection attacks
IP anonymization — Site Owners can enable IP anonymization to store only the first 3 octets of IPv4 addresses (e.g., 192.168.1.x)
Capability checks — All admin actions require manage_options capability; no frontend access to admin data
Prepared statements — All database queries use WordPress $wpdb->prepare() to prevent SQL injection
Unique unsubscribe tokens — Generated using wp_generate_password(32) for secure, unguessable unsubscribe links

⚠️ Site Owner Responsibility

The overall security of the WordPress installation (SSL/HTTPS, strong passwords, updated plugins) is the responsibility of the Site Owner. Chitty recommends always using HTTPS on sites where the chat widget is deployed.

14 Site Owner Responsibilities

As the WordPress site owner using the Chitty plugin, you are the data controller under GDPR. Your responsibilities include:

Maintaining your own Privacy Policy that discloses the use of the Chitty chat widget, AI processing, and data collection
Obtaining valid cookie consent from EU/EEA visitors before the chat widget sets the wpc_sk cookie
Ensuring legal basis for processing visitor data (consent, legitimate interest, etc.)
Informing visitors that their chat messages are processed by an external AI provider (Anthropic, OpenAI, etc.)
Honouring data subject access, erasure, and portability requests within the legally required timeframe (30 days under GDPR)
Configuring appropriate data retention periods and regularly cleaning up old chat sessions
Ensuring that email marketing (drip sequences) is only sent to visitors who have given explicit consent
Complying with CAN-SPAM, CASL, or other applicable email marketing laws in your jurisdiction

Recommended Privacy Policy Disclosure

We recommend including the following (or similar) language in your website's Privacy Policy:

📋 Suggested Disclosure Text

"Our website uses Chitty AI Live Chat, a WordPress plugin that provides AI-powered chat support. When you use our chat widget, your messages are processed by an AI provider ([Anthropic/OpenAI/etc.]) to generate responses. If you submit our contact form within the chat, we collect your name, email address, and phone number. This data is stored securely on our servers and may be used to follow up with you regarding your inquiry. You can request access to, correction of, or deletion of your data at any time by contacting us at [email]. For more information, see [AI Provider]'s Privacy Policy at [link]."

15 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in the plugin's functionality, legal requirements, or third-party service integrations. When we make significant changes, we will:

Update the "Last Updated" date at the top of this document
Include a changelog note in the plugin's WordPress.org readme.txt
Notify users via the WordPress admin notice system if the change is material

Continued use of the Chitty plugin after a policy update constitutes acceptance of the updated terms.

16 Contact & Data Requests

For questions about this Privacy Policy, data handling practices, or to submit a data access/erasure request regarding Chitty plugin development data, please contact:

Mubashir Hassan — Chitty Developer

Plugin developer and maintainer. For privacy inquiries related to the plugin itself (not site-specific data which is controlled by the Site Owner).

🌐 mubashirhassan.com 💬 WordPress.org Support 📦 Plugin Page

ℹ️ Site-Specific Data Requests

If you are a website visitor wishing to exercise your data rights (access, deletion, etc.) regarding data collected by a specific website using Chitty, you must contact that website's owner directly — not the plugin developer. The plugin developer does not have access to data collected by individual website installations.