Privacy Policy

1. Information We Collect

We collect the following categories of information:

2. Controller and Processor Roles

Setmate is used by Business Customers to collect and manage information about End‑Users (such as leads, conversations, and bookings). Depending on the dataset, Setmate may act as a controller or a processor:

• Business Customer account data: We typically act as a controller for account administration, billing, and security (e.g., login details and subscription state).
• End‑User data collected through the widget/forms: The Business Customer is typically the controller, and Setmate acts as a processor on the Business Customer's instructions.
• Security and abuse prevention: We may process limited data as an independent controller where necessary to protect the Services.

If you are an End‑User interacting with a Setmate widget, please contact the relevant business directly to exercise your rights. We will assist Business Customers where required.

3. How We Use Information

We use collected information to:

• Provide, operate, and improve our Services.
• Schedule appointments, process payments, and manage leads.
• Provide AI-assisted features (for example, generating chat responses or summarising training materials you submit).
• Send service updates, account notifications, and support communications.
• Protect the Services (security monitoring, fraud prevention, abuse detection).
• Comply with legal and regulatory obligations.

4. Sharing and Disclosure

We do not sell personal information. We may share information as follows:

• Service Providers / Subprocessors: providers that help us run the Services (for example, hosting and infrastructure providers such as Vercel, email delivery providers such as Resend, payment processing via Stripe, calendar/booking providers such as Google and Calendly, CRM/accounting integrations such as HubSpot and Xero, and AI providers such as OpenAI for AI features).
• Business Customers: when you interact with the Setmate widget on a business's website, your information is shared with that business.
• Legal Compliance: if required by law, regulation, or court order.
• Business Transfers: in connection with a merger, acquisition, or sale of assets.

5. International Data Transfers

Setmate is operated by Nextset Technologies L.L.C-FZ (U.A.E.). We and our service providers may process and store information in countries other than where you live. Where required, we use safeguards designed to protect personal information for cross-border transfers.

6. Data Retention & Deletion

• Purpose-based retention: We retain personal information only as long as necessary to provide the Services and for the purposes described in this policy. Retention periods vary by dataset and purpose.
• Account deletion ≠ immediate erasure: If you request account deletion, we will disable access to your account and will delete or de-identify personal information where feasible. However, we may retain a minimal subset of records where required to comply with legal obligations (for example, tax/accounting) or for legitimate purposes such as fraud prevention, security, and dispute handling.
• Invoices & financial records: We do not hard-delete invoices where legal retention may apply. Instead, we may remove or replace customer identifiers on invoices while preserving invoice numbering, totals, tax fields, currency, and payment reconciliation identifiers.
• End‑User data controls: Business Customers can export and delete/anonymise leads, conversations, and appointments from Setmate without deleting the entire account. End‑User data is typically retained until the Business Customer deletes it, subject to applicable legal carve-outs.
• Third‑party retention: Third-party providers (such as Stripe, Google, Calendly, HubSpot, Xero, Resend, and OpenAI) retain data under their own policies and obligations. Disconnecting an integration stops future access/sync, but provider-side records may remain until you delete them in that provider.
• Backups and logs: Some data may remain in backups or platform logs for limited periods. We aim to minimise personal information in logs and retain logs only as long as needed for security and operations.
• Browser storage: If you use the Setmate chat widget, it may store a limited recent chat history in your browser’s local storage to preserve conversation state. You can clear this at any time using your browser settings.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access and request a copy of your personal data.
• Request correction, deletion, or restriction of processing.
• Object to processing for marketing purposes.
• Port your data to another provider.
• Withdraw consent at any time (without affecting prior processing).

If you are an End‑User interacting with a Business Customer's widget, please contact that business directly. Business Customers can contact us for assistance.

To exercise rights, contact us at support@setmate.io

8. Security

We use appropriate technical and organisational measures to protect data, including access controls, encryption in transit (HTTPS/TLS), and other safeguards. However, no system is completely secure, and we cannot guarantee absolute security.

9. Children's Privacy

Our Services are not directed to children under 16. We do not knowingly collect data from minors.

10. Changes to this Policy

We may update this Privacy Policy from time to time. Updates will be posted on our website with the "Last Updated" date revised accordingly.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, contact us at: