Privacy, in plain language.
Effective July 12, 2026. This policy explains how Site Pet handles account, site, and visitor data.
Who this policy covers
Site Pet provides tools to Framer site owners. We act as a service provider for visitor questions processed on an owner's behalf, while the site owner decides why Site Pet is used and is responsible for its own visitor notice and lawful basis. We separately manage account, security, billing, and support data for the Site Pet service.
Data we process
Account and authentication details; Framer project and published-site configuration; public page content selected for indexing; PII-redacted visitor questions and assistant answers; citations, token and cost usage; action outcomes; and behavior events that exclude message bodies and direct visitor identifiers.
Why we use it
We use this data to authenticate owners, install and operate the Widget, index approved pages, generate grounded answers, execute owner-approved actions, enforce plan limits, prevent abuse, provide billing and support, and improve reliability using body-free aggregate metrics.
Redaction and AI processing
Email addresses, phone-like values and payment-card-like numbers are masked before visitor text is sent to the model or stored. Published page content is treated as untrusted data and cannot define system instructions or actions. MiniMax processes redacted questions and relevant excerpts from public pages to generate answers. Do not submit secrets, payment details, health records, or other sensitive information to the Widget.
Retention
Free keeps redacted conversation records for 30 days. Pro keeps them for 90 days and aggregated, body-free metrics for 13 months. Authentication codes, configuration sessions and exports expire automatically; exports are deleted after 24 hours.
Service providers
We use infrastructure, AI, authentication, email, and billing providers only to operate the service. The current list, purpose, and processing notes are maintained on the Subprocessors page. Creem acts as Merchant of Record for paid purchases and applies its own customer privacy terms at checkout.
Security and transfers
We use origin-bound keys, short-lived sessions, tenant-filtered retrieval, signed webhooks, access controls, encryption in transit, and restricted production secrets. Providers may process data outside a visitor's country, including the current MiniMax service region. Site owners should disclose this before enabling the Widget where local law requires it.
Your choices and rights
Site owners can request a private JSON export and delete a site in Settings. Deletion revokes its public key immediately and queues D1, Vectorize and R2 removal within 24 hours. Visitors should first contact the site owner about that owner's use of Site Pet. For a Site Pet account request, email support@palbots.ai. We may need to verify the requester before acting.
Children and changes
Site Pet is not directed to children under 16, and owners must not knowingly use it to collect children's data. We will post material policy changes here with a new effective date and provide additional notice when required.