How does the AI know about my business?

We read through your website automatically when you sign up. The AI uses that content to answer questions, so you don’t need to write or upload anything.

Will it give financial advice to visitors?

No. It only shares information that’s already on your website, and every response has a disclaimer making clear it’s not financial advice.

How does lead capture work?

When someone’s interested in your services, the AI asks for their name and email naturally during the conversation. You get the details and a summary by email straight away.

What websites does it work with?

Any website. WordPress, Squarespace, Wix, or custom-built. You add one line of code, same as you would for Google Analytics.

Can I customise the appearance?

Yes. You can change the colours and add custom AI instructions from your dashboard.

What happens when I reach my message limit?

The chat will pause until your next billing month. You’ll get an email when you’re close to the limit. No surprise charges.

Sub-processors

Last updated: 22 April 2026

Who we use to deliver the service

ChatIFA relies on the third-party services below to operate. Each one processes a specific, documented slice of data — we don't share customer or visitor data with any party outside this list without telling you first.

If we add or change a sub-processor, we'll update this page and notify customers at least 14 days before the change takes effect, unless the change is required urgently for security or legal reasons.

Anthropic, PBC

Purpose: Generates AI responses for visitor chat. Conversation messages and the site's system prompt are sent to the Anthropic API for inference.
Data processed: Visitor messages, assistant replies, system prompt (including crawled website content).
Location: United States
Transfer basis: UK International Data Transfer Agreement (IDTA) incorporated into Anthropic's standard terms, plus their UK GDPR addendum.
Privacy policy: https://www.anthropic.com/legal/privacy

OpenAI, Inc.

Purpose: Generates text embeddings of customer website content so the AI can find the most relevant pages to answer each visitor question.
Data processed: Public website content from the customer's site (crawled pages only).
Location: United States
Transfer basis: OpenAI's published UK GDPR addendum with UK IDTA/SCCs for international transfers.
Privacy policy: https://openai.com/policies/row-privacy-policy

Stripe, Inc. (Stripe Payments UK Ltd)

Purpose: Billing and subscription management for customer accounts.
Data processed: Customer billing email, subscription plan, payment metadata. Card details are entered directly into Stripe and never touch ChatIFA's servers.
Location: United Kingdom (Stripe Payments UK Ltd), with US parent processing.
Transfer basis: Stripe's published UK DPA with Standard Contractual Clauses for transfers.
Privacy policy: https://stripe.com/gb/privacy

Brevo (Sendinblue SAS)

Purpose: Transactional emails — sign-in magic links, lead-notification emails to customers, trial-limit notifications.
Data processed: Customer's email address, the recipient's email address, email content.
Location: European Union (France).
Transfer basis: UK adequacy regulations for the EEA cover transfers to France.
Privacy policy: https://www.brevo.com/legal/privacypolicy/

Chroma (self-hosted)

Purpose: Vector database storing embeddings of customer website content. Runs on the same infrastructure as the rest of ChatIFA — not a third-party service.
Data processed: Vector representations of customer website content.
Location: European Union (same VPS as the API).
Transfer basis: UK→EU transfer covered by UK adequacy regulations for the EEA.
Privacy policy: https://www.trychroma.com/

Hetzner Online GmbH

Purpose: Hosts the ChatIFA API, database, and vector store.
Data processed: All ChatIFA data at rest — customer accounts, crawled content, visitor conversations, leads.
Location: European Union (Germany).
Transfer basis: UK→EU transfer covered by UK adequacy regulations for the EEA.
Privacy policy: https://www.hetzner.com/legal/privacy-policy/

Plausible-compatible analytics (self-hosted)

Purpose: Privacy-friendly pageview analytics for the marketing site at chatifa.co.uk. Cookieless, does not track individual visitors.
Data processed: Aggregated pageview counts. No individual identifiers.
Location: European Union (self-hosted on the same Hetzner infrastructure).
Transfer basis: UK→EU transfer covered by UK adequacy regulations for the EEA.
Privacy policy: https://plausible.io/privacy-focused-web-analytics

Questions or objections

If you have concerns about any sub-processor listed above — for example if your firm's compliance policy prohibits a specific provider — contact us at hello@chatifa.co.uk and we'll discuss options. See also our Privacy Policy and Cookie Policy.