Privacy guide

Does the chatbot save your data? Is it used to train AI?

What chatbot privacy means in India: saved chats, support data, AI training, purpose limits and user consent.

The simple answer

Chatbots feel casual, so people type things they would not put in a form: complaints, medical details, travel problems, payment issues and private context.

The privacy question is whether the chat is only used to answer you, or also saved, analyzed, shared, used for product improvement or used to train AI systems.

What to check

1
Check whether chats are stored.

If this is unclear, treat it as a signal to ask the company for a plain-English explanation.

2
Look for AI training or machine learning language.

If this is unclear, treat it as a signal to ask the company for a plain-English explanation.

3
Avoid putting secrets in chat windows.

If this is unclear, treat it as a signal to ask the company for a plain-English explanation.

4
Ask whether support vendors process the conversation.

If this is unclear, treat it as a signal to ask the company for a plain-English explanation.

From our investigation

A chat is still personal data.

Our investigation treats chatbot data as important because it can contain unstructured, high-context personal information. Companies should explain what happens after the chat ends.

What to do next

1
Do not paste IDs, OTPs, passwords or sensitive documents into chatbots.

Keep it practical: take one action, save proof, and avoid giving more data than the task needs.

2
Ask for deletion if the chat included personal details.

Keep it practical: take one action, save proof, and avoid giving more data than the task needs.

3
Prefer human support for sensitive issues.

Keep it practical: take one action, save proof, and avoid giving more data than the task needs.

People also ask

Does every chatbot train AI?

No. Some only route support. Others may use conversations for model improvement or analytics. The policy should say clearly.

Can chatbot conversations be personal data?

Yes. If the chat includes identifiable details, it can be personal data.

What should companies disclose?

They should disclose storage, vendors, training use, retention and deletion options.

If you are a company
Check your own website.

How many trackers run on your pages? Does your privacy policy name them? Can you answer a data-rights email? If you don't know, we can help you find out.

Talk to Meridian Bridge Strategy →
Your right under Indian law
Mera data mera hai.

Your personal data belongs to you. Under DPDP, every company must tell you what they have and delete it if you ask. One email is all it takes.

Get the template email →
Read the full investigation.

We investigated 107 Indian company websites. The public report shows what we found.

Read the reportTry the experience