Privacy Policy

Introduction

Welcome to ChatDropAI ("we," "our," or "us"). We are committed to protecting your privacy and handling your personal data transparently. This Privacy Policy explains how we collect, use, store, and share your information when you use our services.

By using ChatDropAI, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

Information We Collect

1. Information You Provide to Us

• Account Information: When you create an account, we collect your name, email address, and password (stored in hashed form).
• Payment Information: Payment details (credit card information) are processed securely by Stripe. We do not store your full payment card details on our servers.
• Content Data: Documents you upload, chatbot configurations, conversations, questions, and AI-generated responses.
• Communications: When you contact us for support or feedback, we collect the information you provide in those communications.

2. Information We Collect Automatically

• Usage Data: Information about how you use our services, including features accessed, time spent, and interaction patterns.
• Device Information: Device type, operating system, browser type, IP address, and unique device identifiers.
• Log Data: Server logs that include IP addresses, access times, pages viewed, and referring URLs.
• Cookies and Similar Technologies: We use cookies and similar tracking technologies to authenticate users, remember preferences, and analyze usage patterns.

How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To provide, maintain, and improve our chatbot services, including processing your documents and generating AI responses.
• Account Management: To create and manage your account, authenticate your identity, and provide customer support.
• Payment Processing: To process transactions and send you related information such as purchase confirmations and invoices.
• Communications: To send you technical notices, updates, security alerts, and support messages. With your consent, we may also send promotional communications.
• Security and Fraud Prevention: To detect, prevent, and address technical issues, fraudulent activity, and security threats.
• Analytics and Improvement: To understand how users interact with our services and improve functionality, performance, and user experience.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:

• Contractual Necessity: Processing is necessary to perform our contract with you (i.e., providing our chatbot services as outlined in our Terms of Service).
• Consent: You have given explicit consent for specific processing activities, such as receiving marketing communications.
• Legitimate Interests: Processing is necessary for our legitimate business interests, such as improving our services, ensuring security, and preventing fraud, provided these interests do not override your rights.
• Legal Obligation: Processing is necessary to comply with our legal obligations.

How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

Third-Party Service Providers

We work with trusted third-party service providers who process data on our behalf. All providers are contractually obligated to protect your data and comply with applicable privacy laws.

• OpenAI: Processes chatbot queries and generates AI responses. OpenAI does not use your data to train their models.
• Anthropic (Claude): Provides AI processing capabilities. Anthropic does not train on data submitted via their API.
• Stripe: Processes payments and manages billing. Payment card information is handled directly by Stripe and not stored on our servers.
• Clerk: Manages authentication and user accounts, including secure storage of login credentials and profile information.
• Neon: Provides serverless PostgreSQL database hosting. Neon stores your account data, uploaded documents, and chatbot information with encryption at rest and in transit. Neon is GDPR-compliant and acts as a subprocessor.

Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and choices you may have.

Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas, or government regulations).

Protection of Rights

We may disclose information when we believe it is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a government request.

Data Security

We implement industry-standard security measures to protect your personal information:

• Encryption in Transit: All data transmitted between your device and our servers is encrypted using HTTPS/TLS protocols.
• Encryption at Rest: Your data is encrypted at rest using AES-256 encryption.
• Access Controls: We restrict access to personal information to authorized personnel who need it to perform their job functions.
• Regular Security Audits: We regularly review and update our security practices to address emerging threats.

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

Data Retention

We retain your personal information only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

• Active Accounts: We retain your data while your account is active and you continue to use our services.
• Account Deletion: If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal, regulatory, or security purposes.
• Backup Copies: Deleted data may persist in backup copies for up to 90 days before being permanently removed.

Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

For All Users

• Access: Request access to the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete information.
• Deletion: Request deletion of your personal information.
• Opt-out: Opt-out of marketing communications at any time.

Additional Rights for EEA, UK, and Swiss Users (GDPR)

• Data Portability: Request a copy of your data in a structured, commonly used, and machine-readable format.
• Restriction of Processing: Request restriction of processing under certain circumstances.
• Object to Processing: Object to processing based on legitimate interests or direct marketing.
• Withdraw Consent: Withdraw consent at any time where processing is based on consent.
• Lodge a Complaint: File a complaint with your local data protection authority (find your authority at EDPB Member List).

Additional Rights for California Users (CCPA)

• Know: Request information about the categories and specific pieces of personal information we have collected.
• Deletion: Request deletion of personal information we have collected.
• Opt-Out: Opt-out of the "sale" of personal information (note: we do not sell personal information).
• Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your privacy rights.

To exercise any of these rights, please contact us at ezrawork20@gmail.com. We will respond to your request within 30 days.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States, where our service providers operate. These countries may have data protection laws that differ from those in your country.

For data transfers from the EEA, UK, or Switzerland to countries that do not provide an adequate level of data protection, we implement appropriate safeguards, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where applicable
• Other appropriate safeguards as required by GDPR Article 46

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience, analyze usage, and deliver personalized content.

Types of Cookies We Use

• Essential Cookies: Required for authentication, security, and basic functionality. These cannot be disabled.
• Performance Cookies: Help us understand how visitors interact with our services by collecting anonymous information.
• Functional Cookies: Remember your preferences and choices to provide enhanced features.

Managing Cookies

You can control cookies through your browser settings. However, disabling certain cookies may affect the functionality of our services. For more information, visit www.allaboutcookies.org.

Children's Privacy

Our services are not intended for children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will delete such information.

Automated Decision-Making and Profiling

We do not use your personal data for automated decision-making or profiling that produces legal effects or similarly significantly affects you. Our AI services are used solely to generate chatbot responses based on your input and do not make decisions about you.

Third-Party Links

Our services may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Posting the updated policy on this page with a new "Last Updated" date
• Sending you an email notification (if you have provided your email address)
• Displaying a prominent notice on our website

Your continued use of our services after any changes indicates your acceptance of the updated policy.

Data Controller Information

The data controller responsible for your personal information is:

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to your inquiry within 30 days of receipt.