Privacy Policy

Last updated: October 24, 2025

1. Introduction

At ChatStack, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, full name, password (encrypted)
  • Subscription Information: Billing details, payment method (processed by Stripe)
  • Content: Documents, chatbot configurations, messages, and custom settings
  • Communications: Support requests, feedback, and email preferences

2.2 Automatically Collected Information

  • Usage Data: Pages visited, features used, time spent on platform
  • Device Information: Browser type, operating system, IP address
  • Cookies: Session cookies for authentication and preferences
  • Analytics: Usage patterns, error logs, performance metrics

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Process your documents and generate AI responses
  • Manage your account and subscription
  • Send transactional emails (welcome, payment confirmations, limit notifications)
  • Send marketing emails (if you opt-in)
  • Respond to support requests
  • Monitor and analyze usage patterns
  • Detect and prevent fraud and abuse
  • Comply with legal obligations

4. Data Processing and AI

4.1 Document Processing

When you upload documents to ChatStack:

  • Documents are stored securely in our database and object storage (MinIO/S3)
  • Text is extracted and split into chunks for processing
  • Embeddings are generated using OpenAI's API (your content is sent to OpenAI)
  • Embeddings are stored in our vector database for semantic search

4.2 Third-Party AI Services

We use OpenAI's API for:

  • Generating text embeddings from your documents
  • Generating chatbot responses to user queries

OpenAI's data usage policy applies to content processed through their API. As of our last update, OpenAI does not use API data to train their models. See OpenAI's privacy policy for details.

5. Information Sharing and Disclosure

5.1 Third-Party Service Providers

We share information with:

  • OpenAI: Document content and queries for AI processing
  • Stripe: Payment information for subscription processing
  • Resend: Email addresses for transactional and marketing emails
  • Cloud Providers: AWS, DigitalOcean, etc. for hosting

5.2 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights, safety, or property.

5.3 Business Transfers

If ChatStack is involved in a merger, acquisition, or sale, your information may be transferred to the new entity.

6. Data Security

We implement industry-standard security measures:

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest for sensitive data
  • Password hashing with bcrypt
  • Regular security audits and updates
  • Access controls and authentication
  • Database backups and disaster recovery

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. You may request deletion of your account and data at any time.

  • Account Data: Retained while account is active
  • Documents: Deleted when you delete them or your account
  • Backups: Retained for 30 days
  • Logs: Retained for 90 days

8. Your Rights and Choices

8.1 Access and Correction

You can access and update your account information through your dashboard settings.

8.2 Data Deletion

You can delete your documents, chatbots, or entire account at any time. Contact support for assistance with data deletion.

8.3 Email Preferences

You can manage your email preferences in your account settings. You can opt out of marketing emails but will still receive transactional emails (account notifications, security alerts).

8.4 Cookie Preferences

You can disable cookies in your browser settings, but this may affect functionality.

8.5 GDPR Rights (EU Users)

If you are in the European Union, you have additional rights:

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing

9. Children's Privacy

ChatStack is not intended for users under 18 years old. We do not knowingly collect information from children. If you believe we have collected information from a child, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through the Service. The "Last updated" date at the top indicates when changes were made.

12. Contact Us

If you have questions about this Privacy Policy or want to exercise your rights, please contact us:

  • Email: privacy@chatstack.com
  • Support: support@chatstack.com
  • Website: https://chatstack.com/support

By using ChatStack, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your information as described.