Effective Date: application release date
Chata (hereinafter referred to as"The application") by its operator (hereinafter referred to as"We""We") to develop and provide services. We are fully aware of the importance of personal information to you and adhere strictly to the international data protection principles of legality, fairness, transparency, purpose limitation, data minimization and integrity confidentiality, is committed to protecting your personal information security and privacy rights. This policy specifies how we collect, use, store, and protect your personal information and the rights you enjoy.
1. General
1.1 scope of Policy Application
1.1.1 this policy applies to all users (hereinafter referred to as"You") who access, download, install or use this application and related services worldwide, covers all of your data processing activities while using the application.
1.1.2 this policy applies only to services provided by this application. If you use third-party services (e.g. third-party cloud storage, payment services, etc.) through this application, the privacy policy for third-party services will apply separately, we do not assume any liability for the privacy of third party services.
1.2 policy update mechanism
1.2.1 we have the right to update this policy from time to time in accordance with changes in international data protection regulations (e.g. EU GDPR, US CCPA/CPRA, etc.) , business operations adjustments or technological upgrades.
1.2.2 the updated policy will be posted on the official website (chataapp.com ) .
1.2.3 if you continue to use the app after the policy update, you will be deemed to fully understand and accept the revised terms and conditions in their entirety. If you do not accept, you shall immediately cease to use the app and related services.
2. The scope and methods of collecting personal information
2.1 account registration and login information
2.1.1 if you choose to register an account to use the application's personalization services (e.g. conversation history synchronization, custom preferences, etc.) , provide an email address as your account ID and a password to log in. We only collect the above information necessary for account creation and identity verification, and do not require additional personal information.
2.1.2. If you log in quickly through a third-party account (such as Google or Apple) , we will obtain basic information such as unique identifiers, nicknames, and avatars from your account with the authorization of a third party, this acquisition behavior follows the privacy policy and licensing agreement of the third-party platform, and we only use it for Identity Association and service synchronization.
2.2 information collected during service usage
2.2.1 conversation data: to provide interactive AI services, we will collect the text, voice, images and uploaded documents that you enter when using the application, this includes your conversations with the AI, instructions, and generated results. This type of data is only used (anonymized) to respond to your needs in real time, to optimize the service experience, and to iterate over the model.
2.2.2 equipment and technical information: to ensure the stability and security of services, we automatically collect your device model, operating system version, network type, IP address, unique device identifier (such as UUID) , and application usage logs (such as feature access logs, error logs) . This kind of data is non-identifying technical data, not directly related to personal identity.
2.2.3 permissions related information: if you use voice interaction, image recognition, or document upload, you need to authorize this application to obtain device microphone, camera, or storage permissions, we only temporarily access the relevant data when you use the corresponding function, and do not retain information beyond the requirements of the service.
2.3 collection principles
2.3.1 all information is collected in accordance with the principle of 'necessary minimization' . Only such information as is necessary for the purpose of the service is collected, and no personal information is collected that is not relevant to the service without reasonable excuse.
2.3.2 for sensitive personal information (e.g. race, religion, health information, etc.) , we will only collect such information with your express and separate consent in circumstances that are legally necessary and with additional encryption protection.
3. Purpose and manner of use of personal information
3.1 provision of core services
3.1.1 based on the conversation data you provide, implement core services such as AI interaction, Content Generation, translation and interpretation, and Q & A to ensure accuracy and consistency of responses.
3.1.2 use your account information and conversation history to enhance your experience with value-added services such as syncing your conversation history and personalizing your preferences (such as memorizing common languages) .
3.2 service optimization and Security
3.2.1 analysis of anonymized, aggregated usage data and technical data to optimize AI model accuracy, interface logic, functional responsiveness, and service stability.
3.2.2 use equipment and technical information to detect abnormal logins, prevent malicious attacks, identify and repair system failures, and ensure account security and the normal operation of services.
3.3 compliance and notification purposes
3.3.1 through your registered e-mail address, the necessary service notifications are sent to you, such as account security alerts, policy updates, etc. . You can unsubscribe from non-necessary notifications by setting up your account.
3.3.2 all use of information is strictly limited to the purposes of this policy statement and is not intended to be used beyond its intended purpose without your express consent, nor is it the sole basis for the use of personal information for automated decision-making.
4. Storage and protection of personal information
4.1 storage specifications
4.1.1 all user data is stored in cloud servers that comply with international security standards and are located in accordance with data localization and cross-border transmission compliance requirements, using AES-256 encryption technology to ensure the security of data transmission and storage.
4.1.2 the data storage period follows the"Minimum necessary" principle: account information is retained for the duration of your account, service data such as conversation history is retained until 90 days after you delete it or cancel your account (unless laws and regulations require an extension) ; equipment and technical information is retained for only 30 days.
4.1.3 when data expires beyond its retention period or service purpose, we will ensure that the data is no longer personally identifiable through permanent deletion, anonymisation or de-identification.
4.2 safety precautions
4.2.1 establish a multi-layer security protection system, including technical and management measures such as encrypted data storage, hierarchical control of access rights, real-time intrusion detection, and regular security audits, protection against data leakage, tampering or loss.
4.2.2 severely restrict data access by authorizing access to user information only to essential personnel within their functions, who are required to sign strict confidentiality agreements and receive data protection training.
4.2.3 in the event of a security incident such as a data breach, we will notify the affected users and the relevant regulatory authorities (if applicable) within 72 hours and take remedial action to mitigate the risk.
5. Data Sharing, transfer and disclosure
5.1 data sharing rules
5.1.1 we will not sell, rent, or share your personal information with any third party without your express written consent.
5.1.2 when working with a third-party service provider (such as a cloud storage or security provider) , only anonymized or aggregated data necessary to implement the service is shared, and the third party is required to sign a data processing agreement, commitment to comply with equivalent data protection standards.
5.2 circumstances under which disclosure is permitted
5.2.1 information may be disclosed to the extent necessary to comply with applicable international laws and regulations, judicial decisions or administrative orders or in response to lawful inquiries by competent authorities.
5.2.2 to the extent reasonably necessary to protect your legitimate rights and interests, maintain the Order of your services, or respond to an emergency of public safety.
6. Cross-border data transmission
6.1 transmission principles
6.1.1 if your personal information is transferred to an offshore server for service purposes, we will ensure compliance with cross-border data transfer requirements in the target region (e.g. EU GDPR adequacy, standard contract terms, etc.) .
6.1.2 cross-border transmissions will be conducted with security safeguards such as encrypted transmissions and the signing of cross-border data processing agreements to ensure that the level of data protection is not lower than that of the place of origin.
6.2 transparency statement
6.2.1 the name of the recipient of the cross-border data transmission, its location, purpose of transmission and security measures can be described in detail on the official website or by contacting customer service.
7. Users' rights and ways of exercising them
7.1 scope of core rights
7.1.1 access and query rights: you can access your account information, conversation history, and data storage details at any time through the in-app"Personal center-data management" function.
7.1.2 right to correct and supplement: you can directly modify the account associated with the e-mail and other information in the application, if found that the information error, you can contact customer service to help correct.
7.1.3. Delete and logout rights: you can delete individual conversations or erase historical data; you can also request account logout through customer service, all personal information will be permanently deleted after logoff (except those required by laws and regulations) .
7.1.4. Revocation of permissions: you can revoke permissions for microphones, cameras, storage, etc. through the device system settings or the in-app permissions management page. The revocation only affects the use of the corresponding function, other services will not be affected.
7.1.5 right to data portability: you can request a copy of your personal information from customer service, which we will provide in a common format (such as CSV) to facilitate your transfer to another service provider.
7.2 mode of exercise of Rights
7.2.1 the above-mentioned rights may be exercised autonomously through in-application functions or by sending an email to the contact mailbox to submit a written application, which requires the provision of valid authentication information.
7.2.2 upon receipt of the application, we will complete the verification and feedback the results within 15 working days; complex cases can be extended to 30 working days, and you will be informed in advance of the extension.
8. Third-party service announcements
8.1 this application may contain links to third-party websites or services (e.g. social media sharing links, integration with third-party tools, etc.) that have independent privacy policies.
8.2 we are not responsible for the privacy practices, content or security of third parties. You are required to view and comply with the privacy policies of third party services when accessing them at your own risk.
9. Protection of Minors
9.1 this application does not provide services for minors under 18 years of age and does not proactively collect personal information about minors. If minor information is found to have been collected by mistake, it will be immediately stopped and permanently deleted.
9.2 minors between the ages of 113 and 18 years using this application must be guided and expressly consented to by their guardians, who are responsible for authorizing their information and using it.
10. Contact Us
10.1 if you have questions about this policy, need to exercise your right to personal information, or report information security issues, you may contact us by:
10.1.1 contact: sahnur@dampaksogutma.com
10.1.2 official website: chataapp.com
10.2 we will give you a formal response within 15 working days of receiving your feedback to ensure that your complaint is properly addressed.