Privacy Policy

Last updated: October 30, 2025

GDPR Compliant

1. Introduction

At ChatRAG, your privacy is important to us. This Privacy Policy explains how we collect, use, and safeguard your personal information when you use our AI chatbot platform in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

The data controller responsible for your personal data is:

ChatRAG

Email: guna@chatrag.co

3. Legal Basis for Processing

We process your data based on:

Consent: When you explicitly agree to data processing (e.g., cookies, marketing)
Contract Performance: To provide our services as per our agreement
Legal Obligation: To comply with applicable laws and regulations
Legitimate Interest: For service improvement and fraud prevention

4. Data We Collect

Personal Data

Information you provide directly, including:

Name and email address (for account registration)
Account credentials
Payment information (processed by third-party providers)
Content you upload (documents, files, URLs)

Usage Data

Automatically collected information, including:

IP address and device information
Browser type and version
Pages visited and time spent
Analytics and performance metrics
Cookies and similar tracking technologies

5. How We Use Your Data

To provide, maintain, and improve our services
To process your transactions and manage your account
To communicate updates, security alerts, and support
To analyze usage patterns and optimize performance
To detect and prevent fraud and security issues
To comply with legal obligations and enforce our terms

6. Data Sharing & Third Parties

We only share your data with trusted third-party service providers under strict confidentiality agreements and GDPR-compliant data processing agreements:

Cloud Infrastructure: For hosting and storage (encrypted)
Payment Processors: For secure payment handling
Analytics Services: For usage analytics (anonymized where possible)
Email Services: For transactional communications

We never sell your personal data to third parties.

7. Your GDPR Rights

Under GDPR, you have the following rights:

Right to Access

Request a copy of all personal data we hold about you

Right to Rectification

Correct any inaccurate or incomplete personal data

Right to Erasure ('Right to be Forgotten')

Request deletion of your personal data (subject to legal obligations)

Right to Restriction

Request limitation on how we process your data

Right to Data Portability

Receive your data in a structured, machine-readable format

Right to Object

Object to processing based on legitimate interests or direct marketing

Right to Withdraw Consent

Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at guna@chatrag.co. We will respond within 30 days.

8. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy or as required by law. When you delete your account, we will delete or anonymize your data within 30 days, except where we must retain it for legal compliance (e.g., tax records, fraud prevention).

9. Encryption & Security

We use advanced encryption techniques (AES-256) to safeguard your data. All uploaded files and sensitive content are encrypted at rest and in transit using TLS/SSL. Data is decrypted only when actively accessed by your AI agent or by you. This ensures strong confidentiality and integrity of your information.

10. Cookies & Tracking

We use cookies and similar technologies for analytics and to enhance user experience. You can manage your cookie preferences through our cookie banner or in your browser settings.

Cookie Categories:

Essential: Required for site functionality
Analytics: Help us understand usage patterns
Marketing: Used for targeted advertising (with consent)

11. Cross-Border Data Transfers

Your data may be stored and processed in servers outside your country. We ensure appropriate safeguards are in place through:

Standard Contractual Clauses (SCCs) approved by the EU Commission
Adequacy decisions for countries with adequate data protection
Binding Corporate Rules where applicable

12. Children's Privacy

Our services are not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately.

13. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR.

14. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you without human oversight.

15. Policy Updates

We may update this policy to reflect changes in legal or operational requirements. Significant changes will be communicated via email or platform notices at least 30 days before taking effect. Continued use of our services after updates constitutes acceptance.

16. Supervisory Authority

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with your local data protection supervisory authority. For EU residents, you can find your authority at edpb.europa.eu.

17. Contact Us

For any questions about this Privacy Policy or to exercise your GDPR rights, please contact us at guna@chatrag.co