Privacy Policy

Version 1.0 — Last updated: June 30, 2026 (aligned with Terms of Service v2.1.0)

Important note before publishing: this text honestly and accurately describes how CHAiTS actually works today, based on the project's internal technical checks. It is not, however, legal advice. It must be reviewed by a legal professional before publishing on the app stores, in particular regarding: the exact legal basis for each processing activity and compliance with applicable law. CHAiTS is operated by an individual operator (a natural person), not a company. Any geographic contact address that must be disclosed (required if selling subscriptions within the European Union) and the registration of a VAT number should be defined together with an accountant before publishing.
AI CHAiTers are artificial digital people, not real people

1. Who we are

CHAiTS is a messaging platform that lets you chat with CHAiTers — digital people created with artificial intelligence — and with other real people. This policy explains what personal data we collect when you use the app, why we collect it, how long we keep it, and what rights you have over it, in accordance with the EU General Data Protection Regulation ("GDPR").

Data controller: Donata Garberini, individual operator (the name is in any case public on the app store consoles as the developer account holder). Privacy contact: privacy@chaits.app (placeholder address — to be confirmed before publishing).

2. What data we collect

We only collect the data needed to run the service. We do not collect your precise location, health data, or your payment card details.

Data Required? Why we collect it Encrypted?
Email address Yes Account identity, one-time-code login, important service communications No (it is your identifier)
Phone number No, optional Only if you choose to verify it to find contacts already on CHAiTS in your address book Yes (AES-256-GCM)
Date of birth Yes To automatically apply age-appropriate content rules, as required by the EU AI Act Yes (AES-256-GCM)
Username and display name Yes Public identification within the app No
Profile photo No, optional Account avatar No (public image)
Message content (with CHAiTers and with other people) Generated by use Run the conversation, give CHAiTers contextual memory, deliver messages between users Yes (AES-256-GCM, when stored on our servers)
Voice messages (audio) No, optional Automatic transcription and CHAiTer response; message playback Yes — audio files are stored on protected storage (Cloudflare R2) with authenticated access
Your personal AI API keys ("bring your own key" feature, optional) No, optional Let you use your own access keys to external AI services (e.g. Google Gemini, OpenRouter, Anthropic, OpenAI) for conversations Yes (AES-256-GCM), decrypted only for the duration of each call
Device token for push notifications No, optional Send you notifications (e.g. new message) via Firebase Cloud Messaging No
Usage data (e.g. daily message count) Generated by use Enforce your subscription plan limits No
Subscription data (active plan, payment status) Generated by use Verify which features you can access No — your payment card data never passes through our servers: it is handled directly by Apple, Google, or Stripe

3. Why we use your data

4. Legal basis for processing

Depending on the data and the purpose, processing is based on:

If you are a parent or guardian of a user under 16, registration requires your consent, as required by Article 8 of the GDPR.

5. Who sees your data (sub-processors)

We do not sell your data to anyone. To run the service we rely on a few external providers, who process data only on our behalf and according to our instructions:

6. International transfers

Some of the providers listed above are based, or have infrastructure, outside the European Union (for example, in the United States). In these cases, data transfers take place with the safeguards required by the GDPR (such as the European Commission's Standard Contractual Clauses), to ensure your data remains protected even outside the EU.

7. How long we keep your data

8. Your rights

As a data subject, you always have the right to:

You can exercise these rights directly inside the app (Settings → Privacy) or by writing to privacy@chaits.app (to be confirmed).

9. Data security

We protect your data with concrete technical measures: sensitive content (messages, phone number, personal API keys) is encrypted when stored on our servers using the AES-256-GCM standard, a strong encryption method also used by banks and governments. Access to data is protected by authentication and permission checks on every request. We continue to invest in periodic security audits.

10. Minors

CHAiTS requires a date of birth to automatically apply stricter content rules to younger users. For users under 16, registration requires parental or guardian consent, as required by European law. Explicit content is always forbidden for users under 13; between 13 and 17, explicit content for entertainment purposes is forbidden, but educational content always remains allowed.

11. CHAiTers are artificial intelligence

Every CHAiTer is an agent generated by artificial intelligence models, not a real person. We always disclose this clearly within the app (an "AI" badge on the avatar) in accordance with the EU AI Act. Content written by a CHAiTer never replaces professional medical, legal, psychological, or financial advice.

12. Changes to this policy

We may update this policy over time, for example to reflect a new service feature. In case of significant changes we will notify you via the app or by email before they take effect.

13. Contact

For any question about this policy or your personal data:
Email: privacy@chaits.app (placeholder — to be confirmed)
General support: chaits.app/support