Privacy Policy

Data Controller

Introduction

Chateta ("we," "our," or "us"), a product of Beyond Git, operates the website chateta.com and the Chateta application at app.chateta.com. This Privacy Policy describes how we collect, use, disclose, and protect information that applies to our AI-powered customer support platform, including the chat widget, team inbox, AI auto-reply, knowledge base, and WooCommerce integration.

By accessing or using our services, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our services.

Information We Collect

Personal Information

When you register for an account, subscribe to a plan, or interact with our services, we may collect the following personal information:

• Account information: Name, email address, company name, phone number, and billing address.
• Payment information: Credit card details, billing address, and transaction history. Payment processing is handled by third-party providers and we do not store full credit card numbers on our servers.
• Team member information: Names and email addresses of team members you invite to your Chateta workspace.
• Support interactions: Any information you provide when contacting our support team, including chat transcripts and email correspondence.

Usage Data

We automatically collect certain information when you use our services:

• Log data: IP address, browser type and version, operating system, referring URLs, pages visited, and timestamps.
• Device information: Device type, unique device identifiers, and screen resolution.
• Feature usage: Information about how you use the platform, such as chat volume, AI auto-reply usage, knowledge base interactions, and widget configuration changes.
• Performance data: Response times, error logs, and other diagnostic data to improve service reliability.

Customer Conversation Data

When your end-users interact with the Chateta widget on your website, we process conversation data on your behalf. This includes messages, visitor IP addresses, browser information, and any information the visitor voluntarily provides. You, as the account holder, are the data controller for this data, and we act as the data processor.

Cookies and Tracking Technologies

We use cookies and similar technologies to maintain your session, remember your preferences, and understand how our services are used. See the Cookie Policy section below for more details.

How We Use Your Information

We use the information we collect for the following purposes:

• Provide and maintain our services: To operate the Chateta platform, process your conversations, deliver AI auto-replies, and manage your knowledge base.
• Process transactions: To manage subscriptions, process payments, and send billing-related communications.
• Improve our services: To analyze usage patterns, diagnose technical issues, and develop new features.
• Train AI models: We may use aggregated and anonymized conversation data to improve our AI auto-reply capabilities. We will never use your identifiable conversation data to train models without your explicit consent.
• Communicate with you: To send service updates, security alerts, product announcements, and respond to support requests.
• Ensure security: To detect and prevent fraud, abuse, and unauthorized access to our platform.
• Comply with legal obligations: To meet applicable legal requirements, respond to lawful requests, and protect our rights.

Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

• Service providers: We work with third-party companies that help us operate our platform, including cloud hosting providers, payment processors, email delivery services, and analytics tools. These providers are contractually bound to protect your data.
• WooCommerce integration: When you enable our WooCommerce integration, we exchange necessary data with your WooCommerce store to provide order-related support features. We only access the data required for the integration to function.
• Legal requirements: We may disclose your information if required by law, subpoena, court order, or government request.
• Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change.
• With your consent: We may share information with third parties when you give us explicit permission to do so.

Third-Party AI Processing

Chateta's AI-powered features — including AI auto-replies and knowledge base search — rely on large language models (LLMs) provided by third-party AI companies. When you use these features, relevant content may be sent to these providers for processing.

Knowledge Base Data

Articles and content you add to your Chateta knowledge base are processed by external AI models to generate accurate, context-aware responses for your customers. The current AI providers we use include, but are not limited to:

• Anthropic — Provider of the Claude family of AI models (anthropic.com). Anthropic's Privacy Policy applies to data processed by their models.
• OpenAI — Provider of the GPT family of AI models (openai.com). OpenAI's Privacy Policy applies to data processed by their models.

We will notify users via email and an in-app announcement whenever we add a new AI model provider. Knowledge base content transmitted to these providers is used solely to generate responses and is subject to each provider's data processing agreements and usage policies. We do not authorize these providers to use your knowledge base content to train their general-purpose models.

Customer Conversation AI Processing

When AI auto-reply is enabled for a conversation, the customer's message and relevant context (such as matching knowledge base articles) may be sent to the AI providers listed above to generate a suggested reply. You remain in control of which conversations use AI auto-reply and can disable this feature at any time.

Data Security

We implement industry-standard security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using TLS 1.3. Sensitive credentials (API keys, authentication tokens, integration secrets) are encrypted at rest using AES-256-CBC.
• Role-based access controls and multi-factor authentication for internal systems.
• Regular security assessments and penetration testing.
• Automated monitoring and alerting for suspicious activity.
• Secure development practices including code reviews and vulnerability scanning.

While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to maintaining the highest practical standards.

Your Rights

Depending on your location, you may have certain rights regarding your personal information:

• Right to access: You can request a copy of the personal information we hold about you.
• Right to rectification: You can request that we correct any inaccurate or incomplete information.
• Right to deletion: You can request that we delete your personal information, subject to certain legal exceptions.
• Right to data portability: You can request a machine-readable copy of your data to transfer to another service.
• Right to restrict processing: You can request that we limit how we use your data in certain circumstances.
• Right to object: You can object to the processing of your personal data for direct marketing or other purposes.
• Right to withdraw consent: Where processing is based on consent, you can withdraw that consent at any time.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

Cookie Policy

Cookies are small text files stored on your device when you visit our website or use our application. We use the following types of cookies:

• Essential cookies: Required for the platform to function, including session management and authentication. These cannot be disabled.
• Analytics cookies: Help us understand how visitors interact with our website and application so we can improve the user experience. We use Google Analytics to collect anonymized usage data such as pages visited, session duration, traffic sources, and device information. Google Analytics may set cookies (such as _ga and _gid) to identify unique visitors. Data collected is processed by Google LLC and may be transferred to Google's servers in the United States. You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on or by adjusting your browser cookie settings.
• Preference cookies: Remember your settings and preferences, such as language and display options.
• Widget cookies: The Chateta chat widget uses cookies to maintain conversation state and identify returning visitors on your customers' websites.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of our services.

Children's Privacy

Chateta is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at [email protected].

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated policy on our website and updating the "Last updated" date. For significant changes, we may also send you a notification via email or through the Chateta application.

We encourage you to review this policy periodically to stay informed about how we protect your information.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. The following retention periods apply:

• Account data: Retained for the duration of your account plus 2 years after account closure, to allow for reactivation and to fulfil any outstanding obligations.
• Conversation data: Retained for 1 year after deletion or account closure, unless you request earlier erasure.
• Payment and billing records: Retained for 7 years after the transaction, as required by Dutch tax and accounting regulations.
• Analytics and usage data: Retained in aggregated or anonymized form for up to 26 months.
• Cookies: Session cookies expire when you close your browser. Persistent cookies (preferences, analytics) expire after a maximum of 12 months.

When data reaches the end of its retention period, it is securely deleted or anonymized. You may request earlier deletion of your personal data at any time by contacting us.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Legal entity: Beyond Git
• Address: Tjalk 19 35, 8232LN Lelystad, The Netherlands
• Email: [email protected]
• Data protection: [email protected]
• Website: chateta.com