Privacy Policy

Welcome to ChatSnippet. We are committed to protecting your personal data and respecting your privacy in accordance with the General Data Protection Regulation (GDPR) and the Brazilian General Data Protection Law (LGPD - Law No. 13.709/2018). This Privacy Policy describes how we collect, use, store, and protect your personal information when you use our services.

For the purposes of this Privacy Policy, the following definitions apply:

• Personal Data: Information related to an identified or identifiable natural person.
• Sensitive Personal Data: Data concerning racial or ethnic origin, religious belief, political opinion, health, sexual life, genetic or biometric data.
• Data Controller: The natural or legal person, public or private, who makes decisions regarding the processing of personal data (ChatSnippet Inc.).
• Data Operator: The natural or legal person who processes personal data on behalf of the controller.
• Data Subject (Titular): The natural person to whom the personal data refers.
• Data Protection Officer (DPO/Encarregado): The person appointed to act as a communication channel between the controller, data subjects, and the National Data Protection Authority (ANPD).
• Processing: Any operation performed with personal data, including collection, storage, use, sharing, and deletion.

The data controller responsible for your personal data is:

• Company: ChatSnippet Inc.
• Email: privacy@chatsnippet.com
• Contact: support@chatsnippet.com

Our Data Protection Officer is responsible for ensuring compliance with data protection laws and serving as the communication channel for data subjects and authorities:

• DPO Email: dpo@chatsnippet.com
• Contact for data protection inquiries: privacy@chatsnippet.com

We process your personal data based on the following legal grounds as provided by LGPD (Art. 7) and GDPR:

• Consent: Your explicit and informed consent for specific purposes (Art. 7, I, LGPD).
• Contractual Performance: Processing necessary for the execution of a contract to which you are a party (Art. 7, V, LGPD).
• Legal Obligation: Compliance with legal or regulatory obligations (Art. 7, II, LGPD).
• Legitimate Interest: Processing necessary for legitimate interests pursued by the controller or third parties (Art. 7, IX, LGPD).
• Public Interest: Execution of public policies provided for in laws and regulations (Art. 7, III, LGPD).

We collect and process the following categories of personal data:

• Identity Data: First name, last name, username, company name.
• Contact Data: Email address, telephone numbers.
• Technical Data: IP address, browser type and version, device information, operating system, login data.
• Usage Data: Information about how you use our website, services, and chat widgets (including conversation logs stored in encrypted vector format).
• Billing Data: Payment information, subscription details, transaction history.
• Content Data: Documents, website URLs, and files you upload for AI training purposes.

We collect personal data through the following methods:

• Direct Collection: Information you provide when creating an account, configuring your chat widget, or contacting support.
• Automated Collection: Technical data collected automatically through cookies and similar technologies when you access our services.
• Third-Party Sources: Data received from payment processors (Stripe) and authentication providers.

We process your personal data for the following purposes:

• Service Provision: To provide, maintain, and improve our AI chatbot services.
• Account Management: To create and manage your user account and organization settings.
• AI Training: To train AI models on your uploaded content (documents, URLs) to provide personalized chatbot responses. Your private data is NOT used to train public foundation models.
• Communication: To send service-related notifications, updates, and support responses.
• Billing: To process payments and manage subscriptions.
• Analytics: To analyze usage patterns and improve our services.
• Security: To detect, prevent, and address technical issues, fraud, and security threats.
• Legal Compliance: To comply with applicable laws and regulations.

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law:

• Account Data: Retained for the duration of your active subscription plus 5 years for tax and legal compliance purposes.
• Chat Logs: Retained for 12 months or as configured in your organization settings.
• Billing Records: Retained for 7 years to comply with tax regulations.
• Technical Logs: Retained for 90 days for security and troubleshooting purposes.
• Deleted Account Data: Upon account deletion, personal data is anonymized or deleted within 30 days, except where retention is required by law.

Under LGPD and GDPR, you have the following rights regarding your personal data:

• Right to Confirmation and Access (Art. 18, I-II): Confirm whether we process your data and access your personal data.
• Right to Correction (Art. 18, III): Request correction of incomplete, inaccurate, or outdated data.
• Right to Anonymization, Blocking, or Deletion (Art. 18, IV): Request deletion of unnecessary or excessive data, or data processed in violation of LGPD.
• Right to Portability (Art. 18, V): Receive your data in a structured, commonly used format and transfer it to another service provider.
• Right to Erasure ('Right to be Forgotten'): Request deletion of your personal data, subject to legal retention requirements.
• Right to Information about Sharing (Art. 18, VII): Know which public and private entities we share your data with.
• Right to Withdraw Consent (Art. 18, IX): Withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
• Right to Object (Art. 18, § 2º): Object to processing based on legitimate interest.
• Right to Review Automated Decisions (Art. 20, LGPD): Request review of decisions made solely based on automated processing that affect your interests.

To exercise any of these rights, please contact us at privacy@chatsnippet.com or dpo@chatsnippet.com. We will respond to your request within 15 days as required by LGPD.

We may share your personal data with the following categories of recipients:

• AI Service Providers: We share data with AI model solely for generating chatbot responses. These providers act as data operators under our instructions.
• Cloud Infrastructure: AWS (Amazon Web Services) for hosting and data storage.
• Payment Processors: Stripe for payment processing and subscription management.
• Analytics Services: Google Analytics (anonymized data only) for usage analysis.
• Legal Authorities: When required by law, court order, or to protect our rights and safety.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity.

We do NOT sell your personal data to third parties. All third-party processors are contractually bound to protect your data in accordance with LGPD and GDPR.

Your personal data may be transferred to and processed in countries outside Brazil and the European Economic Area (EEA), including the United States. We ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs): We use EU-approved Standard Contractual Clauses with our service providers.
• Adequacy Decisions: We transfer data to countries recognized by the European Commission or ANPD as providing adequate protection.
• Data Processing Agreements: All international processors sign agreements ensuring LGPD and GDPR compliance.

We implement technical and organizational security measures to protect your personal data against unauthorized access, loss, destruction, or alteration:

• Encryption: Data in transit is encrypted using TLS 1.3. Data at rest is encrypted using AES-256.
• Access Controls: Role-based access control (RBAC) and multi-factor authentication (MFA) for administrative access.
• Vector Storage: Chat logs are stored in encrypted vector format using pgvector with PostgreSQL.
• Regular Audits: Security assessments and penetration testing conducted regularly.
• Incident Response: We have procedures in place to detect, report, and respond to data breaches. In case of a breach affecting your rights, we will notify you and the relevant authorities within 72 hours as required by law.
• Employee Training: All employees with access to personal data receive data protection training.

We use cookies and similar tracking technologies to enhance your experience and analyze usage. You can control cookie preferences in your browser settings. We categorize cookies as follows:

• Essential Cookies: Required for the website to function (e.g., session management, authentication). These cannot be disabled.
• Analytics Cookies: Help us understand how visitors interact with our website (e.g., Google Analytics). These are optional.
• Marketing Cookies: Used to display relevant advertisements and track campaign effectiveness. These are optional.

You can manage your cookie preferences through your browser settings or our cookie consent banner. Disabling certain cookies may affect website functionality.

Our services are not directed to children under 18 years of age. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at privacy@chatsnippet.com, and we will delete such information in accordance with LGPD Art. 14.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

• Posting the updated policy on our website with a new 'Last Updated' date.
• Sending an email notification to your registered email address.
• Displaying a prominent notice on our platform.

We encourage you to review this Privacy Policy periodically. Continued use of our services after changes constitutes acceptance of the updated policy.

If you believe your data protection rights have been violated, you have the right to lodge a complaint with:

• Brazil: National Data Protection Authority (ANPD) - https://www.gov.br/anpd
• European Union: Your local Data Protection Authority
• You may also contact us directly at dpo@chatsnippet.com to resolve any concerns.

By using our chat interface and services, the user explicitly agrees to the following conditions:

• Any sharing of sensitive data is permitted by the user.
• The user consents to having their data stored in Brazil.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: privacy@chatsnippet.com
• Data Protection Officer: dpo@chatsnippet.com
• Support: support@chatsnippet.com