1. About This Policy
This policy describes how Chattrick.ai processes information when the chatbot is used on a customer's website and when the customer uses the portal for insights, chat logs, and leads.
It explains what data we process, why we process it, how it is shared, and when it is deleted. The policy is designed with EU/EEA law as a baseline and is intended to work together with a Data Processing Agreement (DPA) for business customers.
2. About Chattrick.ai and Contact Information
Chattrick.ai is a service provided by Chattrick Europe AB (org.no. 559572-0490).
For privacy questions, contact us at support@chattrick.ai.
3. About the Chatbot
The chatbot is used to answer questions, provide information, and potentially collect contact details from users. The service may use AI to generate responses, and responses may therefore be incomplete or contain errors.
Do not share sensitive personal information in chat, such as national ID numbers, bank account numbers, passwords, or special category data.
4. Use of the Chatbot
The chatbot must not be used for unlawful purposes, attempts to bypass security mechanisms, or other behavior that may harm the service. Unauthorized use may result in restricted or terminated access.
5. Roles and Responsibilities
When the chatbot is used on the customer's website, the customer is typically the Data Controller and Chattrick.ai acts as Data Processor.
For account administration, access control, support, and billing, Chattrick.ai may act as Data Controller for data necessary to deliver and manage the service.
6. What Data We Process
- Chat and enquiry data: Content of dialogue between the end-user and the chatbot.
- Lead data (voluntarily provided): Contact details users submit when requesting follow-up.
- Technical operations and security data: For example IP addresses, timestamps, logs, and error data.
7. How We Use the Data
- Deliver chatbot functionality and relevant responses.
- Enable follow-up when users request contact.
- Provide business insights from conversation analysis.
- Ensure stable operation and information security.
8. Legal Basis for Processing
Processing is primarily based on legitimate interests (GDPR Art. 6(1)(f)) to deliver the service and maintain secure operation.
Where users voluntarily submit contact details and request to be contacted, processing may also be based on consent (GDPR Art. 6(1)(a)).
9. No Training on Customer Data
Chattrick.ai does not use customer chat content, leads, or uploaded documents to train its own models or improve general models for other customers.
11. Storage Within the EU and Infrastructure
Customer data is stored and processed within the EU. Infrastructure is hosted at Hetzner in Frankfurt.
The chatbot may use OpenAI's API service to generate responses. See the full PDF version for details on sub-processors and transfers.
12. Retention Period and Deletion
- Chat logs: Stored for up to 2 years unless earlier deletion is requested.
- Lead data: Stored for up to 2 years unless earlier deletion is requested.
- Technical logs: Deleted continuously according to operations and security routines.
13. Information Security
We use appropriate technical and organizational safeguards such as access control, authentication, logging, secure communication (HTTPS), and incident handling routines.
14. End User Rights
End-users have rights under GDPR, including access, rectification, deletion, restriction, data portability, and the right to object to certain processing.
15. Security Incidents and Breaches
We maintain routines to detect, assess, and handle incidents. If a personal data breach affecting customer data is identified, we notify the customer without undue delay.
16. Changes
This policy may be updated when needed, for example due to legal, technical, or service changes. Material updates are communicated appropriately.
17. Contact
Questions regarding privacy and data processing can be sent to:
Email: support@chattrick.ai
Subject: "Privacy β Chattrick.ai"