Privacy Policy

Account Information: When you register, we collect your name, email address, and a hashed (bcrypt-encrypted) password. We never store your plaintext password.

Contact Data: Any contacts, notes, deal information, follow-up logs, and related data you add to your Client Vault are stored in our database and belong to you.

Billing Information: Payment details (credit card numbers, bank information) are processed exclusively by Stripe, Inc. We never receive, store, or process raw payment card data. Stripe stores and handles all financial data under their own PCI-DSS compliance.

Usage Data: We collect anonymized usage logs to improve the platform — including page visits, feature interactions, and error reports. This data does not identify you personally.

Imported Contacts: If you use our Google Contacts import or CSV/vCard import features, the data you import is stored in your account vault and used solely to provide the service to you.

We use your information to: provide and operate the Chatalott platform; process payments and manage subscriptions through Stripe; send transactional emails (account creation, billing receipts, follow-up reminders you have configured); calculate and distribute Ambassador Program commissions; improve and debug the platform; and comply with legal obligations.

We do not sell your personal data to any third party. We do not use your contact vault data for advertising or any purpose other than providing the service to you.

Our AI features (text generation via Groq, image generation via Fal.ai) are powered by third-party AI providers. When you use these features, the prompt or context you provide may be transmitted to these providers to generate a response.

Important: We only send the minimum data necessary to generate your requested output. Your data is not used to train AI models by either Groq or Fal.ai under our current agreements. AI-generated content is stored in your account only if you explicitly save it.

The Ambassador Program is administered through Stripe Connect. If you join the Ambassador Program and become eligible for payouts, you will be directed to connect your Stripe account. Stripe collects, verifies, and stores all payout banking information directly. Chatalott does not have access to your bank account or routing numbers.

Ambassador commission records (amounts, referral counts, payout dates) are stored in our database to accurately calculate and display your earnings history.

Tax Status: Ambassadors are independent contractors, not employees of Chatalott. You are responsible for reporting and paying applicable taxes on commissions you receive. If your earnings exceed applicable tax reporting thresholds (such as IRS thresholds in the US or CRA thresholds in Canada), Stripe will issue the appropriate tax forms (e.g., 1099 or T4A) on our behalf.

Authorized Chatalott administrators may, for the purpose of customer support and debugging, access your account in a read-only impersonation mode (commonly referred to as “God View”). This allows our support team to reproduce issues you report without requiring your password.

This access is logged, is accessible only to authorized staff, and is used exclusively for support purposes. We do not access your account without a legitimate support reason. You may request a log of any administrative access to your account by emailing support@chatalott.com.

If your subscription is cancelled, your account enters a 60-day grace period during which your data remains intact and accessible in read-only mode. After 60 days, contact data, deals, meetings, and follow-up logs are permanently deleted.

You may request immediate deletion of your data at any time by emailing support@chatalott.com. We will process deletion requests within 30 days.

We use industry-standard security practices including TLS/HTTPS encryption in transit, bcrypt password hashing, environment variable isolation for secrets, and row-level access controls. Our database is hosted on Neon (PostgreSQL), a SOC 2 compliant provider.

No system is 100% secure. In the event of a data breach affecting your personal information, we will notify affected users within 72 hours of becoming aware of the incident.

We use session cookies to keep you logged in and functional cookies required for the platform to operate. We do not use tracking or advertising cookies. You may clear cookies at any time through your browser settings, which will log you out of the platform.

We use the following third-party services, each governed by their own privacy policies: Stripe (payments), Neon (database hosting), Groq (AI text generation), Fal.ai (AI image generation), Vercel (hosting and edge functions), Resend (transactional email). We share only the minimum data necessary with each provider to perform their function.

Depending on your jurisdiction, you may have rights to access, correct, export, or delete your personal data. To exercise any of these rights, email support@chatalott.com with your request. We will respond within 30 days.

If you are located in the European Economic Area, you have additional rights under the GDPR, including the right to lodge a complaint with your local data protection authority.

Chatalott is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of material changes by email and by posting an updated “Last updated” date. Continued use of the platform after changes constitutes acceptance of the updated policy.