Effective date: 2026-04-25

Privacy Policy

This Privacy Policy explains how Chattera (“we”, “us”, “our”), operator of chattera.io, collects, uses, discloses and protects your personal data when you visit our website or use our services.

1. Who we are

Chattera. We are the data controller responsible for your personal data processed in connection with the chattera.io service.

For all privacy-related questions you can contact us at privacy@chattera.io or support@chattera.io.

2. What data we collect

2.1 Account data

  • Identity data: name, email address, profile picture (if provided).
  • Authentication data: hashed password, OAuth identifiers (Google, etc.).
  • Workspace data: workspace name, role, billing market, language preference.

2.2 Billing data

  • Subscription plan, billing cycle, currency.
  • Invoices and payment history.
  • Payment card details are processed by our payment provider (Merchant of Record). We do not store full card numbers or CVV codes on our servers.

2.3 Service data (content you upload)

  • Contacts you import (name, email, phone, custom fields).
  • Messages exchanged through connected channels (Telegram, WhatsApp, Email, SMS).
  • Files and media you upload to broadcasts and conversations.
  • API keys for third-party providers you choose to connect (e.g. your own OpenAI key).

2.4 Technical data

  • IP address, browser type and version, operating system.
  • Pages visited, referrer, session timestamps.
  • Cookies and similar technologies (see section 8).
  • Error and diagnostics logs.
  • IP-based geolocation is used to route visitors between regional versions of the site (chattera.ru / chattera.io). The IP is not stored separately for this purpose — only the current HTTP request headers are inspected.

3. How we use your data

We process personal data for the following purposes and on the following legal bases:

PurposeLegal basis (GDPR Art. 6)
Provide the service, authenticate you, deliver messagesPerformance of a contract
Process payments, issue invoicesPerformance of a contract / legal obligation
Customer supportPerformance of a contract / legitimate interest
Service security, fraud prevention, abuse detectionLegitimate interest
Compliance with tax, accounting and legal obligationsLegal obligation
Product analytics and improvementLegitimate interest / consent (where required)
Marketing communicationsConsent (you can opt out at any time)

4. Sharing your data with third parties

We share personal data only with carefully selected processors and partners:

  • Payment provider (Merchant of Record): processes your payment, calculates and remits taxes (e.g. Paddle.com Market Limited).
  • Cloud infrastructure: hosting, storage and databases.
  • Messaging providers: Telegram, WhatsApp/Evolution API, email and SMS gateways — required to deliver your messages.
  • AI providers: OpenAI, Anthropic, Google, OpenRouter and other LLM providers when you use AI features. If you connect your own API key (BYOK), data goes directly to the provider you chose.
  • Error tracking: Sentry for diagnostics and bug reports.
  • Analytics: only with your cookie consent.
  • Legal authorities: if required by law, court order, or to protect rights and safety.

We do not sell personal data and do not share it for unrelated marketing.

5. International transfers

Where personal data is transferred outside the European Economic Area, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses, or transfers to countries covered by an adequacy decision.

6. How long we keep your data

  • Account data: while your account is active and for up to 90 days after deletion to allow recovery.
  • Billing and tax records: as required by law, typically 6–10 years.
  • Service logs and error reports: up to 90 days.
  • Marketing data: until you withdraw consent.

You can request earlier deletion at any time, subject to legal retention requirements.

7. Your rights (GDPR)

If you are located in the European Economic Area, the United Kingdom or another jurisdiction with similar laws, you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate or incomplete data.
  • Request erasure of your data (“right to be forgotten”).
  • Restrict or object to certain processing.
  • Receive your data in a portable, machine-readable format.
  • Withdraw consent at any time, where processing is based on consent.
  • Lodge a complaint with your local data-protection authority.

To exercise any of these rights, email privacy@chattera.io. We respond within 30 days.

8. Cookies

We use a minimal set of cookies:

  • Strictly necessary cookies: session, authentication, CSRF protection, locale preference. These cannot be disabled.
  • Analytics cookies: set only after you accept on the consent banner.

You can manage cookies through your browser settings or by clearing the consent stored in your browser.

9. Security

We protect personal data using industry-standard measures: TLS in transit, encryption at rest for sensitive fields (including bot tokens with AES-256), workspace isolation, role-based access, audit logs, regular backups and principle of least privilege for staff access.

10. Children

The service is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

11. Changes to this Policy

We may update this Privacy Policy from time to time. The “Effective date” at the top reflects the latest revision. Material changes will be notified by email or in-app banner.

12. Contact

Chattera
Email: privacy@chattera.io