Privacy Policy

Effective May 21, 2026

ChatKindle Inc. (“ChatKindle”, “we”, “us”) operates the chatbot platform available at chatkindle.com (the “Service”). This Privacy Policy explains what we collect, why we collect it, how we use and share it, and the rights you have over your personal data.

If you visit a website that has embedded a ChatKindle chatbot, the business that operates that website is the data controller of any information you share with their chatbot. ChatKindle is the data processor. Their privacy notice governs that relationship; this policy governs ours with you when you visit chatkindle.com or sign up for an account.

1. Information we collect

Information you provide

  • Account details: name, business name, email, phone, password hash.
  • Billing details: plan choice, payment method tokens (we never see raw card numbers — Razorpay and PayPal handle that).
  • Content you upload to train your bot: website URLs, PDFs, FAQs, prompt text.
  • Support correspondence and any feedback you send us.

Information collected automatically

  • Log data: IP address, browser, OS, referrer, timestamps for security and abuse prevention.
  • Usage analytics: feature use, conversation counts, error events. We use this to improve the product.
  • Cookies and similar technologies (see Section 7).

Information from third parties

  • Authentication providers (Google, etc.) if you choose to sign in with them — we receive your email and profile photo.
  • Payment providers — transaction status, last-4 digits, billing country.
  • Integrations you connect (Google Calendar, WhatsApp, etc.) — only the scopes you authorize.

2. How we use information

  • To provide, maintain, and improve the Service.
  • To process payments and manage subscriptions.
  • To send transactional emails (receipts, security alerts, product updates you opted in to).
  • To detect and prevent fraud, abuse, and security incidents.
  • To comply with legal obligations and respond to lawful requests.

We do not sell personal information, and we do not use your bot's training data, conversations, or knowledge base to train any general-purpose AI model. Inference is routed to large-language-model providers under contracts that forbid training on your data.

3. Legal bases (GDPR / UK GDPR)

Where the EU GDPR or UK GDPR applies, we process personal data on these legal bases:

  • Contract: to deliver the Service you signed up for.
  • Legitimate interest: to keep the Service secure, prevent abuse, and improve features.
  • Consent: for marketing emails and non-essential cookies; revocable at any time.
  • Legal obligation: tax, accounting, and responding to lawful authority.

4. Who we share data with

We share personal data only with vetted processors under data-protection agreements, and only as needed to run the Service:

  • Hosting & database: Supabase (Mumbai region), Vercel, Cloudflare R2.
  • LLM inference: OpenRouter and the underlying model providers (OpenAI, Anthropic, Google, Meta, DeepSeek). No customer data is used for model training.
  • Email: Resend for transactional email.
  • Payments: Razorpay (INR) and PayPal (USD and other currencies).
  • Monitoring: Sentry for error tracking; PostHog for product analytics; BetterStack for uptime.
  • Integrations: only the third-party services you explicitly connect (Google Calendar, WhatsApp Business, Slack, etc.).

We may also disclose information to comply with a court order, government request, or to investigate a credible security incident.

5. International transfers

ChatKindle is operated from India and our primary database is hosted in Mumbai. If you access the Service from another country, your information may be transferred across borders. Where required, we rely on the European Commission's Standard Contractual Clauses and equivalent transfer mechanisms.

6. Data retention

  • Account data: retained for the life of the account plus 30 days after deletion.
  • Billing records: retained for 7 years for tax and accounting (statutory requirement).
  • Conversation transcripts: retained per the subscriber's policy (default 365 days, configurable in their dashboard).
  • Logs & security events: 90 days.

You can request earlier deletion via Section 9 below; we honour the request unless a statutory retention obligation prevents it.

7. Cookies and similar technologies

We use a small set of cookies. None are used for cross-site advertising.

  • Strictly necessary: authentication session, CSRF token, locale and currency preferences. These cannot be disabled.
  • Analytics: PostHog (page views, feature usage). You can opt out via your browser's “Do Not Track” or our cookie banner.
  • Anonymous visitor ID on subscriber sites: a randomly generated ID stored in the visitor's browser so a chatbot conversation can resume across page loads. No personal identifiers.

8. GDPR & DPDP rights

If you are in the EU/UK (under GDPR) or in India (under the Digital Personal Data Protection Act, 2023), you have the right to:

  • Access — request a copy of personal data we hold about you.
  • Rectify — correct inaccurate or incomplete data.
  • Erase — request deletion of your data (“right to be forgotten”).
  • Restrict or object — limit how we process your data.
  • Port — receive your data in a machine-readable format.
  • Withdraw consent — where processing is based on consent.
  • Lodge a complaint — with the supervisory authority in your country.

To exercise any of these rights, email privacy@chatkindle.com. We respond within 30 days (or sooner where the law requires).

9. Children

The Service is not directed to children under 16. We do not knowingly collect personal information from children. If you believe we have, contact privacy@chatkindle.com and we will delete it.

10. Security

We protect personal data with TLS in transit, AES-256 at rest, row-level security on multi-tenant data, scoped service tokens, signed webhook delivery, and continuous monitoring. No system is perfect — if you discover a vulnerability, please report it to security@chatkindle.com.

11. Changes to this policy

We may update this policy from time to time. Material changes will be announced by email or an in-product notice at least 14 days before they take effect. Continued use of the Service after an update means you accept the new terms.

12. Contact

ChatKindle Inc.
Email: privacy@chatkindle.com
For security disclosures: security@chatkindle.com
For general questions: hello@chatkindle.com

Privacy Policy — ChatKindle