Privacy Policy

Last updated: April 7, 2026

David Langr, Business Registration No. (ICO): 04617002, with the place of business at V olsinach 1451/20, 100 00, Prague 10 - Strasnice, Czech Republic, operating as Chaterimo ("we", "us", or "our"), operates the Chaterimo platform (the "Service").

This Privacy Policy explains how we collect, use, store, and protect personal data when you use our Service, in accordance with Regulation (EU) 2016/679 (GDPR) and applicable Czech data protection law.


1. Data Controller

The data controller for the processing of your personal data is:

David Langr
ICO: 04617002
V olsinach 1451/20, 100 00, Prague 10 - Strasnice, Czech Republic
Email: info@chaterimo.com


2. What Data We Collect

We collect the following categories of personal data:

2.1. Account Data (provided during registration)

  • Email address
  • Name and username
  • Organisation (business) details
  • Password (stored as a secure hash, never in plain text)
  • Language and locale preferences
  • Marketing consent preferences

2.2. Billing Data

  • Stripe customer ID and subscription information
  • Billing history and invoice data (managed by Stripe)
  • We do not store credit card numbers or payment card data. All payment processing is handled by Stripe in accordance with PCI DSS standards.

2.3. Service Usage Data

  • Chatbot configuration and settings
  • Knowledge base content (product catalogs, website content, uploaded documents)
  • Chat conversations between end-users and chatbots
  • Lead data collected through chat widgets (names, emails, phone numbers voluntarily provided by end-users)
  • Email content (if email integration is enabled)
  • Support ticket content (if ticketing is enabled)

2.4. Technical Data

  • IP addresses (used for security, rate limiting, and abuse detection)
  • Session identifiers
  • Browser type and device information (collected via chat widget)
  • Application logs (which may contain request metadata)

2.5. API Keys (if provided by Customer)

  • Third-party API keys for AI services (OpenAI, Anthropic, Google, Groq)
  • E-commerce platform API credentials (Shopify, Shoptet, Upgates, WooCommerce, etc.)
  • CRM integration credentials (Zoho, HubSpot, Pipedrive)
  • Email OAuth tokens (Gmail, Outlook)
  • All API keys and credentials are encrypted at rest using Fernet symmetric encryption

3. How We Use Your Data

We process personal data for the following purposes:

  • Service delivery: Providing and maintaining the Chaterimo platform, including AI-powered chatbot responses, knowledge base search, and e-commerce integrations
  • Account management: Managing your registration, authentication, and subscription
  • Payment processing: Processing subscription payments through Stripe
  • Customer support: Responding to your inquiries and providing technical assistance
  • Security: Protecting the Service from abuse, fraud, and unauthorized access through IP blocking, rate limiting, and malicious pattern detection
  • Service improvement: Analyzing aggregated, anonymized usage data to improve the platform
  • Legal compliance: Fulfilling our legal obligations under applicable law
  • Communication: Sending transactional emails (account notifications, billing receipts, service updates) and, with your consent, marketing communications

4. Legal Basis for Processing

We process your personal data on the following legal bases under Article 6 GDPR:

  • Performance of contract (Art. 6(1)(b)): Processing necessary to provide the Service you subscribed to (account data, service usage data, billing data)
  • Legitimate interests (Art. 6(1)(f)): Security measures (IP blocking, rate limiting, logging), service improvement through aggregated analytics, and fraud prevention
  • Consent (Art. 6(1)(a)): Marketing communications (you can withdraw consent at any time)
  • Legal obligation (Art. 6(1)(c)): Tax and accounting record-keeping as required by Czech law

5. Data Sharing and Third-Party Processors

We share your data with the following categories of third-party service providers, who process data on our behalf:

5.1. Infrastructure and Hosting

  • Hetzner Online GmbH (Germany) — Server hosting and infrastructure
  • DigitalOcean LLC (EU/US) — File storage and CDN for uploaded files and static assets

5.2. AI Language Model Providers

Depending on the chatbot configuration, chat messages and knowledge base excerpts are sent to one or more of the following AI providers to generate chatbot responses:

  • OpenAI (OpenAI Ireland Ltd. / OpenAI, Inc.) — GPT models
  • Anthropic, PBC — Claude models
  • Google (Google Ireland Limited / Google LLC) — Gemini models
  • Groq, Inc. — Groq models

We use API-tier access to all AI providers. Your data is not used to train the AI providers' foundational models.

5.3. Payment Processing

  • Stripe, Inc. — Payment processing, subscription management, invoicing. Stripe's privacy policy applies to payment data.

5.4. Email Integration (if enabled by Customer)

  • Google (Google Ireland Limited / Google LLC) — Gmail OAuth integration
  • Microsoft Corporation (Microsoft Ireland / USA) — Outlook/Microsoft 365 OAuth integration

5.5. Messaging Integration (if enabled by Customer)

  • Meta Platforms (Meta Platforms Ireland Limited / Meta Platforms, Inc.) — Facebook Messenger integration

5.6. CRM Integration (if enabled by Customer)

  • Zoho Corporation — CRM data sync
  • HubSpot, Inc. — CRM data sync
  • Pipedrive OU (Estonia/USA) — CRM data sync

5.7. Monitoring and Logging

  • Better Stack (Logtail) (EU) — Application logging and monitoring. Logs may contain IP addresses, error details, email processing metadata, and request data.

5.8. Other

  • Jina AI GmbH (Germany) — Web page content extraction (fallback method for knowledge base training)

We do not sell your personal data to third parties. We do not share your data with third parties for their own marketing purposes.


6. International Data Transfers

Our primary infrastructure is located in Germany (EU). However, some third-party providers are located in the United States. For transfers of personal data outside the European Economic Area (EEA), we rely on:

  • The European Commission's adequacy decision for the EU-U.S. Data Privacy Framework (where the provider is certified)
  • Standard Contractual Clauses (SCCs) approved by the European Commission (Decision (EU) 2021/914)
  • Where available, we contract with the EU/EEA subsidiary of providers to minimize cross-border transfers

7. Data Retention

  • Account data: Retained for the duration of your subscription and for a reasonable period thereafter to allow for account reactivation, unless you request deletion
  • Service usage data (chat sessions, leads, knowledge base): Retained for the duration of your subscription. Upon termination, deleted from active systems within 30 days and from backups within 90 days
  • Billing data: Retained as required by Czech tax and accounting laws (typically 10 years for invoices)
  • Application logs: Retained according to the logging provider's retention schedule
  • IP addresses used for security blocking: Cached temporarily (up to 24 hours) and not stored in the database

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • TLS/HTTPS encryption for all data in transit with automatic certificate management
  • Industry-standard symmetric encryption for sensitive credentials at rest (API keys, OAuth tokens)
  • Dedicated server infrastructure in Germany (not shared hosting)
  • Isolated container architecture with internal networking
  • Multi-tenant data isolation with organization-based scoping
  • Automated security middleware: IP blocking, rate limiting, malicious pattern detection
  • Database connection pooling with transaction-level isolation
  • Password hashing for user authentication
  • Regular automated backups with redundant storage

For details, see Annex 2 of our Data Processing Agreement (DPA).


9. Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right of access (Art. 15): Request a copy of the personal data we hold about you
  • Right to rectification (Art. 16): Request correction of inaccurate or incomplete data
  • Right to erasure (Art. 17): Request deletion of your personal data, subject to legal retention obligations
  • Right to restriction (Art. 18): Request restriction of processing in certain circumstances
  • Right to data portability (Art. 20): Receive your data in a structured, commonly used format. Self-service CSV exports are available for leads and chat history.
  • Right to object (Art. 21): Object to processing based on legitimate interests
  • Right to withdraw consent (Art. 7(3)): Withdraw your consent to marketing communications at any time

To exercise any of these rights, contact us at info@chaterimo.com. We will respond within 30 days as required by the GDPR.


10. Data Processing on Behalf of Customers

When our Customers use the Service to deploy chatbots on their websites, we process personal data of the Customers' end-users (chat visitors) on behalf of the Customer. In this relationship:

  • The Customer is the data controller for their end-users' data
  • Chaterimo is the data processor

This processing is governed by our Data Processing Agreement (DPA), which forms part of the Terms of Service. The Customer is responsible for providing appropriate privacy notices to their end-users.


11. Cookies and Tracking

The Chaterimo website uses cookies for essential functionality (session management, authentication, language preferences). We do not use third-party advertising or tracking cookies.

The Chaterimo chat widget, when embedded on a Customer's website, uses session storage to maintain chat state. The Customer is responsible for disclosing the widget's data collection in their own cookie/privacy policy.


12. Children's Privacy

The Service is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us at info@chaterimo.com and we will delete it promptly.


13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to registered users via email. The current version is always available on our website.


14. Contact and Complaints

For any questions or concerns about this Privacy Policy or our data processing practices, contact us at:

Email: info@chaterimo.com

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. The competent authority for the Czech Republic is:

Office for Personal Data Protection (UOOU)
Pplk. Sochora 27, 170 00 Prague 7, Czech Republic
Website: www.uoou.cz

chaterimo logo

Copyright © Chaterimo

about-icon