Privacy Policy

1. What We Collect

We collect minimal data necessary to operate the service:

• Account data — email address and user ID, collected via Clerk when you sign up.
• License data — license key, activation status, and expiry date, stored to validate access.
• Session telemetry — project name, pipeline phase, and session activity timestamps. This data is used to populate your dashboard and improve the product. No source code or file contents are ever collected.
• Machine ID — a hashed fingerprint derived from your hardware to enforce machine limits. It is non-reversible and not linked to any personal identifier.

2. What We Do Not Collect

• Source code, file contents, or project files
• Keystrokes, clipboard contents, or conversation history
• Any data beyond what is described in Section 1

3. How We Use Your Data

• To validate your license and enforce plan limits
• To display your project activity in the dashboard
• To improve the product based on aggregate usage patterns
• To send transactional emails (e.g., license confirmation)

4. Data Storage

Data is stored in Supabase (PostgreSQL) hosted in the EU region. Account authentication is managed by Clerk. Payment data is handled exclusively by Stripe and is never stored on our servers.

5. Data Sharing

We do not sell or share your personal data with third parties. We use the following sub-processors: Clerk (authentication), Supabase (database), Stripe (payments), and Vercel (hosting).

6. Your Rights

You may request deletion of your account and associated data at any time by contacting us. We will fulfill deletion requests within 30 days.

7. Contact

Privacy questions? support@chati.dev