Privacy

Privacy Policy

Last updated: February 16, 2026

1. Introduction

AnsChat ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy outlines how we collect, use, and safeguard your information when you use our website and AI chatbot services. We comply with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

2. Legal Bases for Processing

We process your personal data only when we have a lawful basis. For each processing activity, the legal basis is as follows:

  • Service Provision (Contract): Processing account and chat data to deliver the AI service you subscribed to.
  • Billing (Legal Obligation): Processing payment data to comply with tax and financial regulations.
  • Analytics (Consent): Processing usage data via cookies to improve our platform, only when you have explicitly opted in.
  • Security & Updates (Legitimate Interest): Monitoring system performance and preventing fraud to ensure platform integrity.

3. AI Data Transparency

We are committed to full transparency regarding how Artificial Intelligence processes your data.

3.1 No Training on Your Data

We do NOT use your private conversation data, customer logs, or uploaded documents to train our foundational AI models. Your data remains yours.

3.2 Data Processing & Transmission

  • Inference Only: When you send a message, the text is securely transmitted to our AI providers (Groq and Google) solely for the purpose of generating a response (inference).
  • Zero Retention by Providers: Our agreements with these providers mandate that they do not retain your data for model training or improvement.
  • Contextual Storage: We store chat history in our own secure databases (hosted on Supabase/Render) to maintain conversation context for you. You can delete this history at any time.

4. Data Retention

We enforce strict retention policies to ensure data is not kept longer than necessary:

Data TypeRetention Period
Chat Logs & HistoryUntil deleted by user, or 12 months from creation.
Account InformationDuration of active account + 30 days post-deletion.
Analytics Data26 months (aggregated and anonymized).
Backups30 days rolling retention.

5. International Transfers

Your data may be processed in the United States and other locations where our subprocessors reside. We ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs): We rely on SCCs approved by the European Commission for transfers to providers like Groq and Supabase.

A list of subprocessors is available upon request.

6. Your Rights (DSAR)

To exercise your GDPR rights (Access, Rectification, Erasure, Portability), please submit a Data Subject Access Request (DSAR):

How to submit a request

You can email our Data Protection Officer (DPO) directly. We verify all requests to protect your account security.

Email [email protected]

Response Time: We aim to respond to all substantiated requests within 30 days.

7. Contact Us

If you have any questions about this Privacy Policy, please contact us:

Email: [email protected]