Privacy

Privacy Policy

Last updated: April 12, 2026

1. Introduction

AnsChat ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy outlines how we collect, use, and safeguard your information when you use our website and AI chatbot services. We comply with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

2. Legal Bases for Processing

We process your personal data only when we have a lawful basis. For each processing activity, the legal basis is as follows:

  • Service Provision (Contract): Processing account and chat data to deliver the AI service you subscribed to.
  • Billing (Legal Obligation): Processing payment data to comply with tax and financial regulations.
  • Analytics (Consent): Processing usage data via cookies to improve our platform, only when you have explicitly opted in.
  • Security & Updates (Legitimate Interest): Monitoring system performance and preventing fraud to ensure platform integrity.

3. AI Data Transparency

We are committed to full transparency regarding how Artificial Intelligence processes your data.

3.1 No Training on Your Data

We do NOT use your private conversation data, customer logs, or uploaded documents to train our foundational AI models. Your data remains yours.

3.2 Data Processing & Transmission

  • Inference Only: When you send a message, the text is securely transmitted to our AI providers (Groq and Google) solely for the purpose of generating a response (inference).
  • Zero Retention by Providers: Our agreements with these providers mandate that they do not retain your data for model training or improvement.
  • Contextual Storage: We store chat history in our own secure databases (hosted on Supabase/Render) to maintain conversation context for you. You can delete this history at any time.

4. Data We Collect

4.1 Account Data

We collect your Google account name, email address, and profile picture when you sign in via Google OAuth. This information is used to create and manage your AnsChat account. New accounts are created exclusively through Google Sign-In; no email/password registration is available.

4.2 Payment Processing

Payments are processed by Dodo Payments (Merchant of Record). AnsChat does not collect or store credit card numbers or bank account details. Dodo Payments' privacy policy governs how payment data is handled. We receive confirmation of payment status, subscription status, customer and subscription reference IDs, applicable discount-code information, invoice metadata, and other billing events required to activate service, manage renewals, and process eligible refunds.

4.3 Usage Data

We track message counts, storage usage, and feature interactions for the purpose of enforcing plan limits, resetting monthly allocations, supporting account analytics, and reviewing refund eligibility under our published refund policy. Storage usage is measured in real-time from our vector database (Qdrant). This data is stored in our own database and is not shared with third parties except as needed to operate the service.

5. Data Retention

We enforce strict retention policies to ensure data is not kept longer than necessary:

Data TypeRetention Period
Chat Logs & HistoryUntil deleted by user, or 12 months from creation.
Account InformationDuration of active account + 30 days post-deletion.
Analytics Data26 months (aggregated and anonymized).
Backups30 days rolling retention.
Billing, refund, and support recordsFor the duration required for tax, fraud prevention, disputes, and legal compliance.

6. International Transfers

Your data may be processed in the United States and other locations where our subprocessors reside. We ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs): We rely on SCCs approved by the European Commission for transfers to providers like Groq and Supabase.

A list of subprocessors is available upon request.

7. Your Rights (DSAR)

To exercise your GDPR rights (Access, Rectification, Erasure, Portability), please submit a Data Subject Access Request (DSAR):

How to submit a request

You can email our Data Protection Officer (DPO) directly. We verify all requests to protect your account security.

Email [email protected]

Response Time: We aim to respond to all substantiated requests within 30 days.

8. Contact Us

If you have any questions about this Privacy Policy, please contact us:

Email: [email protected]