What is GDPR
General Data Protection Regulation (GDPR) is a new EU privacy data protection policy that was enacted as of May 25th, 2018.
The new policy defines more clearly what a user’s rights are when it comes to the storage, usage and management of their personal data and data rules for all companies operating in the EU, wherever they are based. For more details.
If you already know your rights, feel free to reach out to us with any requests through in app chat. Otherwise, keep reading to learn more.
“A controller is the entity that determines the purposes, conditions and means of the processing of personal data”
In this instance chata.ai is a Data Controller.
chata.ai uses many Data Processors which can be found in the table below.
In this instance you are the Data Subject.
Data Subject Rights
The details on each of your rights can be found here in the regulation. chata.ai’s compliance to each of the rights are explained in the sections below.
Right to be Informed
chata.ai will send a message via email to all registered customers and controllers of any breach within 72 hours of first becoming aware of the breach.
Right to Access
Our Terms of Service lay out the data that chata.ai collects on Data Subjects. By accepting these Terms you give consent to chata.ai processing your personal data. To access your personal data please send a message through our in-app help.
Right to Rectification
Your personal data can be seen and modified via the profile page of chata.ai’s web application. Any changes to data not found on this page but received as part of the Right to Access process may be changed by sending a message through our in-app help.
Right to Erasure
To be forgotten please send a message through our in-app help.
Right to Restrict Portability
All data accessed via the Right to Access section above is allowed to be transmitted to another controller.
Right to Object
You may object to our usage of your personal data by sending a message through our in-app help.
Rights related to automated decision making including profiling
chata.ai does not automatically make decision or profile users based on their personal information.
In App Help
All messages regarding GPDR compliance sent through our in-app help will create a support ticket to process your request. An appropriate response will be sent within 1 month from the receipt of the request.
chata.ai collects data personal data from two primary sources. These are the following:
- The chata.ai application
- All integrations
chata.ai Application Data
The chata.ai application stores the following personal data:
- Organization Names
- Project Names
- Email Addresses
- Full Name
- Phone Number
- Ip Address
- Location information including the following:
- Zip Code
- Time Zone
|Data Type||How we obtain it||Usage of the data|
|Organization Name||Entered on signup||To display to user to uniquely identify organizations|
|Project Name||Either entered on integration connection or retrieved from the integration||To display to the user to unique identify projects|
|Email Addresses||Entered on signup||To send notifications about application activity, billing receipts and marketing material|
|Full Name||Entered on signup||To personalize email communication and to identify to other users your personal content (comments, reports, etc.)|
|Ip Address||Collected automatically by signing up||To obtain location data|
|Location Data||Collected automatically by signing up||To fill initial billing information including tax percentage and currency.|
chata.ai Integration’s Data
Integration’s data is stored by chata.ai is used in two cases: to be displayed when relevant questions are asked and to populate project names. For more details on what each integration collects please visit their respective websites.
chata.ai stores data securely using state of the art database technologies. Data is sent and received exclusively over SSL protected requests. Your data is backed up nightly and is available for you to access through a natural language question when required.
Data Protection Officer
chata.ai does not have a Data Protection Officer as it does not meet any of the two possible requirements for appointing one. These are the following:
- a public authority or body (except for courts acting in their judicial capacity);
- core activities require large scale, regular and systematic monitoring of individuals (for example, online behaviour tracking); or core activities consist of large scale processing of special categories of data or data relating to criminal convictions and offences.
|Google Cloud Platform||Cloud Service||US||yes|
|Zendesk Inc.||Cloud based customer service||US||yes|
|Sendgrid||Cloud Based email notification||US||yes|
|MongoDB Atlas||Cloud data storage Service||US||yes|
|Hubspot||Cloud based CRM and Marketing automation||US||yes|
|Calendly||Cloud based scheduling software||US||yes|
|Chart Mogul||Cloud based subscription analytics||Germany||yes|
|Google Analytics||Google service||US||yes|
|Twilio||Cloud based communication platform||US||yes|
1950, 150 9 Ave SW
Calgary, Alberta T2P 3H9