What is GDPR

General Data Protection Regulation (GDPR) is a new EU privacy data protection policy that was enacted as of May 25th, 2018.

The new policy defines more clearly what a user’s rights are when it comes to the storage, usage and management of their personal data and data rules for all companies operating in the EU, wherever they are based. For more details.

If you already know your rights, feel free to reach out to us with any requests through in app chat. Otherwise, keep reading to learn more.

Key Terminology

Data Controller

“A controller is the entity that determines the purposes, conditions and means of the processing of personal data”
In this instance is a Data Controller.

Data Processor

“[A] processor is an entity which processes personal data on behalf of the controller” uses many Data Processors which can be found in the table below.

Data Subject

“A natural person whose personal data is processed by a controller or processor.”

In this instance you are the Data Subject.

Data Subject Rights

The details on each of your rights can be found here in the regulation.’s compliance to each of the rights are explained in the sections below.

Right to be Informed will send a message via email to all registered customers and controllers of any breach within 72 hours of first becoming aware of the breach.

Right to Access

Our Terms of Service lay out the data that collects on Data Subjects. By accepting these Terms you give consent to processing your personal data. To access your personal data please send a message through our in-app help.

Right to Rectification

Your personal data can be seen and modified via the profile page of’s web application. Any changes to data not found on this page but received as part of the Right to Access process may be changed by sending a message through our in-app help.

Right to Erasure

To be forgotten please send a message through our in-app help.

Right to Restrict Portability

All data accessed via the Right to Access section above is allowed to be transmitted to another controller.

Right to Object

You may object to our usage of your personal data by sending a message through our in-app help.

Rights related to automated decision making including profiling does not automatically make decision or profile users based on their personal information.

In App Help

All messages regarding GPDR compliance sent through our in-app help will create a support ticket to process your request. An appropriate response will be sent within 1 month from the receipt of the request.

Chata’s Data

Chata collects data personal data from two primary sources. These are the following:

  • The Advisory Studio application
  • All integrations

Advisory Studio by Chata Application Data

The Advisory Studio application stores the following personal data:

  • Organization Names
  • Project Names
  • Email Addresses
  • Full Name
  • Phone Number
  • Ip Address
  • Location information including the following:
    • Country
    • Region
    • City
    • Zip Code
    • Time Zone
    • Longitude
    • Latitude
Data Type How we obtain it Usage of the data
Organization Name Entered on signup To display to user to uniquely identify organizations
Project Name Either entered on integration connection or retrieved from the integration To display to the user to unique identify projects
Email Addresses Entered on signup To send notifications about application activity, billing receipts and marketing material
Full Name Entered on signup To personalize email communication and to identify to other users your personal content (comments, reports, etc.)
Ip Address Collected automatically by signing up To obtain location data
Location Data Collected automatically by signing up To fill initial billing information including tax percentage and currency.

Chata Integration’s Data

Integration’s data is stored by Chata is used in two cases: to be displayed when relevant questions are asked and to populate project names. For more details on what each integration collects please visit their respective websites.


Chata stores data securely using state of the art database technologies. Data is sent and received exclusively over SSL protected requests. Your data is backed up nightly and is available for you to access through a natural language question when required.

Data Protection Officer

Chata does not have a Data Protection Officer as it does not meet any of the two possible requirements for appointing one. These are the following:

  • a public authority or body (except for courts acting in their judicial capacity);
  • core activities require large scale, regular and systematic monitoring of individuals (for example, online behaviour tracking); or core activities consist of large scale processing of special categories of data or data relating to criminal convictions and offences.


Entity Function Country GDPR Compliant
Google Cloud Platform Cloud Service US yes
Zendesk Inc. Cloud based customer service US yes
Sendgrid Cloud Based email notification US yes
MongoDB Atlas Cloud data storage Service US yes
Hubspot Cloud based CRM and Marketing automation US yes
Calendly Cloud based scheduling software US yes
Chart Mogul Cloud based subscription analytics Germany yes
Google Analytics Google service US yes
Twilio Cloud based communication platform US yes

Contacting Us

If there are any questions regarding this privacy policy, you may contact us using the information below.

Suite 2100,
333-7th Ave SW
Calgary, Alberta T2P 2Z1