What is GDPR
General Data Protection Regulation (GDPR) is a EU privacy data protection policy that was enacted on May 25th, 2018.
The policy defines more clearly what a user’s rights are when it comes to the storage, usage and management of their personal data and data rules for all companies operating in the EU, wherever they are based. For more details.
If you already know your rights, feel free to reach out to us with any requests. Otherwise, keep reading to learn more.
Key Terminology
Data Controller
“A controller is the entity that determines the purposes, conditions and means of the processing of personal data”
In this instance Chata.ai is a Data Controller.
Data Processor
“[A] processor is an entity which processes personal data on behalf of the controller”
Chata.ai uses many Data Processors which can be found in the table below.
Data Subject
“A natural person whose personal data is processed by a controller or processor.”
In this instance you are the Data Subject.
Data Subject Rights
The details on each of your rights can be found here in the regulation. Chata.ai’s compliance to each of the rights are explained in the sections below.
Right to be Informed
Chata.ai will send a message via email to all registered customers and controllers of any breach within 72 hours of first becoming aware of the breach.
Right to Access
Our Terms of Service lay out the data that Chata.ai collects on Data Subjects. By accepting these Terms you give consent to Chata.ai processing your personal data. To access your personal data please send an email.
Right to Rectification
Your personal data can be seen and modified via the profile page of Chata.ai’s AutoQL Integrator Portal. Any changes to data not found on this page but received as part of the Right to Access process may be changed by sending an email message.
Right to Erasure
To be forgotten please send an email.
Right to Restrict Portability
All data accessed via the Right to Access section above is allowed to be transmitted to another controller.
Right to Object
You may object to our usage of your personal data by sending an email.
Rights related to automated decision making including profiling
Chata.ai does not automatically make decision or profile users based on their personal information.
Chata.ai’s Data
Chata.ai collects personal data from two primary sources. These are the following:
- AutoQL
- All integrations
AutoQL by Chata.ai Application Data
AutoQL stores the following personal data:
- Organization Names
- Project Names
- Email Addresses
- Full Name
- Ip Address
- Location information including the following:
- Country
- Region
- City
- Zip Code
- Time Zone
- Longitude
- Latitude
| Data Type | How we obtain it | Usage of the data |
| Organization Name | Entered on signup | To display to user to uniquely identify organizations |
| Project Name | Either entered on integration connection or retrieved from the integration | To display to the user to unique identify projects |
| Email Addresses | Entered on signup | To send notifications about application activity, billing receipts and marketing material |
| Full Name | Entered on signup | To personalize email communication and to identify to other users your personal content (comments, reports, etc.) |
| Ip Address | Collected automatically by signing up | To obtain location data |
| Location Data | Collected automatically by signing up | To fill initial billing information including tax percentage and currency. |
Security
Chata.ai stores data securely using state of the art database technologies. Data is sent and received exclusively over SSL protected requests. Your data is available for you to access through a natural language question when required.
Data Protection Officer
Chata.ai does not have a Data Protection Officer as it does not meet any of the two possible requirements for appointing one. These are the following:
- a public authority or body (except for courts acting in their judicial capacity);
- core activities require large scale, regular and systematic monitoring of individuals (for example, online behaviour tracking); or core activities consist of large scale processing of special categories of data or data relating to criminal convictions and offences.
Sub-Processors
| Entity | Function | Country | GDPR Compliant |
| Google Cloud Platform | Cloud Service | US | yes |
| Azure Cloud Platform | Cloud Service | US | yes |
| Sendgrid | Cloud Based email notification | US | yes |
| MongoDB Atlas | Cloud data storage Service | US | yes |
| Hubspot | Cloud based CRM and Marketing automation | US | yes |
| Hubspot | Cloud based scheduling software | US | yes |
| Chart Mogul | Cloud based subscription analytics | Germany | yes |
| Google Analytics | Google service | US | yes |
| Stripe | Payment Processor | US | yes |
| Twilio | Cloud based communication platform | US | yes |
Contacting Us
If there are any questions regarding this privacy policy, you may contact us using the information below.
Chata.ai
Suite 2100,
333-7th Ave SW
Calgary, Alberta T2P 2Z1
Canada
support@chata.ai