Log in Get Started

Chatac Privacy Policy

Effective Date: June 30, 2025

Chatac PBC ("Chatac," "we," "us," "our")

Chatac helps organizations create, deliver, and manage learning experiences. We are committed to privacy-by-design and collect only what's needed to operate the service.

1) Scope

This Policy explains how we handle personal information for:

  • Organization users (e.g., admins, instructors, staff)
  • Learners who access courses delivered through Chatac-powered channels
  • Website and platform users who create and manage courses

2) Information We Collect (purpose-driven only)

We practice data minimization and collect only what is necessary.

Account & Authentication

  • Email address
  • Encrypted password hash (bcrypt)
  • Account verification status

Learning Platform Data

  • Name and basic profile (e.g., preferences, country, language)
  • Date of birth (for age/eligibility verification when required)
  • Academy and course enrollment/participation data
  • Platform identifiers necessary for chat delivery and integration (e.g., messaging handle/ID)

Business & Operations

  • Billing contact information
  • Payment terms and payment processor references/IDs
  • Client-uploaded educational content and file attachments (e.g., PDFs)

Session Security

  • Temporary authentication tokens
  • Password reset and account verification tokens (time-limited)

We do NOT collect

  • IP address tracking or device fingerprinting
  • GPS/location data
  • Web browsing behavior for advertising
  • Government IDs or Social Security Numbers
  • Unnecessary personal information

3) How We Use Information

  • Provide and secure the service: authenticate users, manage roles, authorize access
  • Deliver learning: generate lessons from client-uploaded content; enroll learners; deliver course items via integrated channels (e.g., WhatsApp)
  • Support & operations: respond to support requests; manage billing and subscriptions
  • Analytics & improvement: measure engagement and course performance to improve learning effectiveness (not for ads; no sale of personal data)

4) Client Content & Course Creation

Organizations may upload source materials (e.g., PDFs) to generate course content. Chatac processes these materials to create structured learning modules for delivery to learners. Client content remains the client's intellectual property; we host and process it solely to provide the service under the client's instructions.

5) AI Processing

We use enterprise-grade AI services to:

  • Analyze client-uploaded materials to generate learning content
  • Support course translation and related educational functions

Key safeguards

  • Data sent to AI services is limited to what's needed for the requested function
  • Encrypted transmission (HTTPS/TLS)
  • No training of foundation models on client data without explicit client consent
  • Configurable retention/deletion consistent with client instructions and applicable law

6) Legal Bases (where applicable)

We process personal information based on:

  • Contract (to provide the service to clients and their users)
  • Legitimate interests (service security, quality, analytics for improvement)
  • Consent where required (e.g., certain communications or processing requested by the client)

7) Children & Student Data

Chatac can serve K–12 and youth programs through schools/NGOs. Where learners are under the age of consent in their jurisdiction, organizations are responsible for obtaining the appropriate consents/authorizations and for configuring what learner data is provided to Chatac. We process such data strictly as a processor on the organization's instructions.

8) Data Sharing & Processors

We do not sell personal data. We share information only with:

  • Service providers/Processors that support our platform (e.g., hosting, storage, AI processing, payments, email). These include enterprise infrastructure such as Heroku (Salesforce) for hosting and AWS S3 for file storage, and enterprise-grade Google AI services for content processing.
  • Your organization (client admins/instructors) to operate the platform you use.
  • Legal/Compliance when required by law or to protect rights, safety, and security.

All third parties are bound by contractual obligations (including confidentiality and security) and receive only the minimum data necessary.

9) Security

  • Industry-standard encryption for data in transit (HTTPS/TLS)
  • Encrypted password storage (bcrypt)
  • Role-based access controls; least-privilege administration
  • Hosting on enterprise-grade infrastructure (e.g., Heroku/Salesforce with SOC 2/ISO 27001-compliant environment; AWS S3 encrypted storage)
  • Limited production access for authorized personnel only
  • Temporary security tokens with automatic expiration

10) International Transfers

Where data is transferred across borders, we use appropriate safeguards (e.g., standard contractual clauses or equivalent mechanisms) consistent with applicable law and client requirements.

11) Data Retention & Deletion

We retain personal information only as long as necessary to provide the service and meet legal/contractual obligations. Organizations may request export or deletion of their data; individuals can request deletion through their organization or by contacting us (see §15). Temporary tokens and reset links expire automatically.

12) Cookies & Tracking

We do not use cookies or similar technologies for advertising or cross-site tracking. Any strictly necessary cookies (if used) are only for secure login/session management.

13) Changes to This Policy

We may update this Policy to reflect operational or legal changes. We will post the updated Policy with a new effective date and, where legally required, notify you.

14) Contact Us

For questions or requests about this Policy or your data:

Email: privacy@chatac.ai

Chatac PBC