Legal

Privacy Policy

Last updated: May 8, 2026

This Privacy Policy explains how Chaber, LLC ("Chaberista," "we") collects, uses, shares, and protects information when you visit our website, create an account, or use the Chaberista platform (the "Service").

1. Roles

We act as a controller for personal data we collect about prospects, website visitors, and account users (e.g., names, emails, billing details). We act as a processor for personal data contained in Customer Data that you submit through the Service; that processing is governed by our Data Processing Addendum.

2. Information We Collect

2.1 Information you provide

  • Account info: name, work email, organization, role, password hash.
  • Billing info: company name, billing address, tax ID, payment method (handled by our PCI-DSS-certified payment processor; we do not store full card numbers).
  • Communications: messages you send to support, sales, or via in-product chat.

2.2 Information collected automatically

  • Device & usage: IP address, browser, OS, pages viewed, referring URL, timestamps, in-product clicks.
  • Cookies & similar technologies: see our Cookie Policy.
  • Telemetry: error logs and performance metrics to keep the Service reliable.

2.3 Customer Data

When you connect AI providers, we ingest event data (e.g., prompts, model identifiers, token counts, file metadata, user identifiers) per your configuration. We process Customer Data on your instructions only.

3. How We Use Information

  • Provide, maintain, secure, and improve the Service.
  • Authenticate users and enforce access controls.
  • Process billing and prevent fraud.
  • Send transactional messages (security alerts, billing, product updates).
  • With your consent or where permitted, send marketing about Chaberista.
  • Comply with legal obligations and enforce our Terms.

We do not sell personal information. We do not use Customer Data to train third-party AI models or our own foundation models.

4. Legal Bases (EU/UK/Swiss residents)

  • Contract — to provide the Service you signed up for.
  • Legitimate interests — security, fraud prevention, product improvement.
  • Consent — non-essential cookies and marketing emails.
  • Legal obligation — tax, accounting, lawful requests.

5. Sharing

  • Sub-processors — including Stripe, Inc. (United States) for payment processing and subscription billing, plus our cloud hosting, managed database/auth, email delivery, error monitoring, and analytics providers. Current list: chaberista.com/dpa#subprocessors.
  • Professional advisors — auditors, lawyers, accountants under confidentiality.
  • Compliance & safety — to comply with law, lawful requests, or to protect rights, property, or safety.
  • Business transfers — in connection with a merger, acquisition, or sale of assets, subject to confidentiality.

6. International Transfers

We may transfer personal data outside your country. For transfers from the EEA, UK, or Switzerland we rely on the European Commission's Standard Contractual Clauses and the UK Addendum, plus appropriate technical and organizational safeguards.

7. Retention

  • Account data: for the life of your account plus up to 12 months.
  • Billing records: 7 years (tax/accounting).
  • Customer Data: per your retention configuration in the product; default 12 months for events, configurable per data class.
  • Backups: encrypted backups are rotated within 35 days.

8. Security

  • Encryption in transit (TLS 1.2+) and at rest (AES-256-GCM).
  • Tenant isolation via row-level security.
  • SSO (SAML/OIDC) and SCIM provisioning available on Business and Enterprise plans.
  • Annual penetration tests; SOC 2 Type II program in progress.
  • Documented incident response — we will notify affected customers without undue delay and within any required statutory window.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

  • access, correct, delete, or port your personal data;
  • object to or restrict certain processing;
  • withdraw consent at any time;
  • lodge a complaint with a supervisory authority.

Submit requests to michael@chabercompliance.com. We will verify your identity and respond within statutory timelines (typically 30 days). California residents have rights under the CCPA/CPRA (right to know, delete, correct, limit use of sensitive PI, and to non-discrimination); we do not "sell" or "share" PI as those terms are defined under California law.

10. Children

The Service is not directed to children under 16, and we do not knowingly collect personal data from them.

11. Tracking & Do Not Track

We do not respond to browser DNT signals, but you can manage cookie preferences via the cookie banner or the "Cookie preferences" link in our footer.

12. Changes

We will post any updates here and update the "Last updated" date. Material changes will be notified to account users by email or in-product notice.

13. Contact

Chaber, LLC — michael@chabercompliance.com
EU/UK representative: available on request to michael@chabercompliance.com.