Question 1

Is Chaberista a substitute for legal advice?

Accepted Answer

No. Chaberista is oversight software that helps you produce evidence and enforce policies. It is not a law firm and does not provide legal advice. Use the artifacts it generates with your own counsel.

Question 2

Are my client prompts and files ever used to train AI models?

Accepted Answer

Never. We do not train any model on customer data. Lovable AI Gateway calls used inside the product (e.g., Ask Logs) are similarly bound by no-training terms and run only against your already-redacted summary tables.

Question 3

What data is encrypted, and with what?

Accepted Answer

Query bodies and sensitive payloads are encrypted at rest with per-workspace keys; transport is TLS 1.2+. PII tokens are stripped from the searchable index before encryption. Customer-managed keys (CMK) are available on Enterprise.

Question 4

How long are logs retained?

Accepted Answer

Default retention is 365 days on the Standard plan; Free Trial workspaces retain for the duration of the trial. Enterprise can be configured up to 7 years to satisfy SOX, FINRA, and HIPAA retention windows. Retention terms are codified in §3.1 of the Terms at /terms.

Question 5

How are plan quotas enforced in the product?

Accepted Answer

Quotas are enforced server-side at every ingest and AI call. Event ingest (Perplexity webhook, Claude sync/import, and the test path) gates on event and storage capacity before writing and bumps usage on success — over-quota requests return HTTP 429 and are recorded in the audit log. Ask-Logs queries gate on AI capacity and only increment usage when the answer is delivered. Connecting a new source (Claude, Perplexity, etc.) checks source capacity before flipping the source to 'connected'. The exact per-plan limits — 1 source / 50K events / 10 queries / 5 GB on Free Trial; 3 sources / 500K events / 50 queries / 100 GB per seat on Standard; negotiated on Enterprise — are listed in §3.1 of the Terms.

Question 6

Who processes my payment, and what card data do you store?

Accepted Answer

Subscriptions are processed by Stripe, Inc. (PCI-DSS Level 1). Stripe acts as an independent controller for payment-method, billing-address, and transaction data under its own privacy policy (stripe.com/privacy). We never receive or store full card numbers — only tokenized customer and subscription identifiers used for invoicing and reconciliation. This is disclosed in §3.3a of the Terms, in the sub-processor list at /privacy, and in Annex III of the DPA at /dpa.

Question 7

What changed recently in the Terms, Privacy Policy, and DPA?

Accepted Answer

Three updates (effective May 8, 2026): (1) Terms §3.1 now spells out Free Trial / Standard ($500/seat/month) / Enterprise plans with explicit quotas and 365-day retention; (2) Terms §3.3a and the Privacy Policy sub-processor list now name Stripe as the payment processor and clarify that we do not store card numbers; (3) DPA Annex III replaces the generic 'PCI-DSS-certified processor' line with a Stripe-specific entry covering tokenization and Stripe's controller role for payment data.

Question 8

Can a lawyer use Chaberista to satisfy ABA Formal Opinion 512?

Accepted Answer

Op. 512 requires competence, confidentiality safeguards, supervision, communication with clients, and reasonable fees. Chaberista provides the supervision record (event stream), the safeguards (encryption, tier policy, approval chains), and the evidence of client consent (approval workflows with notes). Your firm still owns the underlying policy and client communication.

Question 9

Does this replace my SIEM (Splunk, Datadog, Sentinel)?

Accepted Answer

No — it complements them. Chaberista is the AI-specific oversight layer; it forwards enriched, classified events to your SIEM via webhook. Generic SIEMs do not parse model usage, token cost, or AI-specific risk labels.

Question 10

Can I export everything for an audit?

Accepted Answer

Yes. Events, approvals, attestations, incidents, and framework status all export to CSV/JSON. The Trust Center and DPA are publishable URLs auditors can reference directly.

Question 11

How do you handle EU data residency?

Accepted Answer

EU workspaces can be pinned to EU storage on the Enterprise plan. Sub-processor list and transfer mechanisms (SCCs) are documented in the DPA at /dpa.

Question 12

What if an employee uses a personal ChatGPT account from a personal device?

Accepted Answer

Source-side connectors catch managed accounts. For unmanaged use, combine the AUP attestation (so it's a documented violation) with browser/DLP integration via webhook to flag traffic to api.openai.com from corporate networks.

Question 13

How does pricing work?

Accepted Answer

Free Trial is no-card with reduced quotas (1 source, 50K events/month, 10 Ask-Logs queries/day, 5 GB storage). Standard is $500/seat/month, billed monthly via Stripe, with 3 connected sources, 500K events / seat / month, 100 GB storage / seat, 50 Ask-Logs queries / seat / day, and 365-day log retention. Enterprise (annual order form) adds SSO/SAML, customer-managed keys, EU residency, custom retention, BAA, and a 30-day non-renewal notice. Full terms are in §3.1–§3.3a at /terms; current quotas are enforced live in the product.

Question 14

Where is the in-product support / help desk?

Accepted Answer

Logged-in customers see a Support button in the app header that opens a threaded ticket portal at /app/support, plus the full Module Guide and feature comparison. This page is the public-facing version.

Help, answers, and who this is built for.

Why this matters, by audience

For Lawyers & Law Firms

For Enterprises & Boards

For Anyone Handling PII / PHI / PCI

Features & compliance mapping moved to its own page.

Frequently asked questions

In-app Module Guide

Open a support ticket

Enterprise & legal review