Privacy Policy

Privacy Policy for ChatPNT

Last Updated: [05/07/2025]

1. Introduction Welcome to ChatPNT. The ChatPNT Team ("we," "us," or "our") is committed to protecting your privacy and handling your personal data in a transparent and secure manner. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our ChatPNT application, website, and services (collectively, the "Service").

Please read this Privacy Policy carefully. By accessing or using our Service, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.

Important Note on Service Usage and Data Sharing: ChatPNT is provided primarily for entertainment and general informational exchange. We strongly advise you not to share any personal, sensitive, or confidential information through the Service that you would not want to be processed or potentially seen by other users or third-party AI services. You are solely responsible for the content you transmit through the Service.

2. Information We Collect

We may collect personal information that you provide directly to us, information generated during your use of the Service, and information collected automatically.

a. Information You Provide to Us:

  • Account Information: When you register for an account, we collect your chosen username and your email address. Your password is an_hashed and not stored in plain text.
  • Profile Information (Optional): You may choose to provide an avatar for your profile.
  • Communications with Us: If you contact us directly (e.g., via email for support or inquiries at info@pntsoft.eu), we may receive additional information about you such as your name (if provided), email address, the contents of the message and/or attachments you may send us, and any other information you may choose to provide.

b. Information Generated or Provided During Your Use of the Service:

  • Chat Content: Text messages, and textual content extracted from files you choose to share and have analyzed by AI, are stored as part of your chat history. Chat history is encrypted in our database.
  • Uploaded Files: Files you upload to chats are stored on our cloud infrastructure (Google Cloud Platform). Metadata about these files (e.g., filename, size, uploader) is also stored.
  • Audio Recordings and Transcriptions: If you use the audio recording feature, the audio file is sent for transcription. The original audio recording is deleted immediately after successful transcription. The resulting transcription is stored as part of your chat history.
  • AI Agent Interactions: Content you provide when interacting with AI agents, including prompts and context derived from your chat.
  • Contacts and Invitations: If you use features to manage contacts or send invitations, relevant information to facilitate these features will be processed.

c. Information We Collect Automatically:

  • Log Data and Usage Information: When you access or use our Service, our servers automatically record information ("Log Data"), which may include: your IP address, browser type and settings, the date and time of your request, how you interacted with the Service, and device information. Server logs are retained for 12 months for security, debugging, and analytical purposes, after which they are permanently deleted.
  • Audit Logs: We maintain audit logs of certain actions performed within the Service (e.g., login attempts, account changes, administrative actions). These logs may include your user ID, username (at the time of action), IP address, the action performed, and a timestamp. Audit logs are retained for 12 months for security and compliance purposes, after which they are permanently deleted.
  • Cookies and Similar Technologies: We use only strictly necessary session cookies to keep you logged in and for the basic functioning of the Service (e.g., session management, CSRF protection). We do not use cookies for tracking, analytics (beyond server-side aggregated logs), or advertising purposes.
  • Push Notification Subscriptions: If you opt-in to receive push notifications, we store your push notification subscription information (provided by your browser and including an endpoint and authentication keys) to send you relevant notifications. This data is deleted when you revoke permission or delete your account.

3. How We Use Your Information

We use the information we collect for various purposes, based on appropriate legal grounds:

  • To provide, operate, and maintain our Service (Basis: Performance of a Contract).
  • To create and manage your account, and authenticate you as a user (Basis: Performance of a Contract).
  • To process and deliver your chat messages, files, and audio transcriptions (Basis: Performance of a Contract).
  • To enable and process your interactions with AI agents via third-party AI providers (Basis: Performance of a Contract, and your consent for specific actions like analyzing file content).
  • To send you transactional communications, such as account verification emails, password reset emails, and important Service-related notices (Basis: Performance of a Contract, Legitimate Interest).
  • To send you push notifications, if you have consented to receive them (Basis: Consent).
  • To respond to your comments, questions, and provide customer support (Basis: Legitimate Interest, Performance of a Contract).
  • To monitor and analyze trends, usage, and activities in connection with our Service for maintenance, security, and improvement (Basis: Legitimate Interest).
  • To maintain the security and integrity of our Service, including preventing fraud and abuse (Basis: Legitimate Interest, Legal Obligation).
  • To comply with legal obligations and enforce our Terms of Service (Basis: Legal Obligation, Performance of a Contract).

4. Legal Basis for Processing Personal Data (GDPR)

If you are located in the European Economic Area (EEA) or the UK, our legal basis for collecting and using the personal information described in Section 3 depends on the personal information concerned and the specific context in which we collect it. As outlined above, we primarily rely on:

  • The necessity of processing for the performance of our contract with you to provide the ChatPNT Service.
  • Our legitimate interests in operating, securing, and improving our Service, provided these are not overridden by your data protection interests or fundamental rights.
  • Your consent for specific processing activities (e.g., push notifications, analysis of file content by AI).
  • The necessity of processing for compliance with a legal obligation.

5. Sharing and Disclosure of Your Information

We do not sell your personal information. We may share or disclose your information in the following limited circumstances:

  • With Your Consent: For example, when you use features to share chat links with other individuals.
  • Service Providers (Data Processors): We engage third-party companies to facilitate our Service and perform services on our behalf. These include:
    • Cloud Hosting: Our Service infrastructure and data (including encrypted chat histories and uploaded files) are hosted on Google Cloud Platform (GCP).
    • Email Delivery: We may use an SMTP service for transactional emails. These service providers are contractually bound to process your data only on our behalf and for the purposes we specify.
  • Artificial Intelligence (AI) Service Providers: To provide AI-powered chat functionalities, ChatPNT utilizes services from OpenAI and Google Cloud AI (Gemini models). * Data Sent: As detailed in our Terms of Service, when you use AI features, relevant data (including message content, conversation history for context, system prompts, and, with your consent, extracted text from files) is sent to these providers to generate responses. * Provider Policies, Data Use, and Training: The ChatPNT Team relies on the data processing terms and privacy commitments of these AI providers. Based on their published API policies for the services we utilize (as of [Current Date]): * OpenAI: Data submitted via their standard API services is not used by OpenAI to train their general-purpose AI models by default. OpenAI states that they retain API data for a maximum of 30 days, primarily for abuse and misuse monitoring. For more details, please review OpenAI's API Data Usage Policies: https://trust.openai.com/?product=API * Google Cloud AI (Gemini API): Data submitted to Google Cloud AI services is treated as customer data. Google states that this data is not used to train their general-purpose models that serve other customers. For more details, please review Google Cloud's terms and AI/ML data usage policies: https://ai.google.dev/gemini-api/terms?hl=it and related Google Cloud data governance documentation. * Your Acknowledgment: By using AI-powered features in ChatPNT, you acknowledge that your data will be processed by these third-party AI providers to fulfill your requests, in accordance with their respective policies. The ChatPNT Team is not responsible for changes in the data handling practices of these AI providers.
  • Legal Requirements: We may disclose your information if required by law or in response to valid legal requests.
  • Protection of Rights: To protect the rights, property, or safety of The ChatPNT Team, our users, or others.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements, and to provide and improve the Service.

  • Account Information: Your account information (username, email, hashed password, profile details) is retained as long as your account is active. Upon account deletion, this information is permanently deleted from our active database.
  • Chat Messages and Uploaded Files:
    • Content within chats you own is retained until you delete the chat or your account (which deletes your owned chats).
    • Content (messages, files) you contributed to chats owned by other users will remain in those chats if you delete your account, but your direct association (e.g., uploader ID for files) will be disassociated (set to NULL where applicable), and your past messages will be displayed as from a "Deleted User".
    • Inactive Chats: Chats that have been inactive (no new messages from any participant) for more than 6 months may be automatically and permanently deleted from our systems without prior notice to enhance service sustainability.
  • Original Audio Recordings: Original audio files from the voice recording feature are deleted immediately after successful transcription.
  • Audit Logs & Server Logs: Retained for 12 months from the date of creation, after which they are permanently deleted.
  • Push Notification Subscriptions: Deleted when you disable push notifications or delete your account.

7. Data Security We implement appropriate technical and organizational measures to protect the security of your personal information, including HTTPS for data in transit, encryption of chat history at rest, and password hashing. However, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure.

8. International Data Transfers Your information, including personal data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction (e.g., the United States, where our AI and cloud providers may operate). We take steps to ensure that your data is treated securely and in accordance with this Privacy Policy, relying on appropriate safeguards such as Standard Contractual Clauses or Adequacy Decisions for such transfers.

9. Your Data Protection Rights (GDPR and others) Depending on your location and applicable law, you may have the following rights regarding your personal data:

  • Access: The right to request copies of your personal data.
  • Rectification: The right to request correction of inaccurate personal data or completion of incomplete data.
  • Erasure (Right to be Forgotten): You can delete your entire account and associated owned data through your profile settings within the Service. For other specific erasure requests under applicable law, please contact us.
  • Restrict Processing: The right to request the restriction of our processing of your personal data, under certain conditions.
  • Object to Processing: The right to object to our processing of your personal data (e.g., based on legitimate interests), under certain conditions.
  • Data Portability: The right to request that we transfer the data that we have collected on you to another organization, or directly to you, in a structured, commonly used, and machine-readable format, under certain conditions.
  • Withdraw Consent: Where we rely on your consent to process personal data, you have the right to withdraw that consent at any time.

To exercise any of these rights (other than account deletion which is available via your profile settings), please contact us at info@pntsoft.eu. We will respond to your request in accordance with applicable data protection laws. You also have the right to lodge a complaint with your local data protection supervisory authority.

10. Children's Privacy Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that a child has provided us with personal information without verification of parental consent, we will take steps to remove that information from our servers.

11. Changes to This Privacy Policy We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

12. Contact Us If you have any questions about this Privacy Policy or our data practices, please contact The ChatPNT Team at: info@pntsoft.eu