Legal Center

Legal Documents

Legal Questions?

Support Team:
support@chatandguide.com

For:
All legal, privacy, and compliance inquiries

Response Time:
Within 3 business days

Legal

Privacy Policy

Last updated: January 2025

Quick Navigation

What We CollectHow We Use DataLegal BasisYour RightsData SharingData RetentionSecurityContact Us
Data Controller Information

Data Controller

Chat&Guide Ltd
Registration Number: [Company Number]
London, United Kingdom

Data Protection Officer

Email: privacy@chatandguide.com
Response Time: Within 72 hours
Available: Monday-Friday, 9AM-5PM GMT

Information We Collect

Personal Information

  • Account Data: Name, email address, company name, profile information
  • Billing Information: Payment details, billing address, subscription data
  • Communication Records: Support tickets, feedback, email correspondence

Technical Information

  • Device Information: Browser type, operating system, device identifiers
  • Connection Data: IP address, location data (country/city level)
  • Usage Analytics: Page views, feature usage, performance metrics

Service Data

  • Chatbot Configurations: Bot settings, training data, customizations
  • Conversation Data: Chat messages, visitor information, interaction logs
  • Training Materials: Website content, uploaded documents, FAQ data
Legal Basis for Processing (GDPR Article 6)

Contract Performance (Article 6(1)(b))

Processing necessary for contract performance

  • • Account creation and management
  • • Service delivery and support
  • • Billing and payment processing

Legitimate Interest (Article 6(1)(f))

Processing for legitimate business interests

  • • Security monitoring and fraud prevention
  • • Service improvement and optimization
  • • Business analytics and reporting

Consent (Article 6(1)(a))

Processing based on your explicit consent

  • • Marketing communications
  • • Optional analytics and tracking
  • • AI training data usage

Legal Obligation (Article 6(1)(c))

Processing required by law

  • • Tax and accounting records
  • • Anti-money laundering checks
  • • Regulatory compliance reporting
How We Use Your Information

Core Service Provision

Contract
  • Creating and managing your account
  • Providing chatbot functionality
  • Processing and storing conversations
  • Delivering customer support

Service Improvement

Legitimate Interest
  • Analyzing usage patterns and performance
  • Developing new features and improvements
  • Maintaining and optimizing our infrastructure
  • Conducting research and development

Communication

Contract / Consent
  • Sending important account notifications
  • Providing customer support responses
  • Sharing product updates (with consent)
  • Marketing communications (with consent)

Security & Compliance

Legitimate Interest / Legal Obligation
  • Preventing fraud and abuse
  • Maintaining platform security
  • Complying with legal requirements
  • Protecting user rights and safety
Your Data Protection Rights

Right of Access (Article 15)

Request a copy of all personal data we hold about you

Response: Within 30 days

Right to Rectification (Article 16)

Request correction of inaccurate or incomplete data

Response: Within 30 days

Right to Erasure (Article 17)

Request deletion of your personal data (Right to be forgotten)

Response: Within 30 days

Right to Restrict Processing (Article 18)

Limit how we process your data while maintaining storage

Response: Immediately

Right to Data Portability (Article 20)

Receive your data in a structured, machine-readable format

Response: Within 30 days

Right to Object (Article 21)

Object to processing based on legitimate interests

Response: Immediately
Data Sharing and Third Parties

Service Providers (Data Processors)

Cloud Infrastructure

Data storage and hosting

ISO 27001, SOC 2
Payment Processors

Billing and subscription management

PCI DSS compliant
Email Services

Transactional and marketing emails

GDPR compliant
Analytics Providers

Usage analytics (anonymized)

Data minimization
Customer Support

Help desk and live chat

Encrypted communications
Security Services

Fraud prevention and monitoring

Privacy by design

International Transfers

Some of our service providers are located outside the European Economic Area (EEA). We ensure adequate protection through:

  • Adequacy Decisions: Transfers to countries with adequate protection
  • Standard Contractual Clauses: EU-approved contract terms
  • Certification Schemes: Privacy Shield successors and equivalents
  • Binding Corporate Rules: For multinational service providers
Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy. Retention periods are based on legal requirements and business needs:

Account Data
2 years after account closure

Contract completion

Billing Records
7 years

Legal obligation (tax law)

Conversation Data
1 year from creation

Service improvement

Usage Analytics
2 years

Performance monitoring

Support Communications
3 years

Quality assurance

Security Logs
1 year

Incident investigation

Security Measures

Technical Safeguards

  • • End-to-end encryption in transit (TLS 1.3)
  • • AES-256 encryption at rest
  • • Multi-factor authentication
  • • Regular security audits and penetration testing
  • • Automated vulnerability scanning
  • • Secure development practices (SDLC)

Organizational Measures

  • • Role-based access control
  • • Regular security training for staff
  • • Data breach response procedures
  • • Third-party security assessments
  • • Privacy impact assessments
  • • Incident response and monitoring

Certifications and Compliance

SOC 2 Type II
ISO 27001
GDPR Compliant
PCI DSS (via processors)
Children's Privacy (COPPA Compliance)

Age Verification

We implement age verification measures during account registration to prevent minors from creating accounts without proper consent.

Parental Rights

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. We will:

  • • Delete the child's information within 30 days
  • • Provide confirmation of deletion
  • • Implement additional safeguards to prevent recurrence

Educational Use

For educational institutions wishing to use our service with students under 18, we offer special compliance packages that include parental consent management and enhanced privacy controls.

Contact Us

Data Protection Officer

Email: privacy@chatandguide.com

Response Time: Within 72 hours

Available: Monday-Friday, 9AM-5PM GMT

Languages: English, Spanish, French, German

Legal Department

Address:

Chat&Guide Ltd
Legal Department
[Address Line 1]
London, [Postcode]
United Kingdom

Legal Inquiries: legal@chatandguide.com

Supervisory Authority

You have the right to lodge a complaint with your local supervisory authority if you believe we have not adequately addressed your privacy concerns:

UK: Information Commissioner's Office (ICO)
Website: ico.org.uk
Phone: 0303 123 1113

EU: Find your local authority at edpb.europa.eu

Policy Updates

Notification of Changes

We will notify you of any material changes to this Privacy Policy by:

  • • Email notification to registered users
  • • Prominent notice on our website
  • • In-app notifications for 30 days
  • • Updated "Last Modified" date

Version History

Version 2.0 - February 6, 2025Current

Major update: Added comprehensive GDPR compliance sections, data subject rights, and enhanced security information.

Version 1.0 - January 20, 2025Previous

Initial privacy policy with basic data collection and usage information.