Privacy Policy

Last updated: May 2026

1. Overview

ChatKit ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use our AI chat service.

2. Data We Collect

  • Account information: Email address and display name provided during sign-up.
  • Chat messages: The text you send and the AI responses you receive.
  • Usage data: Token counts, model usage, message frequency, and timestamps.
  • Device data: Browser type, IP address (for rate limiting and security).

3. How We Use Your Data

  • To provide and improve the AI chat service.
  • To enforce rate limits and prevent abuse.
  • To calculate billing and usage quotas.
  • To communicate important service updates.

4. Message Encryption & Security

🔒 Your messages are encrypted at rest.

All chat messages are encrypted using AES-256-GCM before being stored in our database. This means:

  • Even if our database is compromised, your messages remain unreadable without the encryption key.
  • The encryption key never touches the database — it is stored separately in a secure environment.
  • Each message uses a unique random initialization vector (IV), making identical messages produce different ciphertext.

5. Admin Access Policy

ChatKit administrators cannot read the content of your messages. Admin access is limited to:

  • Account metadata (email, plan type, role, registration date).
  • Usage statistics (message counts, token usage, model used).
  • Conversation titles (auto-generated from your first message).

We do not access, read, or moderate individual message content.

6. Third-Party Services

ChatKit uses the following third-party services:

  • Supabase — Database, authentication, and storage (encrypted at rest and in transit).
  • AI Provider — Messages are sent to our AI provider to generate responses. The provider's own privacy policy applies to data they process.
  • Vercel — Application hosting (SSL/TLS encrypted).

7. Data Retention

  • Your messages are stored until you delete your conversations or account.
  • Usage data is retained for billing and analytics purposes.
  • You can request full data deletion by contacting us.

8. Your Rights

You have the right to:

  • Access all data we hold about you.
  • Delete your account and all associated data.
  • Export your data in a machine-readable format.
  • Object to processing of your personal data.

9. Cookies

ChatKit uses essential cookies for authentication and session management. We do not use tracking cookies or third-party analytics cookies.

10. Contact

For privacy-related questions or data requests, please contact us at the email address provided during purchase.

Terms of Service →