Last updated: March 20, 2025

Introduction

Chatica (“we”, “us”, or “our”) is a trading name of Phoenix Digital Limited, a company incorporated in Hong Kong. We are committed to protecting your privacy. This Privacy Policy outlines how we collect, use, store, and protect your personal information when you access our website, services, or products.

By using our services, you agree to the collection and use of information in accordance with this policy. If you do not agree with our practices, please discontinue using our services.

1. Data Collection

We collect personal information directly from you, automatically as you use our services, and through third-party services, including Stripe for payment processing. The types of data we collect include:

• Personal Information: Name, email address, contact information, and payment details.

• Technical Information: IP address, browser type, operating system, device information.

• Usage Data: Interaction logs, pages visited, and features used.

• Cookies and Tracking Data: Cookies and similar tracking technologies to enhance your experience.

2. Lawful Basis for Processing Data (GDPR)

We process personal data on the following lawful bases:

• Consent: When you have given us explicit permission to process your data for specific purposes.

• Contractual Obligation: When data processing is necessary to fulfill a contract with you.

• Legitimate Interests: When processing is required to achieve our legitimate business interests, as long as your rights do not override these interests.

3. Your Rights (GDPR, CCPA, CPRA)

You have the right to:

• Access Your Data: Request a copy of the information we hold about you.

• Rectify Your Data: Update or correct inaccuracies in your data.

• Delete Your Data: Request the deletion of your personal data.

• Restrict Processing: Limit the processing of your data in certain situations.

• Data Portability: Obtain a copy of your data in a structured, machine-readable format.

• Withdraw Consent: Revoke consent where it forms the basis of data processing.

• Opt-Out of Sale or Sharing of Personal Data (CCPA, CPRA): You can opt out of having your personal data sold or shared with third parties.

• Right to Non-Discrimination (CCPA, CPRA): Exercising your privacy rights will not result in discrimination, such as denial of services or increased charges.

To exercise your rights, please contact us at legal@chatica.io.

4. How We Use Your Data

We use your data for the following purposes:

• Service Delivery: To provide, maintain, and improve our services.

• Payment Processing: To process transactions securely via Stripe.

• Communication: To send notifications, updates, and customer support responses.

• Analytics and Improvements: To analyze usage patterns and optimize user experience.

• Compliance: To meet legal and regulatory requirements.

5. Third-Party Services

We integrate with third-party services to provide seamless functionality, including payment processing, analytics, infrastructure, and AI services.

• Stripe: We use Stripe for secure payment processing. Stripe collects personal data such as your payment details and uses this information to process payments and detect fraudulent transactions.

• Google Analytics: We use Google Analytics to track and analyze user interactions on our website. This helps us understand user behavior and improve our services. Google Analytics may collect information such as your IP address, browser type, and pages visited.

• DigitalOcean: Our services are hosted on DigitalOcean infrastructure. While DigitalOcean does not directly access your personal data, it provides the cloud environment and security backbone that powers our platform.

• AI Providers (OpenAI, Anthropic, xAI): To deliver intelligent responses and assistant capabilities, we route user queries through trusted AI providers including OpenAI (ChatGPT), Anthropic (Claude), and xAI (Grok). While we strive to minimize personal data in such queries, any data transmitted is subject to the respective provider’s data use policies.

We ensure that these services comply with applicable privacy regulations, including mechanisms for international data transfers such as Standard Contractual Clauses.

6. Data Security

We implement robust security measures to protect your personal data from unauthorized access, alteration, or disclosure. All sensitive data is encrypted both in transit and at rest.

In the event of a data breach, we will promptly notify affected users and the relevant data protection authorities as required by GDPR and CCPA.

7. Data Retention and Deletion

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. When data is no longer needed, we securely delete or anonymize it.

Generally, account and billing-related data will be retained for up to 7 years, unless a longer retention period is required for legal, accounting, or reporting purposes. Analytics and log data may be retained for a shorter period.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience and analyze website traffic. Where required by law, we use a cookie consent banner to request your consent before placing non-essential cookies.

You can manage cookie preferences through your browser settings. Disabling cookies may impact your ability to use certain features.

9. Children’s Data

Our services are not intended for children under the age of 16, and we do not knowingly collect personal data from individuals under this age. However, because our AI assistant may be embedded on third-party websites, we cannot control the end-users who interact with the assistant. If we become aware that personal data from individuals under 16 has been collected, we will take appropriate steps to delete such data.

10. International Data Transfers

Your information may be transferred to and maintained on servers located outside of your jurisdiction. When we transfer personal data outside of the EEA, UK, or other regions with comprehensive data protection laws, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses.

By using our services, you consent to such transfers.

11. Data Protection Officer (DPO)

If required by law, we have appointed a Data Protection Officer (DPO) responsible for overseeing compliance with GDPR and data protection laws. You can contact the DPO at legal@chatica.io.

12. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. Any changes will be posted on this page, and we will notify you of significant changes via email or through our services. Your continued use of our services after changes are posted signifies your acceptance of the updated policy.

13. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us:

Email: legal@chatica.io

Website: chatica.io