Privacy Policy

Last updated: December 25, 2025

ChatMAA is a product of Aitechma LLC, a Delaware company ("we", "us", or "our"). We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

1. Information We Collect

1.1 Information You Provide to Us

We collect information that you provide directly to us when you:

  • Create an Account: When you register for an account, we collect your email address, name, and any other information you choose to provide, such as your company name, job title, or phone number.
  • Use the Service: We collect information you provide when you create AI assistants, upload data sources, configure integrations, set up workspaces, and interact with the Service in any way.
  • Make Payments: When you purchase a subscription or make payments, we collect billing information, including credit card numbers, billing addresses, and payment history. Payment processing is handled by third-party payment processors, and we do not store complete credit card information on our servers.
  • Contact Us: When you contact us for support, submit feedback, or communicate with us in any way, we collect the information you provide, including your name, email address, phone number, and the content of your communications.
  • Participate in Surveys or Promotions: If you participate in surveys, contests, or promotions, we collect the information you provide in connection with such activities.
  • Subscribe to Newsletters: If you subscribe to our newsletters or marketing communications, we collect your email address and preferences.

1.2 Automatically Collected Information

When you access or use the Service, we automatically collect certain information about your device and usage patterns:

  • Device Information: We collect information about your device, including device type, operating system, browser type and version, device identifiers, and mobile network information.
  • Log Data: We collect log information when you use the Service, including your IP address, access times, pages viewed, links clicked, searches performed, and other actions taken on the Service.
  • Usage Data: We collect information about how you use the Service, including the features you access, the AI assistants you create, the data sources you upload, the messages sent and received, API calls made, and other usage statistics.
  • Location Information: We may collect approximate location information based on your IP address or device settings. We do not collect precise GPS location data without your explicit consent.
  • Cookies and Tracking Technologies: We use cookies, web beacons, pixel tags, and similar tracking technologies to collect information about your interactions with the Service. See Section 6 for more details.

1.3 Information from Third Parties

We may receive information about you from third parties, including:

  • Social Media Platforms: If you connect your account to social media platforms or sign in using social media credentials, we may receive information from those platforms, such as your profile information and friend lists.
  • Payment Processors: We receive payment and transaction information from payment processors when you make purchases.
  • Analytics Providers: We receive aggregated analytics data from third-party analytics providers to help us understand how the Service is used.
  • Service Providers: We may receive information from service providers who assist us in operating the Service, such as hosting providers, email service providers, and customer support platforms.
  • Public Sources: We may collect information about you from publicly available sources, such as public databases, social media profiles, and other public records.

1.4 Content and User-Generated Information

We collect all content you create, upload, post, transmit, or otherwise make available through the Service, including:

  • AI assistant configurations, prompts, and settings
  • Data sources, documents, files, and other content you upload
  • Messages, conversations, and interactions with AI assistants
  • API configurations, integrations, and custom actions
  • Workspace settings, user management, and organizational data
  • Feedback, reviews, ratings, and other user-generated content

2. How We Use Your Information

2.1 Service Provision

We use your information to provide, maintain, and improve the Service, including:

  • Creating and managing your account
  • Processing your transactions and managing your subscriptions
  • Providing customer support and responding to your inquiries
  • Operating, maintaining, and improving the Service functionality
  • Enabling AI assistant creation, configuration, and deployment
  • Processing and analyzing your content to provide Service features
  • Managing workspaces, users, and organizational settings
  • Facilitating communications between users and AI assistants
  • Providing API access and integration capabilities

2.2 Communication

We use your information to communicate with you about:

  • Service updates, new features, and important announcements
  • Account-related notifications, such as password resets and security alerts
  • Billing and payment information, including invoices and receipts
  • Support responses and technical assistance
  • Marketing communications, promotional offers, and newsletters (with your consent or as permitted by law)
  • Surveys, feedback requests, and research participation opportunities

2.3 Analytics and Improvement

We use your information to analyze and improve the Service, including:

  • Understanding how users interact with the Service
  • Identifying trends, usage patterns, and performance metrics
  • Conducting research and development to improve Service features
  • Training and improving AI models and algorithms
  • Debugging technical issues and optimizing Service performance
  • Developing new products, features, and services

2.4 Security and Fraud Prevention

We use your information to protect the Service and our users, including:

  • Detecting, preventing, and responding to security threats, fraud, and abuse
  • Verifying user identities and preventing unauthorized access
  • Monitoring for suspicious activities and policy violations
  • Enforcing our Terms of Service and other policies
  • Protecting the rights, property, and safety of ChatMAA, our users, and others

2.5 Legal Compliance

We use your information to comply with legal obligations, including:

  • Responding to legal requests, court orders, and government inquiries
  • Complying with applicable laws, regulations, and industry standards
  • Protecting our legal rights and interests
  • Resolving disputes and enforcing agreements

2.6 Business Operations

We use your information for business operations, including:

  • Managing our business operations and administrative functions
  • Conducting business analytics and reporting
  • Facilitating mergers, acquisitions, or other business transactions
  • Maintaining business records and documentation

3. How We Share Your Information

3.1 Service Providers

We share your information with third-party service providers who perform services on our behalf, including:

  • Cloud Hosting Providers: We use cloud hosting services to store and process your data. These providers have access to your data as necessary to provide hosting services.
  • Payment Processors: We share payment information with payment processors to process transactions and manage billing.
  • Email Service Providers: We share email addresses and communication preferences with email service providers to send transactional and marketing emails.
  • Analytics Providers: We share usage data with analytics providers to help us understand how the Service is used and improve our offerings.
  • Customer Support Platforms: We share account and support information with customer support platforms to provide assistance and manage support requests.
  • AI Service Providers: We share your content with third-party AI service providers to process and generate responses. This may include major AI model providers and specialized AI services.
  • Security and Fraud Prevention Services: We share information with security service providers to detect and prevent fraud, abuse, and security threats.
  • Content Delivery Networks: We share content with CDN providers to deliver content efficiently to users worldwide.

All service providers are contractually obligated to protect your information and use it only for the purposes we specify. They are not permitted to use your information for their own purposes or share it with third parties except as necessary to provide services to us.

3.2 Business Transfers

If we are involved in a merger, acquisition, asset sale, financing, or other business transaction, your information may be transferred to the acquiring entity or new owners. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

3.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities, including:

  • Court orders, subpoenas, warrants, or other legal processes
  • Government investigations and regulatory inquiries
  • Law enforcement requests
  • Legal proceedings and litigation
  • Compliance with applicable laws and regulations

3.4 Protection of Rights

We may disclose your information to protect our rights, property, or safety, or that of our users or others, including:

  • Enforcing our Terms of Service and other agreements
  • Preventing fraud, abuse, or illegal activities
  • Responding to security threats and breaches
  • Protecting intellectual property rights
  • Resolving disputes and legal claims

3.5 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so. For example, if you choose to integrate third-party services with your account, we may share relevant information with those services as necessary to provide the integration.

3.6 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you. This may include usage statistics, trends, and analytics that we use for business purposes, research, or to help third parties understand how the Service is used.

3.7 Public Information

Some information you provide may be publicly visible, such as:

  • Public AI assistants that you choose to make available to others
  • Public profiles, usernames, or display names
  • Public reviews, ratings, or feedback
  • Information you post in public forums or community areas

4. Data Security

4.1 Security Measures

We implement industry-standard technical and organizational security measures to protect your information against unauthorized access, alteration, disclosure, or destruction, including:

  • Encryption: We use encryption in transit (TLS/SSL) and at rest to protect your data. Sensitive information, such as passwords and payment information, is encrypted using industry-standard algorithms.
  • Access Controls: We implement strict access controls and authentication mechanisms to ensure that only authorized personnel can access your information. Access is granted on a need-to-know basis and is regularly reviewed.
  • Network Security: We use firewalls, intrusion detection systems, and other network security measures to protect against unauthorized access and attacks.
  • Regular Security Audits: We conduct regular security audits, vulnerability assessments, and penetration testing to identify and address security vulnerabilities.
  • Employee Training: We provide regular security training to our employees and contractors to ensure they understand and follow security best practices.
  • Incident Response: We have incident response procedures in place to quickly detect, respond to, and mitigate security incidents.
  • Data Backup and Recovery: We maintain regular backups of your data and have disaster recovery procedures in place to ensure business continuity.

4.2 Security Limitations

Despite our security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information. You acknowledge and agree that you provide information at your own risk.

You are responsible for maintaining the security of your account credentials, including your password and any authentication tokens. You should use a strong, unique password and enable two-factor authentication when available. You should not share your account credentials with anyone.

4.3 Security Breaches

In the event of a security breach that may affect your information, we will investigate the breach, take appropriate remedial action, and notify you and relevant authorities as required by applicable law. We will provide notice of the breach as soon as reasonably possible after we become aware of it, consistent with the legitimate needs of law enforcement and measures necessary to determine the scope of the breach and restore the integrity of our systems.

5. Data Retention

5.1 Retention Periods

We retain your information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. The retention period depends on:

  • The type of information and its sensitivity
  • The purpose for which the information was collected
  • Legal, regulatory, or contractual requirements
  • Business needs and operational requirements
  • Whether you have requested deletion of your information

5.2 Specific Retention Periods

Generally, we retain:

  • Account Information: Until you delete your account, plus a reasonable period thereafter for business and legal purposes (typically 30-90 days).
  • Content and User Data: Until you delete the content or your account, plus a reasonable period for backup and recovery purposes.
  • Payment Information: As required by law and payment processor requirements, typically 7 years for tax and accounting purposes.
  • Log Data and Analytics: Typically 12-24 months, unless required for security, legal, or business purposes.
  • Support Communications: Typically 3-5 years, or as required for business and legal purposes.

5.3 Deletion

When you delete your account or request deletion of your information, we will delete or anonymize your information in accordance with our data retention policies and applicable law. However, some information may be retained for longer periods for:

  • Legal, regulatory, or contractual compliance requirements
  • Dispute resolution and legal proceedings
  • Fraud prevention and security purposes
  • Backup and disaster recovery systems (which may retain data for extended periods)
  • Aggregated or anonymized data that cannot be used to identify you

6. Cookies and Tracking Technologies

6.1 Types of Cookies

We use various types of cookies and similar tracking technologies:

  • Essential Cookies: These cookies are necessary for the Service to function and cannot be switched off. They are usually set in response to actions you take, such as setting privacy preferences or logging in.
  • Performance Cookies: These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our Service. They help us understand how visitors interact with the Service.
  • Functionality Cookies: These cookies enable the Service to provide enhanced functionality and personalization. They may be set by us or by third-party providers whose services we have added to our pages.
  • Targeting/Advertising Cookies: These cookies may be set through our Service by our advertising partners. They may be used to build a profile of your interests and show you relevant advertisements on other sites.

6.2 Third-Party Tracking

We use third-party analytics and tracking services, such as Google Analytics, to help us understand how users interact with the Service. These services may use cookies, web beacons, and other tracking technologies to collect information about your use of the Service and other websites.

You can opt out of certain third-party tracking by adjusting your browser settings or using opt-out tools provided by the tracking services. However, opting out may affect the functionality of the Service.

6.3 Cookie Management

Most web browsers are set to accept cookies by default. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of the Service.

You can manage your cookie preferences through your browser settings. For more information about how to manage cookies, please visit the help pages of your browser or the websites of the cookie providers.

7. Your Privacy Rights

7.1 Access and Portability

You have the right to access the personal information we hold about you and to receive a copy of that information in a structured, commonly used, and machine-readable format. You can access much of your information through your account settings. For additional information, you can contact us using the information provided in Section 12.

7.2 Correction and Update

You have the right to correct inaccurate or incomplete personal information. You can update much of your information through your account settings. If you need to correct information that cannot be updated through your account, please contact us.

7.3 Deletion

You have the right to request deletion of your personal information. You can delete your account and associated data through your account settings, or you can contact us to request deletion. We will delete your information in accordance with our data retention policies and applicable law, subject to any legal or business requirements that may require us to retain certain information.

7.4 Objection and Restriction

You have the right to object to our processing of your personal information or to request that we restrict processing in certain circumstances. For example, you can opt out of marketing communications at any time by clicking the unsubscribe link in our emails or by contacting us.

7.5 Withdrawal of Consent

Where we rely on your consent to process your personal information, you have the right to withdraw your consent at any time. Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal.

7.6 Data Portability

You have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit that information to another service provider, where technically feasible.

7.7 Exercising Your Rights

To exercise any of these rights, please contact us using the information provided in Section 12. We will respond to your request within a reasonable timeframe, typically within 30 days, though this may be extended in complex cases. We may need to verify your identity before processing your request.

We may charge a reasonable fee for excessive or repetitive requests, or we may refuse to comply with requests that are clearly unfounded, excessive, or repetitive.

8. Children's Privacy

The Service is not intended for children under the age of 18 (or the age of majority in your jurisdiction, if higher). We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information as soon as possible.

If you are using the Service to create AI assistants that may interact with children, you are responsible for ensuring compliance with all applicable laws and regulations regarding children's privacy, including but not limited to the Children's Online Privacy Protection Act (COPPA) in the United States and similar laws in other jurisdictions.

9. International Data Transfers

Your information may be transferred to, and maintained on, computers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ from those in your jurisdiction. If you are located outside the United States and choose to provide information to us, please note that we transfer your information to the United States and process it there.

We take appropriate safeguards to ensure that your information receives an adequate level of protection in the jurisdictions in which we process it. These safeguards may include:

  • Standard contractual clauses approved by relevant data protection authorities
  • Certification schemes and codes of conduct
  • Binding corporate rules
  • Other legally recognized transfer mechanisms

By using the Service, you consent to the transfer of your information to the United States and other jurisdictions where we operate.

10. California Privacy Rights

If you are a California resident, you have certain rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to Know: You have the right to request that we disclose what personal information we collect, use, disclose, and sell.
  • Right to Delete: You have the right to request that we delete your personal information, subject to certain exceptions.
  • Right to Opt-Out: You have the right to opt-out of the sale of your personal information. We do not sell your personal information.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
  • Right to Correct: You have the right to request correction of inaccurate personal information.
  • Right to Limit Use of Sensitive Information: You have the right to limit our use of sensitive personal information.

To exercise your California privacy rights, please contact us using the information provided in Section 12. We will verify your identity before processing your request.

11. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have certain rights under the General Data Protection Regulation (GDPR) and similar data protection laws:

  • Right of Access: You have the right to obtain confirmation as to whether we process your personal data and to access that data.
  • Right to Rectification: You have the right to have inaccurate personal data corrected and incomplete data completed.
  • Right to Erasure ("Right to be Forgotten"): You have the right to request deletion of your personal data in certain circumstances.
  • Right to Restrict Processing: You have the right to request restriction of processing in certain circumstances.
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used format and to transmit it to another controller.
  • Right to Object: You have the right to object to processing of your personal data in certain circumstances, including for direct marketing purposes.
  • Rights Related to Automated Decision-Making: You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects.

Our legal basis for processing your personal data includes: (a) your consent; (b) performance of a contract; (c) compliance with legal obligations; (d) protection of vital interests; (e) performance of a task carried out in the public interest; and (f) legitimate interests.

If you have concerns about our data processing practices, you have the right to lodge a complaint with your local data protection authority.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

  • Posting the updated Privacy Policy on this page with a new "Last updated" date
  • Sending you an email notification to the email address associated with your account
  • Displaying a prominent notice on the Service
  • Other methods as required by applicable law

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree to the updated Privacy Policy, you must stop using the Service and delete your account.

We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your information.

13. Contact Us

ChatMAA is a product of Aitechma LLC, a Delaware company. If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

  • Company: Aitechma LLC
  • State of Incorporation: Delaware, United States
  • Email: privacy@chatmaa.com

For data protection inquiries, you can also contact our Data Protection Officer at dpo@chatmaa.com.

We will respond to your inquiry within a reasonable timeframe, typically within 30 days, though this may be extended in complex cases. We may need to verify your identity before responding to certain requests.