Privacy Policy

Updated on: June 4th, 2024

1. Preamble

Before utilizing our offerings including the Website, Widget, and API, collectively termed the “Service”, familiarize yourself with this Privacy Statement. It dictates our data collection, usage, and sharing practices. Use of our Service indicates acceptance of these terms and the overarching Terms of Service available at https://www.chatlab.com/terms. At CHATLAB Sp. z o.o. (“Company”), we value your privacy and use your data to enhance our Service. Engaging with our Service signifies consent to this Privacy Policy.


2. Glossary

  • Cookies: Tiny files saved on your device.
  • Device: Refers to computers and mobile devices.
  • Data Controller: Entity deciding the purpose and method of processing personal data. In this context, we are the Data Controller.
  • Data Processors: Entities processing data on the Data Controller's behalf.
  • Data Subject: The individual whose personal data is being processed.
  • Personal Data: Information that can identify an individual.
  • Service: Our Website, Widget, and/or API.
  • Usage Data: Data generated from Service use or its infrastructure (e.g., page visitduration).
  • User: The individual using our Service, synonymous with Data Subject.
  • Website: Pages found at chatlab.com.
  • Widget: ChatLab's widget that can be integrated into a user's website.

3. Data Controller

Your Personal Data is managed by: CHATLAB Sp. z o.o. ul. Zamknieta 10/1.5 30-554 Krakow POLAND


4. Data Collection Purpose

We gather diverse data to enhance and personalize our Service for you.


5. Collected Data Types

Personal Data

When using our Service, we might request personally identifiable data, including but not limited to:

  • Email
  • Full name
  • Cookies and Usage Data

Usage Data

Information relayed by your browser when accessing our Service, such as:

  • IP address
  • Browser type and version
  • Visited Service pages
  • Visit date and time
  • Page visit duration
  • Device information, including type, ID, operating system, and browser

Tracking & Cookies

We utilize tracking tools like cookies to monitor Service activity. While you can refuse cookies, doing so may limit Service functionality. Our cookie categories include:

  • Session Cookies: For Service operation
  • Preference Cookies: For saving your preferences
  • Security Cookies: Enhancing security
  • Advertisement Cookies: Offering relevant advertisements


6. Data Usage

We use the gathered Personal Data for purposes like:

  • Service provision and maintenance
  • Notifying you of Service alterations
  • Facilitating interactive Service features
  • Customer support
  • Service improvement through analytics
  • Monitoring Service usage
  • Addressing technical issues
  • Fulfilling other provided purposes
  • Enforcing our rights and fulfilling obligations from contracts
  • Sending account or subscription notifications
  • Offering relevant news and promotions
  • Any other described purposes when collecting the data

7. Data Retention

We keep your Personal Data only as long as necessary, adhering to legal requirements and our policies. Usage Data is typically kept for shorter durations unless needed for improving Service security or functionality, or legal obligations mandate longer retention.


8. Data Transfer

  • Your data, including Personal Data and uploaded documents, might be transferred to and stored on servers located outside your region (e.g., AWS us-east-1). These servers adhere to stringent security standards.
  • Uploaded documents are stored securely using Pinecone, a managed vector database service. Pinecone provides encryption at rest using AES-256 encryption and managed keys through AWS Key Management Service (KMS).
  • Automated encryption ensures that all data stored in Pinecone is encrypted at rest without additional user configuration. Pinecone complies with security standards and regulations such as GDPR, CCPA, and HIPAA.

9. Data Disclosure And Intellectual Property

We do not share your uploaded documents with any third parties. Your documents are stored securely and used solely for the purpose of providing chatbot responses within the Service.

Uploaded documents remain the exclusive intellectual property of the user (e.g., VencerAutismo). These documents will never be used for any purposes other than supporting the chatbot responses for the intended project.


10. Data Confidentiality & Security

We prioritize your data's security, employing appropriate measures. However, no online data transmission or electronic storage method is completely secure.

  • We employ industry-standard encryption methods (such as HTTPS and SSL) to ensure the security and confidentiality of the documents you upload to our Service.
  • Access to uploaded documents is restricted to authorized personnel only, and we implement robust access control measures to prevent unauthorized access, use, or disclosure.
  • Regular security audits and monitoring are conducted to maintain the highest security standards.

11. GDPR Rights

For EU and EEA residents, the GDPR grants certain rights. You have rights like accessing, rectifying, erasing your Personal Data, and more. To exercise these rights, reach out tocontact@chatlab.com.


12. CalOPPA Rights

CalOPPA mandates certain privacy provisions. In line with CalOPPA, we:

  • Allow anonymous site visits
  • Clearly display our Privacy Statement
  • Notify users of any privacy updates
  • Allow users to change their data by contacting us

We respect 'Do Not Track' signals.


13. Service Providers

We employ third parties ('Service Providers') to facilitate our Service. They can access your Personal Data but are obligated not to disclose or misuse it.


14. Analytics

We engage third-party Service Providers, like Google Analytics, to analyze our Service usage. For Google's privacy practices, check Google Privacy and Google's Data Safeguarding.


15. Payments

We offer paid services within the Service, using third-party payment processors. We don’t save or collect payment details. Our payment processors, such as Stripe, adhere to PCI-DSS standards. Check Stripe’sPrivacy Policy.


16. External Links

Our Service may have links to third-party sites. We aren’t responsible for third-party content, policies, or practices.


17. Children's Privacy

Our Service isn't designed for those under 16. We take steps to remove any inadvertently collected data of those under 16.


18. Privacy Policy Updates

We might update our Privacy Statement. Review it periodically, and continued Service use post-update indicates agreement.


19. Contact

For any Privacy Statement queries, reach out at contact@chatlab.com.


20. Privacy Addendums

We have additional privacy provisions for Canada, Mexico, Japan, and the Republic of fire. These cater to specific regional laws and clarify our practices in those regions.


Privacy Addendums

For Canada:

Personal Data stored or processed by our affiliates or third-party service providers outside Canada might be accessible to foreign courts or government authorities under their lawful access requests. We won't share your information for marketing without your consent. For more on our privacy practices or to correct inaccuracies in your data, contact the details provided in the 'Contact' section.


For Mexico:

If Mexican privacy laws apply, note the following:

  • We use your Personal Data for primary and secondary purposes as detailed in the main policy. Consent can be withdrawn, affecting service provision.
  • Data sharing with affiliates or third parties is based on your consent, which can be withdrawn.
  • For access, correction, cancellation, or objection requests regarding your Personal Data, contact us using the details in the 'Contact' section.

For Japan:

In compliance with Japanese regulations, including the Act on the Protection of Personal Information, we ensure the secure handling of your data. Your information won't be shared for marketing without prior consent.


For Republic of Korea:

Adhering to relevant laws, Personal Data is securely discarded when:

  • Consent is revoked
  • Data collection and use objectives are achieved
  • Legal data retention periods expire
  • Data requiring legal preservation is moved to a separate database before deletion. We won't share your Personal Data unlawfully (e.g., without required consent). For services in the Republic of Korea, the Company or our affiliates manage Personal Data.