Privacy Policy

ChatPacket ("we", "our", "us") operates a live chat platform for businesses. This Privacy Policy explains how we collect, use, store, and protect information when you use our website and service.

This policy applies to two groups of people: customers (businesses and their agents who use the ChatPacket dashboard) and end users (website visitors who interact with the ChatPacket widget on a customer's site).

From Customers (Agents)

• Account information: name, email address, and organization name provided during registration
• Authentication data: hashed passwords and session tokens
• Billing information: payment details processed through our third-party payment provider (Stripe) — we do not store full credit card numbers
• Usage data: feature usage, login history, and dashboard activity
• Content you create: help articles, canned responses, and conversation messages

From End Users (Visitors)

• Conversation content: messages exchanged through the chat widget
• Contact information: name and email if voluntarily provided in the chat
• Technical data: IP address, browser type, operating system, referring URL, and pages visited
• Session data: timestamps, page views, and visit duration for analytics purposes

We use collected information to:

• Provide, operate, and maintain the Service
• Process transactions and send billing-related communications
• Generate analytics and reports for our customers about their visitor traffic
• Power AI features such as reply suggestions and article generation
• Send service-related notifications (account verification, password resets, security alerts)
• Monitor for abuse, fraud, and Terms of Service violations
• Improve the Service based on aggregated, anonymized usage patterns

We do not sell personal information to third parties. We do not use your data or your visitors' data for advertising.

ChatPacket uses third-party AI models (such as OpenAI) to power features like reply suggestions and help article generation. When these features are used, relevant conversation content is sent to the AI provider for processing.

• AI processing occurs only when an agent actively requests a suggestion — it is not automatic
• We send the minimum context necessary to generate useful suggestions
• Our AI providers are contractually prohibited from using your data to train their models
• AI suggestions are never sent to visitors without agent review and approval

We share information only in the following circumstances:

• Service providers: We use third-party services for hosting (cloud infrastructure), payment processing (Stripe), and AI processing (OpenAI). These providers access data only as needed to perform their services and are bound by data protection agreements.
• Legal requirements: We may disclose information if required by law, regulation, legal process, or government request.
• Business transfers: In the event of a merger, acquisition, or sale of assets, customer data may be transferred as part of the transaction. We will notify affected customers before any such transfer.
• With customer consent: We may share data in other ways if you have given us explicit consent to do so.

• Active accounts: We retain your data for as long as your account is active and as needed to provide the Service.
• After account termination: Customer Data is retained for 30 days to allow for export, then permanently deleted.
• Visitor session data: Analytics data (page views, session durations) is retained for 12 months, then automatically purged.
• Backups: Encrypted database backups may retain data for up to 90 days after deletion from the live system.

We implement technical and organizational measures to protect your data, including:

• Encryption in transit (TLS) and at rest for stored data
• Password hashing using industry-standard algorithms
• Role-based access controls and multi-tenant data isolation
• Regular security reviews and dependency updates

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

The ChatPacket dashboard uses session cookies for authentication. The embeddable chat widget uses a session identifier to maintain conversation continuity across page navigations.

We do not use third-party tracking cookies or advertising pixels. We do not participate in cross-site tracking or ad networks.

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Export your data in a portable format
• Object to or restrict certain processing of your data
• Withdraw consent where processing is based on consent

To exercise any of these rights, contact us at privacy@chatpacket.com. We will respond within 30 days.

ChatPacket processes data in the United States. If you are located outside the United States, your data will be transferred to and processed in the United States. By using the Service, you consent to this transfer. We ensure appropriate safeguards are in place for international transfers in compliance with applicable data protection laws.

ChatPacket is a business-to-business service and is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 16, we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify customers of material changes by email or through the Service at least 14 days before the changes take effect. The "Last updated" date at the top of this page indicates when the policy was last revised.

If you have questions or concerns about this Privacy Policy or our data practices, contact us at: