Privacy Policy

Last updated: November 2, 2025

Chatolia helps you create, manage, and embed AI agents (“chatbots”). This policy explains what data we collect, how we use and share it, and the choices you have. It applies to our website (chatolia.com), dashboard, public agent pages at /c/{publicId}, embed pages at /embed/{publicId}, and the chat widget.

Who We Are

“Chatolia”, “we”, or “us” refers to the Chatolia service and its operators. You can contact us at support@chatolia.com.

Information We Collect

We collect the minimum data needed to provide and secure the service. The specific data collected may depend on how you use Chatolia.

• Account and Authentication: email address, name and profile details from OAuth providers (e.g., Google, Apple) if used, hashed credentials for password sign‑ins, and a generated identifier for guest sessions.
• Billing: subscription and payment metadata via Stripe (customer, subscription, price IDs, status). We do not store full card numbers; Stripe processes payments on our behalf.
• Content You Provide: agent configurations (including names, prompts, settings), messages and attachments you or your end users send in chats, and training sources you add (e.g., links, text, files). Attachments may be stored via Vercel Blob to deliver uploads and retrieval features.
• Technical and Usage Data: IP address, country (from platform headers), user agent, referrer/origin, device and session identifiers, pages viewed, timestamps, plan usage (e.g., message credits), and model usage needed to enforce quotas and provide analytics within your plan.
• Security & Abuse Signals: policy enforcement events such as banned words/IP denials, rate‑limit hits, and optional embed token checks, logged per agent for auditability.

How We Use Information

• Provide and operate the service, including chat, uploads, and embeds.
• Route model requests via Vercel AI Gateway to model providers.
• Maintain reliability and security (e.g., rate limiting, abuse prevention).
• Measure plan usage and enforce limits (credits, agents, links, storage).
• Provide support and improve features (debugging, troubleshooting).
• Send essential service communications (billing, security, changes).

AI Models and Providers

When you or your end users chat with an agent, message content and relevant context are sent to third‑party AI model providers (e.g., OpenAI, Anthropic, Google, xAI) via the Vercel AI Gateway for processing and response generation. Provider terms apply to their handling of data. Chatolia does not use your chats or training data to train our own models. Model providers may retain data as described in their policies; review your provider choices and plan settings.

Cookies and Similar Technologies

• Essential cookies for authentication, session and CSRF protection, and remembering preferences.
• Embed/session identifiers for public agents and widgets to maintain conversation state and enforce security policies.

We do not use third‑party marketing trackers. Product analytics rely on platform logs and in‑product events needed to run the service.

Retention

• Chats and agent data are retained until you delete them or your account, unless required for security, billing, or legal obligations. Free‑plan agents may be deleted after 14 days of inactivity, per our pricing page.
• Durable streams use Redis coordination keys that expire after approximately 24 hours; streamed chunk data itself is not stored in Redis.
• Usage/billing records (e.g., credits consumed) may be retained to enforce plan limits and for auditability within a billing window.

How We Share Information

We share data with subprocessors only to provide the service:

• Hosting & runtime: Vercel (app hosting), Neon (Postgres database), Upstash (Redis for streaming coordination), Vercel Blob (file storage for uploads).
• Payments: Stripe (billing, subscriptions, invoices).
• AI models: model providers (e.g., OpenAI, Anthropic, Google, xAI) via the Vercel AI Gateway.
• Optional integrations you enable (e.g., speech providers) to support specific features.

We may also disclose information if required by law or to protect the rights, property, or safety of Chatolia, our users, or the public.

Your Choices and Rights

• Access, correct, or delete your account information and agents.
• Download or delete chats you control as an agent owner.
• Object to or restrict certain processing where applicable.
• For EEA/UK residents: you may request data access/erasure/portability.

To exercise rights, contact support@chatolia.com. If you embed agents on your site, you are the controller for your end users’ content; we act as your processor for that content.

Security

We use industry‑standard measures (encryption in transit, scoped access, and audit logs) and plan‑gated security controls (e.g., per‑ agent policies, rate limiting, optional CAPTCHA and origin restrictions). No system is perfectly secure; please use caution when sharing sensitive information with AI.

International Data Transfers

Our subprocessors may process data in multiple regions. When we transfer personal data internationally, we rely on appropriate safeguards consistent with applicable laws.

Children

Chatolia is not directed to children under 13 (or the age required by your jurisdiction). Do not use the service if you do not meet the age requirement.

Changes to This Policy

We may update this Privacy Policy to reflect changes to our service or legal requirements. We will post the new date above. If changes are material, we will provide additional notice where required.

Contact

Questions or requests? Contact support@chatolia.com.