ChatPlot Privacy Policy

Last updated: February 25, 2026

Document version: 2026-02-25-r1

This Privacy Policy explains how ChatPlot (“ChatPlot,” “we,” “us,” or “our”) collects, uses, stores, shares, and protects personal information when you use the ChatPlot website and app (the “Service”).

This policy applies to the Service operated by ChatPlot L.L.C.. Contact: legal@chatplot.io / 1209 MOUNTAIN ROAD PL NE STE R, ALBUQUERQUE, BERNALILLO COUNTY, NM 87110 USA.

By accessing or using the Service, you acknowledge the collection and use of information as described in this Privacy Policy. We may present separate consent or acknowledgment prompts in some contexts, but this Privacy Policy also applies when you continue to use the Service without a new prompt, to the extent permitted by law.

1. Information We Collect

We may collect the following categories of information:

• Account information: Google account identifier, email address, display name, profile photo (if you sign in with Google), and related account/contact details you provide.
• Legal acceptance metadata: legal document version identifiers (for example, Terms/Privacy/EULA version), acceptance timestamps when captured, and related sign-in / last-seen timestamps used to administer legal notices and account records.
• User content: prompts, messages, diagrams, chart code, and other content you create, upload, or edit in the Service.
• Technical and usage data: device/browser details, IP address, timestamps, app interactions, error logs, and diagnostic events.
• Local storage/session data: settings and temporary state (for example, UI preferences and workspace session state).
• Support communications: messages you send to us, including support email requests.
• Communication preferences: marketing preferences, unsubscribe/opt-out status, and message delivery/engagement data (for example, opens/clicks) where used and permitted by law.
• Payment data (if you purchase a paid plan): billing and transaction metadata, subscription status, invoice/payment records, and payment processor identifiers via payment processors (for example, Stripe). We do not store full payment card numbers directly.

2. How We Use Information

• Provide and operate the Service (diagram generation, editing, storage, sharing, and account features).
• Authenticate users and secure accounts.
• Present legal notices and record / verify acceptance of our Terms, Privacy Policy, and EULA (including version and timestamp metadata where available).
• Process prompts and generate outputs using AI providers.
• Maintain, debug, monitor, and improve reliability and performance.
• Prevent abuse, fraud, and security incidents.
• Communicate with you about support, account activity, security, legal notices, billing, updates, policy changes, service announcements, newsletters, and promotional offers.
• Comply with legal obligations and enforce our terms.

By creating an account, using the Service, or providing contact information, you acknowledge that we may send service-related and account-related communications (including legal, security, billing, and operational notices) and, where permitted by applicable law, product updates, newsletters, and promotional communications. You can opt out of promotional or marketing emails using the unsubscribe link in the message or by contacting us, but we may still send non-promotional communications necessary to operate the Service, your account, or our legal and contractual relationship with you.

3. AI Processing (Including Cerebras and Other Providers)

To provide AI-powered features, we may send prompts, instructions, and related content (including diagram code and prior conversation context) to third-party AI model providers, including Cerebras where configured.

Important: Third-party AI providers may process data under their own terms and privacy practices. We recommend not submitting sensitive personal information, regulated data, or confidential information unless you have appropriate authorization and controls in place.

Based on our current understanding of Cerebras Cloud and vendor statements, Cerebras does not store, log, or reuse your prompts, data, models, or outputs for its own purposes, and your intellectual property remains yours. We rely on vendor documentation and contractual terms for these protections and may update this policy if those terms or product settings change.

4. Authentication, Hosting, and Infrastructure Providers

We use third-party providers to operate the Service, including Cerebras (AI inference/model processing), Google/Firebase (Google Sign-In, Firebase Authentication, Firestore, and Firebase Analytics), Stripe (billing and subscription payments), Railway (application hosting), and Namecheap (domain, DNS, and email services).

These providers may receive and process personal information as necessary to provide their services to us.

5. Legal Bases (If/Where Applicable)

Depending on your location, our legal bases for processing may include:

• Performing our contract with you (providing the Service).
• Your consent (where required).
• Legitimate interests (security, fraud prevention, product reliability and improvement).
• Compliance with legal obligations.

6. Sharing of Information

We may share information with:

• Service providers and subprocessors that help us operate the Service (hosting, auth, analytics, AI processing, support, monitoring).
• Legal or regulatory authorities when required by law or to protect rights, safety, and security.
• Parties involved in a merger, acquisition, financing, or asset sale (subject to appropriate confidentiality and notice where required).

We do not sell personal information in the ordinary meaning of “sell” unless explicitly stated here and required notices are provided.

7. Data Retention

We retain information for as long as needed to provide the Service, maintain security and legal compliance, and resolve disputes.

• Workspace content: retained until you delete it, your account is deleted, or we remove it under our policies.
• Recently Deleted items: currently intended to remain available for restoration for up to 30 days (subject to technical and legal requirements).
• Logs/diagnostics: we target a default retention period of up to 30 days for routine operational and debugging logs, with longer retention where reasonably necessary for security investigations, fraud prevention, legal compliance, or as constrained by third-party platform settings.

8. Security

We use reasonable administrative, technical, and organizational measures to protect information. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

9. Your Choices and Rights

Depending on your location, you may have rights to:

• Access, correct, or delete your personal information.
• Request a copy of your data (data portability).
• Object to or restrict certain processing.
• Withdraw consent (where processing is based on consent).
• Opt out of marketing or promotional communications (for example, via unsubscribe links), subject to our ability to continue sending non-promotional service, billing, legal, and security notices.
• Lodge a complaint with a regulator.

To exercise rights, contact legal@chatplot.io. We may need to verify your identity before fulfilling requests.

You can also opt out of promotional or mailing-list emails using the unsubscribe link in the email or by contacting team@chatplot.io. Unsubscribe requests do not apply to service, account, billing, security, support, or legal notices.

We intend to provide self-serve controls for deleting workspace content and account-related data where practical. Some deletions may be subject to short retention windows (for example, Recently Deleted recovery), technical backup cycles, and legal obligations.

10. Children’s Privacy

The Service is not intended for children under 16. We do not knowingly collect personal information from children under 16.

11. International Data Transfers

We and our service providers may process data in countries other than your own. Where required, we will use appropriate safeguards for cross-border transfers.

12. Cookies and Similar Technologies

We may use cookies, local storage, and similar technologies to remember settings, keep sessions working, and understand service usage. If you add analytics or advertising tools, update this section to identify them and explain your consent/opt-out controls.

13. Changes to This Policy

We may update this Privacy Policy from time to time by posting the updated version here and revising the “Last updated” date. Unless applicable law requires additional notice or consent, we are not obligated to provide separate, individualized, or advance notice of updates, and the updated Privacy Policy becomes effective when posted (or on any later effective date stated in the updated Privacy Policy).

Where applicable law requires additional notice or consent for a particular change, we will follow those requirements. Your continued access to or use of the Service after the effective date of an updated Privacy Policy means you acknowledge the updated policy, to the extent permitted by law.

14. Contact

Questions or privacy requests: legal@chatplot.io. General support and mailing-list unsubscribe help: team@chatplot.io. Mailing address: 1209 MOUNTAIN ROAD PL NE STE R, ALBUQUERQUE, BERNALILLO COUNTY, NM 87110 USA.