Privacy Policy

1. Information We Collect

We collect only the information necessary to provide, maintain, and improve the Service.

1.1 Information You Provide Directly

• Account Information: Email address, display name, or other identifiers if you create or sign in to an account.
• User Content: Chat prompts, conversation history, uploaded files or images, and generated outputs (e.g., text or images) that you create through the Service.
• Payment Information: Subscription status and transaction identifiers received from Apple App Store, Google Play Store, or our web payment provider. We do not store full payment card details on our servers.
• Optional Information: Feedback, support messages, and any other information you voluntarily share with us.

1.2 Information Collected Automatically

• Device and Network Information: Device type, model, operating system, unique device identifiers (e.g., IDFA on iOS, Android Advertising ID), IP address, language, and time zone.
• Usage Data: Interactions with the app (e.g., features accessed, session duration), crash reports, performance metrics, and diagnostic logs.
• Analytics Data: Anonymized, aggregated data on user behavior used to improve the Service. This data is de-identified and cannot be linked to individuals.

1.3 Information from Third-Party AI Providers

To deliver AI-powered features, we integrate with official APIs from third-party providers. Your inputs (e.g., prompts, images) may be transmitted securely to these providers for processing:

• OpenAI: ChatGPT models, including GPT-5.2, GPT-5, GPT-4o and related variants for multimodal chat and generation.
• Google: Gemini models for chat and reasoning tasks.
• Anthropic: Claude models for advanced conversational AI.
• DeepSeek: DeepSeek models for technical and context-aware responses.

These providers process data solely to fulfill your requests and in accordance with their own privacy policies. We integrate only through official APIs and do not access, store, or use data beyond what is necessary to deliver the Service.

2. How We Use Your Information

We use collected information for legitimate business purposes, including:

• Providing and personalizing the Service, such as generating AI responses, creating images, and maintaining conversation continuity.
• Processing purchases and managing subscriptions (in cooperation with Apple, Google, or our web payment provider).
• Improving app functionality, debugging issues, and analyzing usage trends through anonymized analytics.
• Sending service-related communications (e.g., updates, security alerts) and, with your consent, optional promotional content.
• Detecting and preventing fraud, abuse, or violations of our Terms of Use.
• Complying with legal obligations, responding to regulatory requests, or enforcing our policies.
• Aggregating data for research and development to enhance AI capabilities, without identifying individuals.

We process data based on your consent, contractual necessity, legitimate interests (e.g., service improvement), or legal requirements.

3. Sharing and Disclosure of Information

We do not sell, rent, or trade your personal information. Disclosures are limited to:

• Service Providers: Trusted vendors (e.g., cloud hosting, analytics, crash reporting) under strict confidentiality agreements ensuring data protection at least as stringent as ours.
• Third-Party AI Providers: Inputs are shared only to process requests, as described above.
• App Stores and Payment Processors: Apple, Google, and our web payment provider receive only the information necessary to complete transactions and manage subscriptions.
• Business Transfers: In mergers, acquisitions, or asset sales, data may be transferred with equivalent privacy protections.
• Legal and Safety Reasons: To comply with laws, court orders, or government requests; to protect rights, property, or safety; or to investigate illegal activity.
• Aggregated or De-Identified Data: Shared for analytics or research, ensuring it cannot be re-identified.

No sharing occurs with advertisers or unrelated third parties.

4. Data Retention and Deletion

We minimize data retention and avoid storing unnecessary personal information on our servers.

• Chat History: Stored locally on your device. You may delete chat history at any time via the app settings or by uninstalling the app.
• Uploaded or Generated Images: If you upload or generate an image, it is processed transiently and removed from our processing systems shortly afterwards. We do not retain user-uploaded content beyond what is required to complete your request.
• Analytics and Device Data: Anonymized crash reports and performance metrics may be retained for up to 12 months to improve stability and performance.
• Account & Subscription Data: Retained for as long as your account is active and as required by applicable tax, accounting, and consumer-protection laws.
• Third-Party Processed Data: Retention of data sent to AI providers is governed by their respective policies.

You remain in control of your content. Chat data stays on your device, and uploaded or generated media is not retained beyond what is needed to deliver the Service.

5. Your Data Protection Rights

Depending on your jurisdiction (e.g., GDPR, CCPA, KVKK), you may have the right to:

• Access, correct, or update your personal data.
• Request deletion ("right to be forgotten") or restriction of processing.
• Object to processing based on legitimate interests or withdraw consent for optional features.
• Receive your data in a portable, machine-readable format (data portability).
• Opt out of automated decision-making where it significantly affects you.
• For CCPA: Opt out of "sales" (we do not sell data) or limit sensitive data use.

Submit verifiable requests through our website at chatboost.uk. We respond within 30–45 days (extendable for complex cases). Turkish residents may contact the Personal Data Protection Authority (KVKK); EU residents may contact their local data protection authority.

6. Children's Privacy

ChatBoost is not intended for children under 13 (or the applicable minimum age, e.g., 16 under GDPR for certain processing). We do not knowingly collect or solicit data from children. If we learn of such collection, we delete it immediately. Parents or guardians may contact us to review or delete a child's data.

7. International Data Transfers

Data may be processed in Türkiye (our primary location) or transferred to regions such as the United States or the European Union, where third-party providers (e.g., OpenAI, Google, Apple) operate. We ensure safeguards including:

• Standard Contractual Clauses (SCCs) for transfers outside the EEA.
• Encryption in transit (TLS 1.2+) and at rest (AES-256).
• Compliance with local laws such as KVKK for Turkish residents.

Request details about transfer mechanisms through our website at chatboost.uk.

8. Analytics and Storage Technologies

On the web, we may use analytics and local storage technologies to enhance functionality and analyze usage. These can be managed via browser settings. Our mobile apps do not use web cookies, but they may use platform analytics SDKs in a privacy-preserving manner.

9. Data Security

We implement robust safeguards, including:

• Encryption of data at rest (AES-256) and in transit (TLS 1.2+).
• Access controls (e.g., multi-factor authentication for internal systems).
• Regular security audits and employee training.

No system is fully secure; we cannot guarantee absolute protection. In case of a data incident, we will notify affected users and authorities as required (e.g., within 72 hours under GDPR).

10. Changes to This Policy

We may revise this Policy to reflect legal or operational changes. The updated version will be posted with a new "Effective Date." Material changes will be notified at least 30 days in advance via app notifications or email.

11. Contact Us

For questions, complaints, or rights requests:

If unresolved, EU residents may contact their local data protection authority; Turkish residents may contact the KVKK Board.