This Privacy Policy applies to use of the Chatbyte Platform, including self-serve registration, workspaces, dashboards, integrations, and related support processes. It explains what personal data we process, why we process it, and which rights you have.
Controller: Chatbyte GmbH, Gertigstraße 69, 22303 Hamburg, Germany. Commercial Register: HRB 187972. Register Court: Amtsgericht Hamburg. VAT ID: DE452019271. Email: contact@chatbyte.ai.
Document version: 1.1.
Effective date: May 13, 2026.
1. Data We Process
When you use the Platform, we may process the following categories of personal data:
- Account data such as name, business email address, password hash, and language preferences.
- Organization and billing data such as company name, billing profile, VAT information, and subscribed products.
- Product and usage data such as workspace configuration, agent settings, integrations, logs, and in-product events.
- Communication data from support requests, demo or lead forms, and contract-related correspondence.
- Security and device data such as IP address, browser details, session data, and technical events used for abuse prevention and troubleshooting.
2. Purposes and Legal Bases
We process personal data to provide the Platform, manage user accounts, maintain security, and fulfill our contractual obligations.
- Performance of a contract and pre-contractual steps under Article 6(1)(b) GDPR.
- Compliance with legal obligations, for example tax and commercial retention duties, under Article 6(1)(c) GDPR.
- Legitimate interests under Article 6(1)(f) GDPR, especially for IT security, abuse prevention, operating the service, support, and internal analysis.
- Consent under Article 6(1)(a) GDPR where we specifically request it, for example for certain marketing or tracking activities.
3. Recipients and Processors
We use selected service providers that process data on our behalf where this is necessary for hosting, infrastructure, email delivery, analytics, support, AI processing, voice processing, or payment processing.
Our standard production setup uses EU regions for product-related processing. The current standard subprocessors include Vercel, PlanetScale, Cloudflare R2, Microsoft Azure OpenAI, Turbopuffer, AWS SES/S3, Trigger.dev, ElevenLabs, and Twilio where the relevant module is enabled. Details, purposes, and processing locations are documented in the Data Processing Agreement.
4. International Transfers
If personal data is transferred outside the EEA, we take steps to ensure an adequate level of protection. Where required, we rely on standard contractual clauses or other lawful transfer safeguards.
5. Retention
We store personal data only for as long as necessary for the purposes described above. Account and contract-related data are generally retained for the duration of the customer relationship and afterwards as required by applicable retention laws.
Technical security and event data are rotated or deleted when they are no longer needed for operations, abuse detection, or troubleshooting.
6. Your Rights
Subject to the applicable legal requirements, you have rights of access, rectification, erasure, restriction, portability, and objection in relation to certain processing activities.
If processing is based on consent, you may withdraw that consent at any time for the future. You also have the right to lodge a complaint with a competent data protection authority.
7. Security and Contact
We implement appropriate technical and organizational measures to protect personal data against loss, misuse, and unauthorized access. If you have questions about this Privacy Policy or want to exercise your rights, contact us at contact@chatbyte.ai.