Back to Blog
Legal

Privacy Policy

ChatMazes Team

We at ChatMazes OÜ (together with our affiliates, “ChatMazes”, “we”, “our” or “us”) respect your privacy and are strongly committed to keeping secure any information we obtain from you or about you. This Privacy Policy describes our practices with respect to Personal Data that we collect from or about you when you use our website, applications, and services (collectively, “Services”).

This Privacy Policy does not apply to content that we process on behalf of customers of our business offerings. Our use of that data is governed by our customer agreements covering access to and use of those offerings.

1. Data Controller

ChatMazes OÜ, a Private Limited Company, registry code 17430495, registered in the Republic of Estonia and its registered office at Harju maakond, Tallinn, Kesklinna linnaosa, Tornimäe tn 5, 10145, Estonia, is the controller and is responsible for the processing of your Personal Data (or "Personal Information" as defined under applicable laws) as described in this Privacy Policy.

This designation applies to all users globally, including those residing in the European Economic Area (EEA), Switzerland, the United Kingdom, and the United States. You may contact our privacy team regarding any data protection inquiries at privacy@chatmazes.com.

2. Personal Data We Collect

We collect personal data relating to you (“Personal Data”) as follows:

Personal Data You Provide: We collect Personal Data if you create an account to use our Services or communicate with us as follows:

  • Account Information: When you create an account with us, we will collect information associated with your account, including your name, contact information, account credentials, date of birth, payment information, and transaction history, (collectively, “Account Information”).
  • Customer Content: We collect Personal Data that you provide in the input to our Services (“Content”), including your prompts and other content you upload.
  • Business & Integration Data: If you connect third-party tools or social media accounts to our Services, we may collect information from those integrations, such as linked page IDs, account status and other details.
  • Communication Information: If you communicate with us, such as via email or our pages on social media sites, we may collect Personal Data like your name, contact information, and the contents of the messages you send (“Communication Information”).
  • User Content: You may import personal data into our system regarding your own users or contacts (collectively, “Subscribers”). We process this data only on your behalf as a Processor. We have no direct relationship with your Subscribers; you are solely responsible for ensuring you have the appropriate legal basis and permissions to collect this data and that you have informed your Subscribers of our Privacy Policy and Data Processing Agreement.

Personal Data We Receive from Your Use of the Services: When you visit, use, or interact with the Services, we receive the following information about your visit, use, or interactions (“Technical Information”):

  • Log Data: We collect information that your browser or device automatically sends when you use our Services. Log data includes your Internet Protocol address, browser type and settings, the date and time of your request, and how you interact with our Services.
  • Usage Data: We collect information about your use of the Services, such as the types of content that you view or engage with, the features you use and the actions you take, as well as your time zone, country, the dates and times of access, user agent and version, type of computer or mobile device, and your computer connection.
  • Device Information: We collect information about the device you use to access the Services, such as the name of the device, operating system, device identifiers, and browser you are using. Information collected may depend on the type of device you use and its settings.
  • Location Information: We may determine the general area from which your device accesses our Services based on information like its IP address for security reasons and to make your product experience better, for example to protect your account by detecting unusual login activity or to provide more accurate responses.
  • Cookies and Similar Technologies: We use cookies and similar technologies to operate and administer our Services, and improve your experience. If you use our Services without creating an account, we may store some of the information described in this policy with cookies, for example to help maintain your preferences across browsing sessions.

3. How We Use Personal Data & Legal Bases

We may use Personal Data for the following purposes:

  • To provide, analyze, and maintain our Services, for example to respond to your questions for ChatMazes;
  • To improve and develop our Services and conduct research, for example to develop new product features;
  • To communicate with you, including to send you information about our Services and events, for example about changes or improvements to the Services;
  • To prevent fraud, illegal activity, or misuses of our Services, and to protect the security of our systems and Services;
  • To comply with legal obligations and to protect the rights, privacy, safety, or property of our users, ChatMazes, or third parties.

We may also aggregate or de-identify Personal Data so that it no longer identifies you and use this information for the purposes described above, such as to analyze the way our Services are being used, to improve and add features to them, and to conduct research.

4. Disclosure of Personal Data

We may disclose your Personal Data in the following circumstances:

  • Vendors and Service Providers: To assist us in meeting business operations needs and to perform certain services and functions, we may disclose Personal Data to vendors and service providers, including providers of hosting services, customer service vendors, cloud services, content delivery services, support and safety monitoring services, email communication software, web analytics services, payment and transaction processors, and other information technology providers.
  • Business Transfers: If we are involved in strategic transactions, reorganization, bankruptcy, receivership, or transition of service to another provider (collectively, a “Transaction”), your Personal Data may be disclosed in the diligence process with counterparties and others assisting with the Transaction and transferred to a successor or affiliate as part of that Transaction along with other assets.
  • Government Authorities or Other Third Parties: We may share your Personal Data, including information about your interaction with our Services, with government authorities, industry peers, or other third parties in compliance with the law (i) if required to do so to comply with a legal obligation, or in the good faith belief that such action is necessary to comply with a legal obligation, (ii) to protect and defend our rights or property, (iii) if we determine, in our sole discretion, that there is a violation of our terms, policies, or the law; (iv) to detect or prevent fraud or other illegal activity; (v) to protect the safety, security, and integrity of our products, employees, users, or the public, or (vi) to protect against legal liability.

5. Retention

We’ll retain your Personal Data for only as long as we need in order to provide our Services to you, or for other legitimate business purposes such as resolving disputes, safety and security reasons, or complying with our legal obligations. How long we retain Personal Data will depend on a number of factors, such as:

  • Our purpose for processing the data (such as whether we need to retain the data to provide our Services);
  • The amount, nature, and sensitivity of the information;
  • The potential risk of harm from unauthorized use or disclosure;
  • Any legal requirements that we are subject to.

6. International Data Transfers

ChatMazes processes your Personal Data for the purposes described in this Privacy Policy on servers located within the European Economic Area (EEA). If you are accessing our Services from the United States or other regions with laws governing data collection and use, please note that you are transferring your personal information to the EEA. To provide our Services, we may engage third-party sub-processors located outside of the EEA, Switzerland, and the UK (primarily in the United States). While data protection law varies by country, we apply the protections described in this policy to your Personal Data regardless of where it is processed.

When transferring Personal Data outside of the EEA, Switzerland, or the UK, we rely on the following transfer mechanisms to comply with applicable data protection laws:

  • Adequacy Decisions (Article 45 GDPR): We rely on the European Commission’s adequacy decisions when transferring your Personal Data to countries that have been deemed to provide an adequate level of protection. This includes transfers to US-based organizations that are certified under the EU-U.S. Data Privacy Framework.
  • Standard Contractual Clauses (Article 46 GDPR): For transfers to jurisdictions or entities not covered by an adequacy decision, we rely on the Standard Contractual Clauses (“SCCs”) as approved by the European Commission (pursuant to Article 46(2)(c) GDPR) and, where applicable, the UK International Data Transfer Addendum. These clauses ensure that our sub-processors are contractually obligated to provide a level of data protection equivalent to that of the GDPR.

We do not "sell" your personal information to third parties, and any international transfer is conducted strictly for the purpose of providing and improving the Services as described in this Policy.

7. Your Rights

Depending on where you live, you may have certain statutory rights in relation to your Personal Data.

The European Union’s General Data Protection Regulation (GDPR) and other countries’ privacy laws provide certain rights for data subjects. Data Subject rights under GDPR include the following:

  • Access your Personal Data and information relating to how it is processed.
  • Delete your Personal Data from our records.
  • Rectify or update your Personal Data.
  • Transfer your Personal Data to a third party (right to data portability).
  • Restrict how we process your Personal Data.
  • Withdraw your consent—where we rely on consent as the legal basis for processing at any time.
  • Object to how we process your Personal Data.
  • Lodge a complaint with your local data protection authority.

You can exercise many of these rights directly through your ChatMazes account settings. For requests you cannot fulfill yourself, please email privacy@chatmazes.com. We will verify your identity before processing your request.

8. Additional U.S. state disclosures

Some U.S. state privacy laws require specific disclosures. The following table provides additional information about the categories of Personal Data we collect and how we use and disclose that information. You can read more about the Personal Data we collect and where we collect it from in “Personal Data we collect” above, how we use Personal Data in “How we use Personal Data” above, and how we retain Personal Data in “Security and Retention” below.

Category of Personal Data Use of Personal Data Disclosure of Personal Data
We collect the following information, as described above:
  • Identifiers, such as your name, contact details, IP address, and other device identifiers
  • Commercial information, such as your transaction history
  • Network activity information, such as Content and how you interact with our Services
  • Communication information, such as your contact information when you send us email
  • Geolocation data, such as the general area from which your device accesses our Services based on information like its IP address
  • Your account credentials and payment information
 We use this information for the following purposes, as described above:
  • Provide, analyze, and maintain our Services
  • Improve and develop our Services and conduct research
  • Communicate with you, including to send you information about our Services and events
  • Prevent fraud, illegal activity, or misuses of our Services, and to protect the security of our systems and Services
  • Comply with legal obligations and protect the rights, privacy, safety, or property of our users, ChatMazes, or third parties
 We may disclose this information in the following circumstances, as described above:
  • Vendors, service providers, and affiliates to process in accordance with our instructions
  • Government authorities or other third parties for the legal reasons described above
  • Parties involved in Transactions
  • Other users and third parties you interact or share information with

Depending on where you live and subject to applicable exceptions, you may have the following privacy rights in relation to your Personal Data:

  • The right to know information about our processing of your Personal Data, including the right to access your Personal Data, often in a portable format;
  • The right to request deletion of your Personal Data;
  • The right to correct your Personal Data;
  • The right to be free from discrimination relating to the exercise of any of your privacy rights.

We don’t “sell” Personal Data or “share” Personal Data for cross-contextual behavioral advertising, and we do not process Personal Data for “targeted advertising” purposes (as those terms are defined under state privacy laws). We also don’t process sensitive Personal Data for the purposes of inferring characteristics about a consumer.

9. Children

Our Services are not directed to children under the age of 18. We do not knowingly collect Personal Data from children.

10. Security

We implement commercially reasonable technical, administrative, and organizational measures designed to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or email transmission is ever fully secure or error free. Therefore, you should take special care in deciding what information you provide to the Services. In addition, we are not responsible for circumvention of any privacy settings or security measures contained on the Service, or third-party websites.

11. Legal bases for processing

Purpose of processing Type of Personal Data processed, depending on the processing activity Legal basis, depending on the process activity
To provide, analyze, and maintain our Services
  • Account Information
  • User Content
  • Communication Information
  • Other Information You Provide
  • Log Data
  • Usage Data
  • Device Information
  • Location Information
  • Cookies and Similar Technologies
 Where necessary to perform a contract with you, such as processing a user’s prompts to provide a response.
To improve and develop our Services and conduct research
  • Account Information
  • User Content
  • Communication Information
  • Other Information You Provide
  • Data We Receive From Other Sources
  • Log Data
  • Usage Data
  • Device Information
  • Cookies and Similar Technologies
 Where necessary for our legitimate interests and those of third parties and broader society, including in developing, improving, or promoting our Services.
To communicate with you, including to send you information about our Services and events
  • Account Information
  • Communication Information
  • Social Media Information
  • Other Information You Provide
  • Log Data
  • Usage Data
  • Device Information
  • Cookies and Similar Technologies
 Where necessary to perform a contract with you, such as processing your contact information to send you a technical announcement about the Services. Your consent when we ask for it to process your Personal Data for a specific purpose that we communicate to you, such as processing your contact information to send you certain forms of marketing communications.
To prevent fraud, illegal activity, or misuses of our Services, and to protect the security of our systems and Services
  • Account Information
  • User Content
  • Communication Information
  • Social Media Information
  • Other Information You Provide
  • Data We Receive From Other Sources
  • Log Data
  • Usage Data
  • Device Information
  • Cookies and Similar Technologies
 Where necessary to comply with a legal obligation. Where we are not under a specific legal obligation, where necessary for our legitimate interests and those of third parties, including in protecting our Services from abuse, fraud, or security risks, such as processing data from security partners to protect against fraud, abuse and security threats in our Services.
To comply with legal obligations and to protect the rights, privacy, safety, or property of our users, ChatMazes, or third parties
  • Account Information
  • User Content
  • Communication Information
  • Social Media Information
  • Other Information You Provide
  • Data We Receive From Other Sources
  • Log Data
  • Usage Data
  • Device Information
  • Cookies and Similar Technologies
 Where necessary to comply with a legal obligation, such as retaining transaction information to comply with record-keeping obligations. Where we are not under a specific legal obligation, where necessary for our legitimate interests and those of third parties and broader society, including in protecting our or our affiliates’, users’, or third parties’ rights, safety, and property, such as analyzing log data to identify fraud and abuse in our Services.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will publish the updated version and effective date on this page. Continued use of our Services after any changes constitutes your acceptance of the new Policy.

13. How to Contact Us

If you require any more information or have any questions about our privacy policy, please feel free to contact us by email at privacy@chatmazes.com.