Privacy Policy

Introduction

CleanChat.AI ("we", "us", "our") is committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR) and French data protection laws. This policy explains how we collect, use, and safeguard your data when you use our Discord moderation and knowledge assistant service.

Data Controller

CleanChat.AI acts as the data controller for the personal data processed through our service. For any questions or to exercise your rights, contact us at [email protected].

Age Requirement

You must be at least 16 years old to use CleanChat.AI. By using our service, you confirm that you meet this age requirement.

What We Collect

We collect the following types of data to provide our service:

• Account information: Authentication credentials (either a cryptographic key derived from your pass phrase, or your email address with a securely hashed password), subscription status, and usage metrics.
• Server configuration: Your moderation settings and preferences for each Discord server.
• Moderation logs: Flagged messages and associated moderation actions. Messages that pass moderation are not stored.
• API call logs: We log AI API requests and responses for flagged messages (moderation) and Q&A interactions. This data is used for bug detection, service improvement, and troubleshooting. API calls for messages that pass moderation are not stored.
• Knowledge base: Documents you upload for the Q&A feature (Team+ plans).
• Feedback: Your corrections on moderation decisions and Q&A answers (if enabled). Q&A corrections may be added to your knowledge base to improve future responses.
• Support communications: Messages exchanged with our support team.

How We Use Your Data

• To provide and operate the moderation and Q&A services
• To improve moderation accuracy based on your feedback
• To improve Q&A answer quality using your corrections (Team+ plans, if enabled)
• To process payments and manage subscriptions
• To respond to support requests
• To send you transactional emails (email verification codes, password reset links) if you signed up with email
• To send you service communications and support-related emails (if you provided an email address)
• To prevent abuse and enforce our terms of service

Note on authentication: We offer two sign-up methods: pass phrase (passwordless) and email/password. If you sign up with a pass phrase, your email address (if provided) is only used for communications and cannot be used for account recovery. If you sign up with email/password, your password is hashed before transmission and stored using bcrypt encryption.

Legal Basis for Processing (GDPR Article 6)

We process your data based on the following legal grounds:

• Contract performance (Art. 6.1.b): Processing necessary to provide the moderation and Q&A services you subscribed to.
• Legitimate interest (Art. 6.1.f): Processing for service improvement, security, fraud prevention, and troubleshooting.
• Legal obligation (Art. 6.1.c): Processing required to comply with applicable laws (e.g., tax records, legal requests).

What We Don't Do

• We don't sell your data to third parties
• We don't train AI models on your content
• We don't store messages that pass moderation

Third-Party Services

We use the following services to operate CleanChat.AI:

• OpenAI: For content analysis (USA). See their privacy policy.
• Stripe: For payment processing (USA). See their privacy policy.
• Discord: To operate the bot (USA). See their privacy policy.
• Google: For advertising and conversion tracking (USA). See their privacy policy.

International Data Transfers

Your data may be transferred to and processed in the United States by our third-party providers (OpenAI, Stripe, Discord). These transfers are protected by:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Additional technical and organizational security measures

You can request a copy of the applicable safeguards by contacting us.

Automated Decision-Making (GDPR Article 22)

Our AI moderation system automatically analyzes messages and may take actions such as deleting content, issuing warnings, or applying timeouts. This constitutes automated decision-making.

• Why: Automated moderation is necessary to provide real-time content protection.
• Your rights: You can request human review of any moderation decision by contacting the server administrator or our support team.
• Safeguards: Server administrators can review moderation logs, adjust sensitivity levels, and override decisions.

Cookies and Local Storage

We use the following storage technologies:

• Session cookie: Strictly necessary for authentication. Expires after 24 hours of inactivity.
• Theme preference: Stored locally in your browser (localStorage) to remember your dark/light mode choice.
• Google Ads (gtag.js): We use Google Ads conversion tracking to measure the effectiveness of our advertising campaigns. This technology may place cookies on your device to track conversions and website activity. See Google's privacy policy.

You can opt out of Google Ads personalization at Google Ads Settings.

Data Retention

• Moderation logs: Automatically deleted based on your plan (7-90 days).
• Other data: Retained until you delete it or your account.
• Support messages: Retained for customer service and legal purposes.

Your Rights (GDPR)

Under GDPR, you have the following rights regarding your personal data:

• Right of access: Request a copy of your personal data.
• Right to rectification: Request correction of inaccurate data.
• Right to erasure: Request deletion of your data.
• Right to data portability: Request your data in a machine-readable format.
• Right to object: Object to processing based on legitimate interest.
• Right to restrict processing: Request limitation of how we use your data.

You can exercise these rights directly from your dashboard:

• Delete server content: Remove all logs, knowledge base, and feedback for a server.
• Delete your account: Remove your account and all associated data.

For other requests (data export, support message deletion, etc.), contact us at [email protected]. We will respond within one month of receiving your request, as required by GDPR Article 12.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence. In France: CNIL.

Security

We implement appropriate technical measures to protect your data, including:

• Encryption in transit (HTTPS/TLS)
• Passwords hashed client-side before transmission and stored using bcrypt
• Rate limiting and brute-force protection on authentication endpoints
• Time-limited verification codes and password reset tokens

Changes to This Policy

We may update this policy at any time. Continued use of the service constitutes acceptance of the revised policy.

Contact

For any questions or requests: [email protected]