In Short: This Privacy Policy explains how Pingalaa LLC ("Chiti.ai", "we", "us", or "our") collects, uses, and protects your personal information when you use our AI-powered document generation service at chiti.ai and docs.chiti.ai.
Your privacy is important to us. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our AI document generation service. By using Chiti.ai, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
1.1 Information You Provide to Us
We collect information that you voluntarily provide when using our service:
- Account Information: Username, email address, password (encrypted), and profile information
- Document Content: Templates you upload, prompts you provide, and documents you generate
- Payment Information: Billing details, payment method information (processed securely through third-party payment processors)
- Communications: Messages you send us, feedback, and support requests
1.2 Information Automatically Collected
When you access our service, we automatically collect certain information:
- Usage Data: Pages viewed, features used, time spent on the service, documents generated
- Device Information: IP address, browser type, operating system, device identifiers
- Log Data: Access times, error logs, and diagnostic data
- Cookies and Tracking: Session cookies, preference cookies, and analytics cookies
1.3 Information from Third Parties
We may receive information from:
- AI Service Providers: Usage data from OpenAI and Anthropic APIs
- Analytics Providers: Usage statistics and user behavior data
- Payment Processors: Transaction status and payment verification
2. How We Use Your Information
We use the collected information for the following purposes:
2.1 Service Delivery
- Process your document generation requests using AI technology
- Store and manage your templates and generated documents
- Provide access to your account and saved content
- Process payments and maintain billing records
2.2 Service Improvement
- Analyze usage patterns to improve our AI algorithms and features
- Debug technical issues and optimize performance
- Develop new features based on user needs
- Conduct research and analytics
2.3 Communication
- Send service-related notifications and updates
- Respond to your inquiries and support requests
- Send marketing communications (with your consent, opt-out available)
- Notify you of changes to our service or policies
2.4 Legal and Security
- Comply with legal obligations and enforce our Terms of Service
- Detect, prevent, and address fraud and security issues
- Protect our rights, property, and safety
3. How We Share Your Information
We do not sell your personal information. We may share your information in the following circumstances:
3.1 Service Providers
We share information with third-party service providers who perform services on our behalf:
- OpenAI and Anthropic: Your prompts and document content are sent to these AI providers for document generation. They process this data according to their own privacy policies and data processing agreements.
- Amazon Web Services (AWS): We use AWS S3 for secure file storage. AWS stores your uploaded templates and generated documents in encrypted form.
- Render: Our hosting provider that processes data necessary to deliver the service.
- Payment Processors: Secure payment processing (we do not store full credit card information)
- Analytics Providers: To understand usage patterns and improve our service
3.2 Legal Requirements
We may disclose your information if required by law or in response to:
- Valid legal processes (subpoenas, court orders)
- Government requests
- Enforcement of our Terms of Service
- Protection of rights, property, or safety
3.3 Business Transfers
If Pingalaa LLC is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control.
4. Data Storage and Security
4.1 Data Storage
- Location: Your data is stored in the United States on secure servers
- Database: PostgreSQL database with encryption at rest
- File Storage: AWS S3 with server-side encryption
- Backups: Regular encrypted backups for disaster recovery
4.2 Security Measures
We implement industry-standard security measures:
- SSL/TLS encryption for data in transit
- Encryption at rest for stored data
- Password hashing using bcrypt
- Regular security audits and updates
- Access controls and authentication
- Monitoring for suspicious activity
4.3 Data Retention
- Account Data: Retained while your account is active
- Documents: Retained until you delete them or close your account
- Logs: Retained for up to 90 days for security and debugging
- Backups: Maintained for 30 days for disaster recovery
5. Your Privacy Rights
Depending on your location, you may have the following rights:
5.1 Access and Portability
- Request a copy of your personal data
- Export your templates and generated documents
- View information about how we process your data
5.2 Correction and Deletion
- Update or correct your account information
- Delete your templates and generated documents
- Request deletion of your account and associated data
5.3 Control and Objection
- Opt out of marketing communications
- Disable non-essential cookies
- Object to certain data processing activities
- Restrict processing of your data
5.4 GDPR Rights (EU Users)
If you are in the European Union, you have additional rights under GDPR:
- Right to be forgotten
- Right to data portability
- Right to object to automated decision-making
- Right to lodge a complaint with a supervisory authority
5.5 CCPA Rights (California Users)
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):
- Right to know what personal information is collected
- Right to know if personal information is sold or disclosed
- Right to opt-out of the sale of personal information (we do not sell data)
- Right to deletion of personal information
- Right to non-discrimination for exercising CCPA rights
To exercise these rights, contact us at: privacy@pingalaa.com
6. Cookies and Tracking Technologies
6.1 Types of Cookies We Use
- Essential Cookies: Required for the service to function (authentication, session management)
- Analytics Cookies: Help us understand how you use the service
- Preference Cookies: Remember your settings and preferences
6.2 Managing Cookies
You can control cookies through your browser settings. Note that disabling essential cookies may affect service functionality.
6.3 Do Not Track
We currently do not respond to "Do Not Track" signals, but we are committed to respecting your privacy preferences.
7. Third-Party AI Services
Important: When you use our document generation service, your prompts and document content are processed by third-party AI providers (OpenAI and Anthropic). These providers have their own privacy policies:
We recommend reviewing these policies. Both providers have committed to not using customer data to train their models.
8. Children's Privacy
Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected information from a child under 13, please contact us immediately at privacy@pingalaa.com.
9. International Data Transfers
Your information may be transferred to and processed in the United States and other countries where our service providers operate. These countries may have different data protection laws than your country. We ensure appropriate safeguards are in place for such transfers.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
- Posting the new Privacy Policy on this page
- Updating the "Last Updated" date
- Sending you an email notification (for significant changes)
- Displaying a prominent notice in the service
Your continued use of the service after such changes constitutes acceptance of the updated Privacy Policy.
11. Data Breach Notification
In the event of a data breach that affects your personal information, we will:
- Notify affected users within 72 hours of discovery
- Describe the nature of the breach
- Explain the steps we are taking to address it
- Provide recommendations to protect your information
- Notify relevant authorities as required by law
12. Contact Information
13. Specific State Privacy Rights
Illinois Residents (BIPA)
We do not collect biometric information as defined under the Illinois Biometric Information Privacy Act (BIPA).
Other State Privacy Laws
If you reside in Virginia, Colorado, Connecticut, or other states with comprehensive privacy laws, you may have additional rights. Contact us at privacy@pingalaa.com for more information.
Questions or Concerns?
If you have any questions about this Privacy Policy or how we handle your data, please don't hesitate to reach out to us at privacy@pingalaa.com. We're committed to protecting your privacy and will respond to your inquiry promptly.