Privacy Policy
Effective June 4, 2026
Summary
ChatAPI (“we,” “us”) helps you build and ship software by describing it in plain English. This policy explains what we collect, why, who we share it with, and the choices you have. We collect only what we need to run the product, and we never sell your personal information.
Information we collect
Account information.
When you create an account we receive your email address, your name (if provided), and your profile image from our authentication provider. We use this to sign you in, identify your account, and contact you about your service.
The projects you build.
The prompts you send, the chat messages exchanged, the project files and specifications generated for you, and the build’s metadata. This is the core of the product and is stored so you can return to your builds.
API keys and credentials you connect.
If you connect third-party API keys to a build, we store them encrypted at rest (AES-256-GCM) and only decrypt them server-side to bundle them into your downloadable project or to verify they work. They are tied to your account and are never exposed to other users.
Usage and billing data.
Token-usage counts and per-request cost records we use for quotas, plan limits, and billing. Payment-card details are handled by our payment processor — we do not store full card numbers.
Anonymous trial sessions.
If you try the builder before signing up, we store a random session identifier in your browser’s local storage and track trial token usage against it. If you later create an account from the same browser, that trial usage is carried over to your account.
Referral and partner data.
If you arrive through a referral link, we record the referring code. If you join our partner program, we store the name and email you provide and your referral activity.
Analytics.
We use privacy-friendly, aggregate web analytics to understand traffic and improve the product. This does not use advertising cookies and does not track you across other sites.
How we use your information
- To provide, operate, and maintain the service.
- To generate the software you request — your prompts and relevant build context are sent to third-party AI model providers that perform the generation on our behalf.
- To enforce plan limits, prevent abuse, and bill you.
- To communicate with you about your account, security, and support.
- To detect, prevent, and address fraud or technical issues.
- To comply with legal obligations.
How your information is shared
We do not sell your personal information. We share data only with service providers that process it on our behalf so we can run the product, under contracts that limit their use of it:
- Authentication provider — account sign-in and identity.
- Third-party AI model providers — to generate the software you ask for from your prompts.
- Convex — our application database and backend.
- Vercel — hosting and aggregate analytics.
- Stripe — payment processing for paid plans.
- Meta (Facebook) — when we run advertising campaigns, the Meta Pixel reports anonymized, aggregated actions (such as page views, starting a build, and signing up) so we can measure ad performance and reach relevant audiences. It does not receive your build content or connected API keys.
We may also disclose information if required by law, to enforce our terms, or to protect the rights, property, or safety of our users or others.
Cookies and advertising
We use a small number of cookies and similar technologies to keep you signed in, remember your preferences, and measure how the product is used. During advertising campaigns we also use the Meta (Facebook) Pixel, which may set cookies to attribute ad clicks to actions you take on our site and to help us reach similar audiences. You can control cookies through your browser settings and limit ad personalization through your Meta ad preferences.
Data retention
We keep your account and build data for as long as your account is active. When you delete your account, we delete or anonymize the associated personal data within a reasonable period, except where we must retain it to meet legal, accounting, or security obligations.
Security
We protect data in transit with HTTPS and at rest where appropriate; connected API keys are encrypted with AES-256-GCM. No method of transmission or storage is perfectly secure, but we work to protect your information and limit access to it.
Your rights and choices
Depending on where you live, you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. You can exercise these rights — or ask any privacy question — by contacting us at the address below. We will respond within the timeframe required by applicable law.
Children
ChatAPI is not directed to children under 16, and we do not knowingly collect their personal information.
Changes to this policy
We may update this policy from time to time. When we do, we’ll revise the effective date above and, for material changes, take reasonable steps to notify you.
Contact
Questions about this policy or your data? Email us at privacy@chatapi.run.
ChatAPI