chatday

Privacy Policy and Cookie Policy

Effectiveness date: 7 May 2026

This Privacy Policy and Cookie Policy ("Policy") governs how Chatday AI collects, processes, stores, and protects personal information when you access or use our platform, applications, and associated services (collectively, the "Services"). Please read this Policy carefully before using the Services.

INTRODUCTION & SCOPE

This Policy describes how Chatday AI ("Chatday", "we", "us", "our") collects, uses, shares, and safeguards personal information through the Services. It also explains the rights and choices available to users regarding their personal data.

By accessing or using the Services, you agree to the practices described in this Policy and consent to the collection, use, and disclosure of your information as outlined herein. This Policy forms part of our Terms and Conditions. If you do not agree with our practices, please do not use the Services.

We are committed to responsible data stewardship and to maintaining practices that align with applicable privacy and data protection frameworks, including the General Data Protection Regulation ("GDPR"), the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA/CPRA"), and other applicable regional laws.

This Policy applies to all individuals who interact with the Services, regardless of geographic location. We may revise this Policy at any time; updated versions will be published on our platform and take effect upon posting. The Services are intended exclusively for adults in accordance with the laws applicable in their country of residence or birth.

IDENTITY OF CONTROLLER

The controller responsible for the processing of your personal data in connection with the Services is the entity identified below:

DYNAMIC SEARCH MARKS SL

We are fully committed to fulfilling our obligations under applicable data protection legislation and to upholding the privacy rights of every individual who interacts with the Services.

If you have any questions about our data practices or wish to exercise any of your privacy rights, please contact us at: info@chatday.ai

INFORMATION WE COLLECT

We collect personal and non-personal information in connection with your access to and use of the Services. The information collected depends on how you interact with us and may include information you provide directly, information collected automatically, and information received from third-party sources. We strive to collect only what is necessary, relevant, and proportionate to the purposes described in this Policy.

Information You Provide Directly:

  • Account and Registration Data: name, email address, username, and other details submitted when creating or updating your account.
  • Payment and Billing Information: transaction records and payment method details, processed through third-party providers. We do not store full payment card numbers on our servers.
  • User Submissions and AI Interactions: the content of prompts, messages, queries, or other inputs you submit to our AI-powered features, including associated metadata such as session identifiers and timestamps. This may include personal information if you voluntarily include it in your input.
  • Support and Communication Records: contact information and the content of any correspondence when you reach out for assistance, feedback, or other inquiries, including attachments and correspondence history.

Information Collected Automatically:

  • Device and Technical Data: IP address, browser type and version, operating system, device type and identifiers, screen resolution, and language settings.
  • Usage and Interaction Metrics: access times, features used, session duration, navigation paths, error logs, and performance metrics related to AI feature interactions.
  • Approximate Geolocation: derived from IP address, used for localization and security purposes.
  • Cookies and Tracking Technologies: data collected via cookies, pixels, scripts, and similar technologies, as described in Section 13 of this Policy.

HOW WE USE YOUR INFORMATION

We use the information we collect for the following operational, functional, and legal purposes. Our use of your personal information is guided by principles of transparency, necessity, and proportionality:

Service Delivery and Operation:

To enable access to and use of the Services, deliver core functionalities, including AI-powered interactions, process transactions, and manage user accounts.

AI Feature Functionality:

The content you input may be transmitted to third-party large language model (LLM) providers acting as our data processors solely to generate responses on our behalf. We do not use your conversational inputs to train proprietary AI models, nor do we sell your conversation data to any third party.

Platform Improvement and Analytics:

We analyze usage patterns, session behavior, and aggregated data, in anonymized or pseudonymized form, to identify and resolve issues, develop new features, and improve overall user experience.

Payment and Subscription Management:

To process one-time and recurring payments, issue invoices, handle failed transactions, and manage subscription status.

Communications:

To send administrative, transactional, or support-related messages, and where permitted, promotional communications subject to your preferences and applicable law.

Platform Security and Policy Enforcement:

To detect, prevent, and respond to fraud, unauthorized access, abuse, or violations of our Terms and Conditions.

AI Model Improvement (Where Applicable):

We may use de-identified and anonymized interaction data to evaluate and refine the performance of our AI systems, subject to the safeguards described in Section 6 of this Policy.

Legal and Regulatory Compliance:

To meet applicable legal obligations, respond to lawful government requests, maintain required records, and fulfil audit or tax requirements.

With Your Consent:

Where required by law, we will rely on your explicit consent and provide the right to withdraw it at any time without affecting prior lawful processing.

We do not use your personal information to make automated decisions that produce legal or similarly significant effects without human involvement.

LEGAL BASIS FOR PROCESSING

We process your personal information only when we have a valid legal basis to do so under applicable data protection law, including the GDPR and CCPA/CPRA. The specific legal basis depends on the nature of the data and the context in which it is collected and used:

Performance of a Contract:

We process your information to fulfil our contractual obligations, including providing access to the Services, delivering platform functionality, managing subscriptions and purchases, and maintaining your user account.

Legitimate Interests:

We may process your information where necessary for our legitimate interests, or those of a third party, provided they are not overridden by your fundamental rights and freedoms. This includes improving Services, preventing fraud, securing our systems, analyzing user behavior, and communicating with existing users about relevant offerings. We apply proportionality and balancing assessments when relying on this basis.

Consent:

In certain circumstances we will request your explicit consent, for example, when you opt in to receive promotional communications or participate in surveys, beta programs, or optional analytics. You have the right to withdraw consent at any time without affecting the lawfulness of prior processing.

Compliance with Legal Obligations:

We process information where necessary to fulfil legal or regulatory requirements, including responding to lawful authority requests, maintaining statutory records, and satisfying tax and accounting obligations.

Protection of Vital Interests:

In exceptional circumstances, we may process personal data to protect your vital interests or those of another individual, such as in response to a security incident or safety emergency.

USE OF AI TECHNOLOGIES & TRAINING

Our Services integrate artificial intelligence technologies, including large language models (LLMs), natural language processing, and related systems, to deliver interactive, context-relevant responses to user inputs.

Processing of User Inputs:

When you engage with our AI-powered features, the content you submit may be processed in real time to generate responses. This processing is conducted under strict security protocols. In most cases, inputs are not stored in a way that links them to your personal identity.

Third-Party LLM Providers:

Chatday AI does not operate proprietary large language models. Our AI features are powered by third-party LLM providers, each bound by their own privacy terms and conditions. Your inputs may be transmitted to these providers solely to generate responses on our behalf; they act as data processors under our instructions.

No Training on Identifiable Data:

Unless explicitly stated otherwise at the point of collection or through your account settings, we do not retain or use your identifiable inputs to train, fine-tune, or evaluate any AI model. In certain contexts, we may use fully de-identified and anonymized interaction data to improve system performance, subject to the safeguards described herein.

No Use of Personal Identifiers for Training:

We do not use your personal information, including your name, contact details, payment data, or account identifiers, for training or fine-tuning any public or third-party AI model. Any training activity we engage in is designed to prevent reconstruction or leakage of individual user data.

Nature of AI Output:

Responses generated by our AI features are probabilistic in nature and may be inaccurate, incomplete, or imperfect. You agree to use the Services responsibly and not to rely solely on AI-generated output for legal, medical, financial, or other critical decisions without independent human review and verification.

HOW WE SHARE YOUR INFORMATION

We do not sell or rent your personal information. We may share your data with third parties only in the limited circumstances described below, and always with appropriate safeguards in place to ensure your data is handled lawfully and responsibly.

Service Providers:

We engage third-party vendors to perform essential functions on our behalf, including infrastructure hosting, payment processing, customer support, usage analytics, security monitoring, and email delivery. These providers are contractually bound to process your data only as needed for their specific function. Examples include: Amplitude, Google Inc., Stripe, and Firebase.

AI and LLM Providers:

Inputs submitted to our AI features may be transmitted to third-party LLM providers acting as data processors, solely to generate responses. These providers do not use your data for their own model training purposes beyond what is governed by their terms and applicable law.

Analytics Providers:

We may share aggregated, pseudonymized behavioral data, such as session duration, feature usage, and device type, with performance analytics providers to assess platform trends and improve our offerings.

Legal Disclosures:

We may disclose personal information when required by law or when we reasonably believe disclosure is necessary to (i) comply with a legal obligation or authority request; (ii) protect and defend our rights or property; (iii) prevent or address fraud, security incidents, or illegal activity; or (iv) protect the safety of users, employees, or the public.

Business Transactions:

In the event of a merger, acquisition, reorganization, or asset sale, your information may be transferred as part of that transaction. We will take reasonable steps to ensure confidentiality and notify you of any material change in ownership or data use as required by law.

International Transfers:

Certain recipients may be located outside your home jurisdiction, including outside the European Economic Area (EEA). Where applicable, we implement appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission or other lawful transfer mechanisms.

DATA RETENTION

We retain personal information for as long as necessary to fulfil the purposes for which it was collected, including service delivery, platform improvement, legal compliance, dispute resolution, and contractual enforcement.

The duration for which we retain specific data categories may vary based on the nature of the information, its processing purpose, and applicable legal or regulatory requirements. Account-related data may be retained for the duration your account remains active and for a reasonable period thereafter.

When we no longer have a legitimate need to retain personal information, we will take appropriate steps to delete, anonymize, or aggregate it so that it no longer identifies you. Where immediate deletion is not feasible (e.g., due to backup systems), the data will be stored securely and isolated from further processing until deletion becomes possible.

We may retain de-identified or aggregated data, which no longer constitutes personal information under applicable law, for research, benchmarking, analytics, or service development purposes.

DATA SECURITY

We are committed to protecting the integrity, availability, and confidentiality of your personal information. We implement comprehensive administrative, technical, and physical security measures designed to safeguard the data we collect and process through the Services.

All data transmitted between your device and our systems is encrypted using industry-standard protocols, including Transport Layer Security (TLS). Sensitive stored data is protected using encryption at rest and secure credential management practices.

Internally, we apply the principle of least privilege: only personnel with a clearly defined business need are granted access to user data, and all access is regularly reviewed and monitored. We deploy firewall protection, intrusion detection and prevention systems, access logging, and vulnerability management programs.

While we take extensive precautions, no system can be guaranteed to be completely secure. In the event of a security incident that poses a significant risk to your rights or freedoms, we will notify you and any applicable supervisory authorities in accordance with legal requirements.

YOUR RIGHTS & CHOICES

We are committed to ensuring that you maintain meaningful control over your personal information. Depending on your location, applicable data protection laws may provide you with the following rights:

  • Right of Access: to request confirmation of whether we process your data and to obtain a copy of the information we hold about you.
  • Right to Rectification: to request correction or updating of inaccurate, incomplete, or outdated personal information.
  • Right to Erasure: to request deletion of your information where it is no longer necessary for the purposes for which it was collected, where you withdraw consent, or where processing is otherwise unlawful.
  • Right to Restriction: to request that we limit processing of your data in certain circumstances, such as where you contest its accuracy or object to its use.
  • Right to Object: to object to processing based on legitimate interests or for direct marketing purposes at any time.
  • Right to Data Portability: to request transfer of your data to another organization in a structured, machine-readable format, where technically feasible and where processing is based on consent or contract.
  • Right Not to be Subject to Automated Decision-Making: not to be subject to decisions producing legal or similarly significant effects based solely on automated processing without human involvement.

To exercise any of these rights, please contact us at info@chatday.ai. We may verify your identity before processing your request. We aim to respond within one (1) month, extendable by a further two (2) months where justified by complexity or volume, with prior notification.

If you believe your data protection rights have not been adequately addressed, you have the right to lodge a complaint with the competent supervisory authority in your jurisdiction.

Regarding Do Not Track signals: our Services do not currently respond to browser-based Do Not Track signals, as no uniform industry standard for their interpretation has been established.

ACCOUNT DELETION

You may request deletion of your account and associated personal information at any time by contacting us at info@chatday.ai. Upon receiving your request, we will take reasonable steps to verify your identity prior to proceeding, in order to protect the security and integrity of your data.

Please note that account deletion is irreversible. Once your account is removed, you will lose access to all associated data, services, content, and purchase history. We encourage you to download any data you wish to retain before initiating a deletion request.

Certain information may be retained for a limited period in backup archives for business continuity purposes, or as necessary to comply with legal obligations, resolve disputes, enforce our Terms of Service, or detect fraud. Retained data will be limited to what is strictly required for those specific purposes.

Ceasing use of the Services or deleting the application does not in itself constitute an account deletion request.

CHILDREN'S PRIVACY

Our Services are not directed to, intended for, or designed to attract individuals under the age of 18 (or the applicable minimum age in the relevant jurisdiction). We do not knowingly collect or solicit personal information from minors. If you are under 18, you are not permitted to access or use the Services.

If we become aware that we have inadvertently collected personal information from a child below the applicable age threshold without verified parental or guardian consent, we will take prompt steps to delete that information from our records.

Parents or legal guardians who believe their child has accessed the Services or submitted personal information without consent may contact us at info@chatday.ai to request data removal. We encourage parents and guardians to actively monitor and guide their children's online activities.

COOKIES & TRACKING TECHNOLOGIES

We use cookies and other tracking technologies to enhance the functionality and performance of our Services, personalize user experiences, analyze user behavior, and support communications efforts. By accessing or using the Services, you consent to the placement of cookies and similar technologies on your device, subject to your ability to manage preferences as outlined below.

Cookies are small data files stored on your browser or device when you visit or interact with our Services. In addition to cookies, we may utilize pixel tags, web beacons, embedded scripts, SDKs, and local storage technologies to capture user activity and diagnose system issues.

Types of Cookies:

  • Strictly Necessary Cookies: essential to the operation of the Services, including session and authentication cookies. These are exempt from consent requirements under applicable law.
  • Performance Cookies: measure and support the efficiency and stability of our systems.
  • Functional / Preference Cookies: enable personalization, including language settings, display preferences, and account configuration options.
  • Analytical Cookies: allow us to understand how users engage with the platform based on aggregated, non-personal data, enabling us to improve our offerings.
  • Marketing / Advertising Cookies: used where applicable to support outreach and the delivery of relevant content.
  • Third-Party Cookies: placed by partners or service providers (e.g., analytics or payment platforms) operating under their own privacy policies.

Consent & Management:

Where legally required, we will obtain your express consent before deploying non-essential cookies or tracking technologies. You may be presented with a cookie management banner enabling you to accept or decline specific categories.

You may also control or disable cookies through your browser or device settings at any time. Doing so may affect the availability or functionality of certain features. Our Services do not currently respond to Do Not Track browser signals, as no uniform standard for their interpretation has been established.

THIRD-PARTY LINKS

Our Services may contain links to websites, applications, or services operated by third parties that are neither owned nor controlled by us. Such links are provided for convenience and informational purposes only.

We do not endorse, monitor, or make any representations regarding the content, accuracy, privacy practices, or security of any third-party website or service. When you click on a third-party link, you may be directed to a platform governed by its own privacy policy and terms of use. We strongly encourage you to review those policies before engaging with any third-party service.

We disclaim all liability for any damages, losses, or other consequences arising from your access to or use of third-party content or services accessible through links on our platform.

INTERNATIONAL USERS & CALIFORNIA RESIDENTS

Our Services are operated from the United States. If you access them from outside the US, you acknowledge that your personal information will be transferred to, stored in, and processed in the United States or other jurisdictions where we or our service providers operate. These jurisdictions may not provide the same level of data protection as your home country.

We implement appropriate safeguards for cross-border transfers where required, including Standard Contractual Clauses (SCCs) approved by the European Commission or other lawful transfer mechanisms.

EEA, UK, and Switzerland Residents:

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have rights under the GDPR and equivalent local frameworks, including the right to access, correct, erase, restrict, and object to the processing of your personal data, as well as the right to lodge a complaint with your competent supervisory authority.

California Residents (CCPA/CPRA):

If you reside in California, you are entitled to rights under the CCPA as amended by the CPRA. Over the preceding twelve (12) months, we may have collected categories of personal information including identifiers, usage and internet activity data, inferences drawn from collected data, and commercial information such as transaction history. We do not sell or share personal information for cross-context behavioral advertising.

As a California resident, you have the right to: know what personal information is collected and how it is used; request deletion; request correction; opt out of sale or sharing; and receive non-discriminatory treatment for exercising any of these rights. To exercise your rights, contact us as described in Section 17.

CHANGES TO THIS POLICY

We reserve the right to update, revise, or modify this Policy at any time to reflect changes in our practices, legal obligations, or platform enhancements. Any revisions will take effect immediately upon publication of the updated Policy on our platform, unless otherwise required by applicable law.

When we update the Policy, we will revise the "Effective Date" at the top of the document. In the event of material changes that may significantly affect your rights or how we process your personal information, we will provide advance notice by appropriate means, such as email notification or a prominent in-platform alert.

Your continued use of the Services following any update constitutes acceptance of the revised terms. If you do not agree to the changes, you should discontinue use of the Services and, where applicable, request deletion of your account.

CONTACT

If you have any questions, concerns, or requests regarding this Privacy Policy, our data practices, or your personal information, please contact us directly. We are committed to responding promptly and transparently.

Email: info@chatday.ai

When contacting us, please include sufficient detail to help us understand and respond to your inquiry, such as your name, the nature of your request, and any relevant context. Please note that we may verify your identity before processing certain requests, in order to protect your data and maintain platform security.

We will endeavor to respond to all privacy-related inquiries in a timely and appropriate manner and will work in good faith to address any concerns you may have.