In short: This Privacy Policy explains how Pingalaa LLC ("Chiti.ai", "we", "us", or "our") collects, uses, and protects your personal information when you use our AI-powered tools at chiti.ai, docs.chiti.ai, and focus.chiti.ai.
Your privacy is important to us. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our services. By using Chiti.ai, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
1.1 Information You Provide
We collect information that you voluntarily provide when using our service:
- Account Information: Username, email address, password (encrypted), and profile information
- Document Content: Templates you upload, prompts you provide, and documents you generate via DraftFoundry
- Meeting Content: Meeting transcripts, agenda information, and session data you provide to Drift Guard
- Payment Information: Billing details processed securely through third-party payment processors
- Communications: Messages you send us, feedback, and support requests
1.2 Information Automatically Collected
When you access our service, we automatically collect certain information:
- Usage Data: Pages viewed, features used, time spent, documents generated, meetings analyzed
- Device Information: IP address, browser type, operating system, device identifiers
- Log Data: Access times, error logs, and diagnostic data
- Cookies and Tracking: Session cookies, preference cookies, and analytics cookies
1.3 Information from Third Parties
- AI Service Providers: Usage data from AI APIs used to power our tools
- Analytics Providers: Usage statistics and user behavior data
- Payment Processors: Transaction status and payment verification
2. How We Use Your Information
2.1 Service Delivery
- Process your document generation requests via DraftFoundry
- Analyze meeting transcripts and provide focus scoring via Drift Guard
- Store and manage your templates, documents, and meeting data
- Process payments and maintain billing records
2.2 Service Improvement
- Analyze usage patterns to improve our AI algorithms and features
- Debug technical issues and optimize performance
- Develop new features based on user needs
2.3 Communication
- Send service-related notifications and updates
- Respond to your inquiries and support requests
- Send marketing communications (with your consent, opt-out available)
2.4 Legal and Security
- Comply with legal obligations and enforce our Terms of Service
- Detect, prevent, and address fraud and security issues
- Protect our rights, property, and safety
3. How We Share Your Information
We do not sell your personal information. We may share your information in the following circumstances:
3.1 Service Providers
- AI Providers: Your prompts, document content, and meeting data are sent to AI providers for processing. They process this data according to their own privacy policies and data processing agreements, and have committed to not training on customer data.
- Amazon Web Services (AWS): Secure file storage for uploaded templates and generated documents, encrypted at rest.
- Render: Our hosting provider processes data necessary to deliver the service.
- Payment Processors: Secure payment processing — we do not store full payment card information.
- Analytics Providers: Aggregate usage statistics to improve our service.
3.2 Legal Requirements
We may disclose your information if required by law, valid legal processes, government requests, or to protect rights, property, or safety.
3.3 Business Transfers
If Pingalaa LLC is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change in ownership or control.
4. Data Storage and Security
4.1 Data Storage
- Location: Data stored in the European Union (EU) on secure servers
- Database: PostgreSQL with encryption at rest
- File Storage: AWS S3 with server-side encryption
- Backups: Regular encrypted backups for disaster recovery
4.2 Security Measures
- SSL/TLS encryption for data in transit
- Encryption at rest for all stored data
- Password hashing using bcrypt
- Regular security audits and updates
- Access controls, authentication, and activity monitoring
4.3 Data Retention
- Account Data: Retained while your account is active
- Documents & Meeting Data: Retained until you delete them or close your account
- Logs: Retained up to 90 days for security and debugging
- Backups: Maintained for 30 days for disaster recovery
5. Your Privacy Rights
5.1 Access and Portability
- Request a copy of your personal data
- Export your templates, documents, and meeting data
- View information about how we process your data
5.2 Correction and Deletion
- Update or correct your account information
- Delete your content and generated files
- Request deletion of your account and associated data
5.3 Control and Objection
- Opt out of marketing communications
- Disable non-essential cookies
- Object to or restrict certain data processing activities
5.4 GDPR Rights (EU Users)
If you are in the European Union, you have additional rights under GDPR including: right to be forgotten, right to data portability, right to object to automated decision-making, and right to lodge a complaint with a supervisory authority.
5.5 CCPA Rights (California Users)
California residents have rights under the CCPA to know what personal information is collected, request deletion, opt-out of any sale of personal information (we do not sell data), and be free from discrimination for exercising CCPA rights.
To exercise any of these rights, contact us at: privacy@pingalaa.com
6. Cookies and Tracking Technologies
We use essential, analytics, and preference cookies to operate and improve our service. You can control cookies through your browser settings, though disabling essential cookies may affect functionality. For full details, see our Cookie Policy.
7. Third-Party AI Services
Important: When you use DraftFoundry or Drift Guard, your content is processed by third-party AI providers. These providers have their own privacy policies and have committed to not using customer data to train their models. We recommend reviewing their policies before use.
8. Children's Privacy
Our service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us at privacy@pingalaa.com.
9. International Data Transfers
Your information is primarily processed and stored in the European Union. Where data is transferred outside the EU by our service providers, we ensure appropriate safeguards such as Standard Contractual Clauses are in place.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy with an updated date, sending email notification, and displaying a prominent notice in the service. Continued use after changes constitutes acceptance.
11. Data Breach Notification
In the event of a data breach affecting your personal information, we will notify affected users within 72 hours of discovery, describe the nature of the breach, explain steps taken to address it, provide recommendations for protecting your information, and notify relevant authorities as required by law.
12. Contact Information
13. State-Specific Rights
Illinois Residents (BIPA)
We do not collect biometric information as defined under the Illinois Biometric Information Privacy Act (BIPA).
Other State Privacy Laws
If you reside in Virginia, Colorado, Connecticut, or other states with comprehensive privacy laws, you may have additional rights. Contact us at privacy@pingalaa.com for more information.
Questions or concerns? Reach out to us at privacy@pingalaa.com — we're committed to protecting your privacy and will respond promptly.