Privacy Policy

1. Introduction

Chat AI Pro ("Chat AI Pro," "we," "us," or "our") is committed to protecting the privacy of individuals who access and use our website, applications, and related services, tools, and communications (collectively, the "Services"). This Privacy Policy explains how we collect, use, disclose, store, and protect personal information, and it describes the rights and choices available to users regarding their personal data.

By accessing or using the Services, you acknowledge that you have read and understand this Privacy Policy and agree to the practices described in it. This Privacy Policy is incorporated into and forms part of our Terms and Conditions. If you do not agree with our privacy practices, you should not use the Services.

We recognize the importance of privacy and data protection and seek to handle personal information in accordance with applicable laws, including, where relevant, the California Consumer Privacy Act, as amended by the California Privacy Rights Act, the General Data Protection Regulation, and other applicable U.S. state privacy laws.

This Privacy Policy applies to all users of the Services, regardless of location, and governs personal information provided to us or collected by us in connection with the Services. Please read it carefully so you understand how we handle your information.

If you have questions or concerns about this Privacy Policy or our privacy practices, please contact us using the information provided in the Contact Us section.

2. Information We Collect

In connection with the Services, we collect personal information and other information depending on how you interact with us. This may include information you provide directly, information collected automatically, and information we receive from third parties. We seek to collect only the information reasonably necessary for the purposes described in this Privacy Policy.

2.1 Information You Provide Directly

You may provide us with personal information when you create an account, use the Services, make a purchase, or contact us. This information may include:

• Account and profile information. Name, email address, username, and other registration or profile details.
• Billing and payment information. Transaction information and payment-related details needed to process purchases or subscriptions. Payment card information is generally processed by third-party payment providers, and we do not store full payment card numbers on our servers.
• User submissions and chat inputs. Prompts, questions, messages, files, and other content you submit through the Services, along with associated metadata such as timestamps and session identifiers. If you choose to include personal or sensitive information in your inputs, that information may also be processed.
• Support and communications. Contact details, correspondence, attachments, feedback, and support history when you communicate with us.

2.2 Information We Collect Automatically

When you access or use the Services, we may automatically collect certain technical, device, and usage information, including:

• Device and technical information. IP address, browser type and version, operating system, device type, device identifiers, language preferences, and screen resolution.
• Usage and interaction data. Pages viewed, features used, session duration, access times, navigation paths, clicks, and other interaction data.
• Log and diagnostic information. System logs, crash reports, error reports, and performance information used for troubleshooting, fraud prevention, and service administration.
• Approximate geolocation information. General location inferred from your IP address for localization, analytics, and security purposes.

2.3 Cookies and Similar Technologies

We use cookies, pixels, local storage, scripts, and similar technologies to collect information about your use of the Services, remember preferences, support authentication, measure performance, and, where applicable, support analytics or marketing activities. Additional details are provided in the Cookies and Tracking section below.

2.4 Information We Receive from Third Parties

We may receive information about you from third parties, including:

• Analytics providers and data processors, which may provide aggregated or pseudonymized usage data.
• Payment processors and subscription platforms, which may provide transaction confirmations, billing status, chargeback information, or failed payment notices.
• Marketing and advertising partners, where permitted by law and consistent with your preferences.

2.5 Aggregated and De-Identified Information

We may create or receive aggregated, anonymized, or de-identified information that does not identify you personally. We may use and disclose such information for analytics, benchmarking, service improvement, product development, and other lawful business purposes.

We maintain appropriate technical and organizational safeguards to protect the confidentiality and integrity of the information we collect. We do not sell your personal information, and all processing is subject to the limitations described in this Privacy Policy.

3. How We Use Your Information

We use the information we collect for legitimate business, operational, security, and legal purposes related to the provision and improvement of the Services. In particular, we may use your information to:

• Provide and operate the Services. This includes enabling access to the platform, processing transactions, delivering requested features, and generating responses based on your inputs.
• Improve and optimize the Services. We analyze usage trends, system performance, and aggregated data to troubleshoot issues, improve reliability, develop new features, and refine the user experience.
• Process payments and manage subscriptions. We use billing-related information to process purchases, manage subscriptions, send receipts, and address failed payments or billing disputes.
• Communicate with you. We may send administrative, transactional, support, or service-related communications, and, where permitted by law, promotional communications subject to your preferences.
• Provide customer support. We use contact details and support history to respond to inquiries, investigate issues, and resolve complaints or disputes.
• Protect the Services and enforce policies. We may use personal information to detect fraud, prevent abuse, maintain account security, investigate suspicious activity, and enforce our Terms and Conditions and other policies.
• Improve AI systems where permitted. As described below, we may use de-identified and anonymized information to evaluate and improve our AI systems, subject to applicable safeguards.
• Comply with legal obligations. We may process information as necessary to comply with laws, regulations, legal processes, and lawful governmental requests.
• Establish, exercise, and defend legal claims. We may use information where reasonably necessary to protect our rights, resolve disputes, and limit harm.
• Act with your consent. Where required or appropriate, we may process personal information based on your consent, which you may withdraw at any time where permitted by law.

We do not use personal information to make solely automated decisions that have legal or similarly significant effects on individuals without appropriate human involvement. We do not sell or license your personal information to third parties.

4. Purpose of Processing

We process personal information only for specific, legitimate, and proportionate purposes necessary to operate, maintain, secure, and improve the Services.

Our primary purpose is to provide the core functionality of our chat-based AI platform, including account administration, delivery of AI-generated responses, support, personalization, and service continuity. We also process information to improve system performance, analyze service usage, detect and correct technical issues, and develop new features.

Processing may also be necessary to manage subscriptions, process payments, fulfill contractual commitments, comply with legal obligations, investigate misuse, prevent fraud, and enforce our rights under applicable agreements and laws.

In limited circumstances, we may rely on your consent, such as when you choose to receive promotional communications or participate in certain optional programs. You may withdraw consent at any time, subject to applicable law.

We apply the principle of data minimization and seek to use only the information reasonably necessary for the stated purpose. We do not use personal information for purposes materially incompatible with the original purpose of collection unless authorized by law or supported by your consent.

5. How We Share Your Information

We do not sell or rent your personal information. We may, however, share information in the following limited circumstances and subject to appropriate safeguards:

• Service providers. We may share information with vendors and service providers that perform services on our behalf, such as hosting, payment processing, analytics, customer support, communications delivery, and security monitoring. These parties are authorized to use the information only as necessary to provide their services to us.
• Analytics and performance providers. We may share technical and behavioral information with providers that help us understand how users interact with the Services and improve performance.
• Third-party integrations. If you choose to use third-party tools, integrations, or content made available through the Services, we may share information needed to enable that functionality. Your interactions with those third parties are governed by their own terms and privacy policies.
• Legal and compliance disclosures. We may disclose information where required by law or where we reasonably believe disclosure is necessary to comply with a legal obligation, respond to lawful requests, protect our rights or property, prevent fraud, or protect the safety of users or others.
• Business transfers. If we are involved in a merger, acquisition, restructuring, financing, or sale of assets, personal information may be transferred as part of that transaction, subject to applicable confidentiality and notice obligations.
• Aggregated or de-identified data. We may disclose aggregated, anonymized, or de-identified data for analytics, research, product development, or other lawful purposes.

We do not allow third parties to use your personal information for their own independent direct marketing purposes.

5.1 Microsoft Clarity

We use Microsoft Clarity as an analytics and user-experience tool. Clarity may process limited technical and usage information, including session activity, clicks, scroll behavior, page rendering details, and device metadata, in order to provide heatmaps, session replays, and related usability metrics. We use Clarity with privacy protections, including masking and consent controls where required by law. Microsoft processes this information in accordance with its own terms, privacy disclosures, and retention practices.

6. Use of AI Technologies and Training

Our Services rely on artificial intelligence technologies, including machine learning and natural language processing, to generate text-based responses and power interactive functionality.

When you use the Services, your prompts, messages, and other submitted content may be processed in real time by our AI systems to generate responses and support platform functionality. This processing is subject to appropriate technical and organizational safeguards.

Unless expressly disclosed otherwise at the point of collection or in your settings, we do not use your identifiable inputs to train our AI models. In some circumstances, we may use de-identified and anonymized data derived from user interactions to evaluate and improve model quality, system performance, and service functionality, consistent with applicable law.

We do not use your name, contact details, billing information, or other account-specific identifiers to train or fine-tune public or third-party AI models. Any training or evaluation activities we conduct are designed to minimize the risk of re-identification, disclosure, or reproduction of individual user data.

If we introduce features that permit users to opt in or opt out of certain model-improvement uses, we will provide clear notice and accessible controls.

Because AI-generated outputs are probabilistic and may be incomplete or inaccurate, you should not rely exclusively on them for legal, medical, financial, or other high-risk decisions without independent review.

7. Legal Basis for Processing

Where applicable data protection laws require a legal basis for processing, we rely on one or more of the following:

• Performance of a contract. To provide the Services, manage accounts, process purchases, and fulfill our obligations to you.
• Legitimate interests. To improve the Services, secure our systems, prevent fraud, understand usage patterns, and operate our business, provided those interests are not overridden by your rights and interests.
• Consent. Where required, including for certain marketing communications, optional analytics, and similar activities.
• Compliance with legal obligations. To comply with laws, regulations, and lawful requests.
• Protection of vital interests. In limited circumstances involving safety, security, or urgent matters.

Where required, including in the EEA, UK, or Switzerland, we rely on consent for non-essential cookies and session replay technologies. In other jurisdictions, we may rely on legitimate interests where permitted while still honoring applicable opt-out rights and user preferences.

If you would like more information about the legal basis applicable to a specific processing activity, you may contact us.

8. Cookies and Tracking

We use cookies and similar technologies to operate the Services, remember preferences, authenticate users, analyze performance, understand usage patterns, and, where applicable, support marketing efforts.

Cookies are small text files stored on your browser or device. They help us maintain login sessions, remember settings, improve performance, and understand how users interact with the Services. We may use:

• Strictly necessary cookies required for core functionality and security.
• Performance and analytics cookies used to measure and improve the Services.
• Functional cookies used to remember settings and preferences.
• Marketing or advertising cookies where applicable and permitted by law.

We may also use other technologies such as pixel tags, embedded scripts, SDKs, and local storage to collect device and usage information, diagnose problems, and improve product design and performance.

We may work with third-party analytics and advertising providers. Those third parties may collect information in accordance with their own privacy policies, which we encourage you to review.

Where required by law, we will obtain your consent before placing non-essential cookies or trackers. You can also manage cookies through your browser settings, though doing so may affect certain functionality.

At this time, our Services do not respond to browser-based Do Not Track signals, as there is no consistent industry standard for responding to them.

We retain tracking data only for as long as reasonably necessary for the purposes described in this Privacy Policy and in accordance with our retention practices.

8.1 Microsoft Clarity Details

We use Microsoft Clarity to better understand how users interact with our website and applications. Clarity may collect behavioral and technical information such as clicks, scrolls, mouse movements, page rendering details, and device metadata. We configure Clarity with privacy protections, including masking and consent controls, and in jurisdictions where consent is required, Clarity session recording and non-essential cookies are enabled only after valid consent is obtained.

9. Your Rights and Choices

Depending on your location and applicable law, you may have the following rights with respect to your personal information:

• The right to know whether we process your personal information.
• The right to access the personal information we hold about you.
• The right to request correction of inaccurate or incomplete information.
• The right to request deletion of your personal information, subject to legal exceptions.
• The right to object to or restrict certain processing.
• The right to withdraw consent where processing is based on consent.
• The right to data portability, where applicable.
• The right to opt out of certain marketing or analytics activities, where available.
• The right to lodge a complaint with a competent supervisory authority or regulator, where applicable.

To exercise your rights, please contact us using the information in the Contact Us section. We may need to verify your identity before fulfilling certain requests. We will respond in accordance with applicable law.

Please note that we may retain certain information where necessary to comply with legal obligations, resolve disputes, prevent fraud, or enforce our agreements.

You may also manage certain analytics and session-replay preferences through our cookie banner or your browser settings. If you withdraw consent, future non-essential tracking will be disabled, though previously collected data may remain subject to applicable retention practices.

10. Account Deletion

You may request deletion of your account and associated personal information by contacting us through the channels identified in the Contact Us section. Before processing a deletion request, we may take reasonable steps to verify your identity.

Account deletion is generally irreversible. Once completed, you may lose access to your account, purchase history, content, and other associated records, except to the extent retention is required by law or necessary for legitimate business purposes.

We may retain limited information after deletion where necessary to comply with legal obligations, prevent fraud, resolve disputes, enforce agreements, maintain backups, or protect the integrity and security of the Services.

If your account is linked to a third-party identity provider, such as Google or Apple, you may also need to manage or revoke that third-party access separately. Deleting the application or ceasing to use the Services does not, by itself, constitute an account deletion request.

11. Data Retention

We retain personal information for as long as reasonably necessary to fulfill the purposes described in this Privacy Policy, including providing the Services, maintaining platform performance, complying with legal obligations, resolving disputes, and enforcing agreements.

Retention periods vary depending on the nature of the information, the reason it was collected, and applicable legal or regulatory requirements. Account and transaction information may be retained for the duration of your relationship with us and for a reasonable period thereafter.

When personal information is no longer needed, we will delete, anonymize, aggregate, or otherwise securely dispose of it, unless retention is required or permitted by law. Where deletion from backups is not immediately feasible, the data will remain protected and isolated from further active processing until deletion occurs.

We may retain aggregated or de-identified data for analytics, research, benchmarking, and product development.

For data processed by Microsoft Clarity on our behalf, Microsoft may retain playback data for approximately 30 days, heatmap and aggregated interaction data for up to approximately 13 months, and favorited or labeled sessions for up to approximately 13 months, subject to Microsoft's then-current policies.

12. Data Security

We implement administrative, technical, and physical safeguards designed to protect the confidentiality, integrity, and availability of personal information.

These safeguards may include encryption in transit, encryption at rest where appropriate, secure credential management, access controls, logging and monitoring, network protections, vulnerability management, and incident response procedures. Access to personal information is limited to authorized personnel with a legitimate business need.

We also maintain processes for patch management, system hardening, and security review. Despite these efforts, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

You are responsible for safeguarding your credentials and using the Services securely. If we become aware of a breach that triggers a legal notification obligation, we will provide notice in accordance with applicable law.

13. Children’s Privacy

The Services are not directed to children under the age of 18, or the equivalent minimum age in the applicable jurisdiction, and we do not knowingly collect personal information from such individuals.

If we learn that we have collected personal information from a child in violation of applicable law, we will take reasonable steps to delete that information. If you believe a child has provided personal information to us, please contact us promptly.

Parents or legal guardians who believe that a child has submitted personal information may contact us to request investigation and deletion, subject to reasonable verification of identity and authority.

14. International Users

The Services are operated from the United States and are primarily intended for users located in the United States. If you access the Services from outside the United States, you understand that your information may be transferred to, stored in, and processed in the United States or other countries where we or our service providers operate.

Those jurisdictions may not provide the same level of legal protection as your home country. Where required, we implement appropriate safeguards for international transfers, such as standard contractual clauses or other lawful transfer mechanisms.

If you are located in the EEA, UK, Switzerland, Canada, Australia, Brazil, or another jurisdiction with applicable privacy rights, you may have additional rights under local law. We will address such requests in accordance with applicable legal requirements.

15. California Residents

This section applies only to California residents and supplements the rest of this Privacy Policy.

Under the CCPA and CPRA, California residents may have the right to know what categories of personal information we collect, the purposes for which we use it, the categories of third parties to whom it is disclosed, and the specific pieces of personal information we hold about them. They may also have the right to request correction or deletion of certain personal information, to opt out of the sale or sharing of personal information, and to be free from discrimination for exercising their rights.

In the preceding 12 months, we may have collected categories of information such as identifiers, internet or network activity information, approximate geolocation information, commercial information, and inferences used to improve the Services. We do not sell personal information or share it for cross-context behavioral advertising as those terms are defined under California law.

We may disclose personal information to service providers, contractors, and other authorized third parties for the business purposes described in this Privacy Policy and subject to appropriate contractual restrictions.

To exercise your California privacy rights, you may contact us using the information in the Contact Us section. We may verify your identity before processing a request. Authorized agents may submit requests on your behalf where permitted by law and subject to appropriate verification.

16. Third-Party Links

The Services may contain links to websites, applications, or services operated by third parties. Those third parties are not controlled by us, and their privacy practices are governed by their own policies and terms.

We do not endorse or guarantee the content, security, or privacy practices of third-party websites or services. Your interactions with third-party services are solely between you and the applicable third party, and you should review their privacy policies and terms before providing information or using their services.

17. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our Services, legal obligations, or privacy practices. When we do, we will post the revised version and update the effective or last-updated date where appropriate.

If we make material changes, we may provide additional notice as required by law, such as by email or through a notice within the Services. Your continued use of the Services after the revised Privacy Policy becomes effective means you accept the updated version, to the extent permitted by law.

18. Contact Us

If you have questions, concerns, or requests relating to this Privacy Policy, our privacy practices, or your personal information, please contact us using the privacy contact details made available through the Services:

Madrigal Network, LLC 5575 Simmons St Num 1-265 North Las Vegas, NV 89031

When contacting us, please provide enough information for us to understand and respond to your request, such as your name, contact information, the nature of your inquiry, and any relevant context. We may request additional information to verify your identity before responding.

We will make reasonable efforts to respond to privacy-related requests and inquiries in a timely manner and in accordance with applicable law.