Welcome to ChatPil! This Privacy Policy applies to ChatPil, our iOS and Android mobile application (our “App”). This policy is intended to inform the users of our App about the nature, scope, and purpose of the collection and use of personal data by us in accordance with the EU’s General Data Protection Regulation (“GDPR”). 

 

WHO IS RESPONSIBLE FOR DATA PROCESSING?

The responsible party within the meaning of the above is ChatPil (“ChatPil”, “we”, “us”, “our”) the operator of this website. If you want to contact us or if you have any questions about data protection at ChatPil in general, you can reach us using hello@chatpil.com.

 

WHAT IS PROCESSING?

Processing means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means. The term is broad and covers virtually any handling of data.

 

WHAT IS PERSONAL DATA?

Personal data is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute Personal Data.

 

What is Special Category Data?

Special category data is Personal Data that needs more protection because it is sensitive. This includes Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data. As well as, data concerning health, a person’s sex life; and a person’s sexual orientation. In order to lawfully process Special Category Data, it is necessary to consent to the processing

 

WHAT ARE THE LEGAL BASES FOR PROCESSING YOUR DATA?

The following informs you about the legal basis of us processing your data and unless the legal basis is not specifically mentioned, the following applies: 

 

Consent: This is where we have asked you to provide explicit permission to process your data for a particular purpose. 

 

Contract: This is where we process your information to fulfill a contractual arrangement we have made with you. 

 

Legitimate Interests: This is where we rely on our interests as a reason for processing; generally, this is to provide you with the best services in the most secure and appropriate way. Of course, before relying on any of those legitimate interests, we balance them against your interests and make sure they are compelling enough and will not cause any unwarranted harm.

 

Legal Obligation: This is where we have a statutory or other legal obligation to process the information, such as for the investigation of crime. 

 

WHAT PERSONAL DATA DO WE COLLECT FROM YOU?

We may collect and process the following Personal Data about you:

 

a) Personal Data that you give us:

This is information about you that you give to us. It may include, for example, your name, email address, and phone number when you contact us. The legal basis is the initiation of a contract with you and your consent. 

 

We also process the Personal Data when you create an account in order to be able to provide you access to our Services. The Data you submit typically includes your nickname, age, gender, country, and for premium users, your email address and your password. The legal basis is the initiation of a contract with you and your consent. 

 

If you wish to use our App and its call and chat features, we process the Personal Data and Content you voluntarily provide for the purpose of providing your App. Depending on how you use our App, you may provide Content, Personal Data and Chat with other users. 

 

Content Data includes messages, photos, text messages, or other digital content you create, broadcast, perform, or upload on our App. Please remember that Content Data that you transmit may reveal Personal Data about yourself as well, including identifying information about yourself.

 

Data you provide may be considered “sensitive”. This includes data that could cause harm to an individual or company if released. By choosing to provide this data, you consent to our processing of that data. You have choices about the data you provide and how you share it. Please do not share information that you would not want to be available. The legal basis for the processing of your Data is the establishment and implementation of the user contract for the use of the service as well as your consent. 

 

Of course, we also process your calls, chats, and communications with other users, as well as the content you may provide to others through our App as you interact with them. 

 

The legal basis for providing the above is the fulfillment of the user contract for the use of the App as well as your consent. 

 

We process data in the context of administrative tasks as well as organization of our business, and compliance with legal obligations, such as archiving. In this regard, we process the same data that we process in the course of providing our contractual services. The processing bases are our legal obligations and our legitimate interest. 

 

If you create a support ticket, we will request Personal Data and, where applicable, non-Personal Data in accordance with your request; this may include your name, email address and other order related data you voluntarily provide. The data provided is not shared with third parties and cannot read your data when it is entered. If you submit a support ticket, we process the data for the purpose of processing and handling your ticket. Our employees will also have access to data that you knowingly share with us for technical support or to import data into our services. We communicate our privacy and security guidelines to our employees and enforce privacy safeguards strictly. The legal basis of the data processing is our obligation to fulfill the contract and/or our legitimate interest in processing your support ticket.

 

b) Personal Data that our App automatically collects about you: 

The App can be downloaded from the “Google Playstore'' a service offered by Google, or the Apple App service “App Store” a service of Apple, to install our App. Downloading it may require prior registration with the respective App store and/or installation of the respective App store software.

 

As far as we are aware, Google collects and processes the following data: License check, network access, network connection, WLAN connections, and location information. However, it cannot be ruled out that Google also transmits the information to a server in a third country. We cannot influence which Personal Data Google processes with your registration and the provision of downloads in the respective App store and App store software. The responsible party in this respect is solely Google as the operator of the Google Play Store. 

 

As far as we are aware, Apple collects and processes the following data: device identifiers, IP addresses, location information, it cannot be excluded that Apple also transmits the information to a server in a third country. We cannot influence which Personal Data Apple processes with your registration and the provision of downloads in the respective app store and app store software. The responsible party in this respect is solely Apple as the operator of the Apple App Store. 

 

Google and Apple may collect information from and about the device(s) you use to access our App, including hardware and software information such as IP address, device ID and type, device-specific and App settings and properties, App crashes, advertising IDs (AAID), information about your wireless and mobile network connection, such as your service provider and signal strength; information about device sensors such as accelerometer, gyroscope, and compass and Payment Data and billing confirmations.

 

To make a purchase, you may need to provide a valid payment method (e.g., credit card). Your payment information will be collected and processed by Apple Pay/ Google Pay. We do not directly collect or store credit or debit card numbers ourselves in the ordinary course of processing transactions. The legal basis for the provision of a payment system is the establishment and implementation of the contract.

 

We may request permission to store your App data including your Internet Connection and Network, Push Notifications, Gallery, Camera, Microphone, Speaker and local storage. The legal basis for data processing is our legitimate interest, the provision of contractual or pre-contractual measures and your consent. You can deny access on your device via the Settings/Notifications/ options of your device; however, this means that our App may not function as intended.

 

We use the Google Firebase developer App and related features and services provided by Google. We use the following Google Firebase services in our App: a) Firebase Analytics, and b) Firebase Crashlytics, It cannot be excluded that Google also transfers the information to a server in a third country. We cannot influence which data Google collects and processes. Firebase's key security and privacy information can be found here: https://firebase.google.com/support/privacy The legal basis is the implementation of the user contract for the use of the App.

 

When you use our App, you will receive so-called push messages from us, even if you are not currently using our App. These are messages that we send you as part of the performance of the contract using Firebase Cloud Messaging. You can adjust or stop receiving push messages at any time via a) the device settings of your device or b) or by enabling or disabling specific types of notifications within the App. Insofar as you consent to the use of push messages, consent is the legal basis for the processing.

 

The app uses the tool Crashlytics to log crashes of our App. No personal data is transmitted. Only real-time crash reports with precise details of code locations and device information are sent, which is intended to simplify maintenance and improve the resulting stability of our App. The legal basis for data processing is our legitimate interest. In the settings under data services, you can select whether you want to send crash reports or not. 

 

Our App uses the web analytics service Google Analytics for Firebase, which uses tracking technologies to track your use of our App. In this respect, information is generated about, among other things, the number of users and their sessions, the session duration, the operating system used by the users, their device model, the region from which our App is accessed, the first start of our App, our App execution and any updates.

 

In order to provide the relevant data for analysis, Firebase Analytics uses your a) device's advertising ID, b) an App instance ID (a randomly generated number that identifies a single app installation), c) and the IP address, which is shortened (IP masking) before being processed on Google's servers (which may be located outside the EEA) to generate the usage analysis. You can object to the use of Firebase Analytics at any time by disabling the sending of usage statistics in your device settings (Reset Advertising ID). We have no influence on these data processing operations. The basis for processing is our legitimate interest and your consent.

 

Our App is built using the Freemium Model. As such, the APP uses third-party advertising networks service to display ads. In order to provide personalized advertisements to our users, those listed below use device information that include personal and non-personal information, such as advertising (or ad) identifiers, IP address regarding the delivery of advertisements and your interaction with them and/or other tracking technologies to enable and optimize this advertising procedure. Ad identifiers are non-permanent device identifiers such as Apple’s or Google’s ID for advertising). Advertisers and third parties also may collect information about your activity on our APP, on devices associated with you, and on third-party sites and applications using tracking technologies. Tracking data collected by these advertisers and third parties is used to decide which ads you see both on our APP and on third-party sites and applications. 

 

The App uses the Google Admob and Facebook Audience Network service to display ads. Ads are personalized based on the device you are using. You can disable this via the settings on your device. You can also opt out on the Digital Advertising Alliance (DAA) if you wish not to receive targeted advertising. In addition, you may also choose to control targeted advertising you receive within applications by using the settings and controls on your devices.

 

Advertisers and third parties also may collect information about your activity on our app, on devices associated with you, and on third-party sites and applications using tracking technologies. Tracking data collected by these advertisers and third parties is used to decide which ads you see both on our app and on third-party sites and applications. If you do not wish to participate in our advertising personalization or retargeting/tracking you can object to behavioral advertising at the following websites: Your Online Choices, Digital Advertising Alliance of Canada, Network Advertising Initiative, AdChoices and the European Interactive Digital Advertising Alliance (Europe only). In addition, you may also choose to control targeted advertising you receive within applications by using the settings and controls on your devices.

 

CHANGE OF PURPOSE

We will only use your Personal Data for the purposes for which we collected it as detailed above, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you, and we will explain the legal basis which allows us to do so.

 

ANONYMITY AND SESSION DATA 

Anonymous communication is a way to share information or communicate without revealing your identity or name. Subject to STORAGE AND RETENTION and HOW WE SECURE YOUR PERSONAL DATA below:

• Encryption standards are applied for all communications (both storage and transmission)

• All communications and data in ChatPil are encrypted end-to-end. 

 

In terms of usage sessions:

• regular users are restricted by a session period of 6 hours. 

• the session can be extended by watching rewarded videos.

 

Please note: Once you log out or the session expires, all data is permanently deleted, and cannot be recovered.

 

STORAGE AND RETENTION

When designing our App, we have made sure that no information that directly identifies you is stored by us and instead our App uses your device storage. However, if you contact us, create a support ticket, or use our premium features, we are required to store certain contact data, such as your name and email address. We will delete your contact details when we no longer need them, for instance where: it is no longer necessary for us to retain your contact details to fulfill the purposes for which we had collected it; we believe that your contact details is inaccurate; or in certain cases where you have informed us that you no longer consent to our processing of your contact details.

 

Sometimes, however, there are legal or regulatory requirements which may require us to retain your contact details for a specified period, and in such cases we will retain your contact details for such specified period; and we may need to retain your contact details for certain longer periods in relation to legal disputes, and in such cases we will retain them for such longer periods to the extent required.

 

WHEN DO WE DISCLOSE YOUR PERSONAL DATA?

We may share your information with organizations that help us provide the services described in this policy and who may process such data on our behalf and in accordance with this policy, to support our App and our services. If you wish to learn more about how the relevant provider processes your personal data, please follow the links embedded in the above-mentioned provider's name. 

 

Typically and unless otherwise stated in this policy, data may be shared on the basis of our contractual and pre-contractual obligations. Equally, if you have consented to it, or where we have a legal obligation to do so or on the basis of our legitimate interests (e.g., when using agents, hosting providers, tax, business and legal advisor's, accounting, and similar services that allow us to perform our contractual obligations, administrative tasks, and duties efficiently and effectively). If we commission third parties to process data on the basis of a so-called "processing agreement".

 

We may also disclose information in other circumstances, such as when you agree to it or if the law, a court order, a legal obligation, or a regulatory authority asks us to. If the purpose is the prevention of fraud or crime or if it is necessary to protect and defend our rights, property, or personal safety of our staff, the App and its users.

 

HOW WE SECURE YOUR PERSONAL DATA

Our App uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as login data or contact requests that you send to us. We have also implemented numerous security measures (“technical and organizational measures”) for example encryption or need-to-know access, to ensure the most complete protection of Personal Data processed through our App.

 

DATA BREACHES AND NOTIFICATION

Databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised, and the notice will be accompanied by a description of the action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.

 

YOUR RIGHTS AND PRIVILEGES 

1. Privacy rights 

You can exercise the following rights:

• The right to access;

• The right to rectification;

• The right to erasure;

• The right to restrict processing;

• The right to object to processing;

• The right to data portability;

 

1. Updating your information and withdrawing your consent 

If you believe that the information we hold about you is inaccurate or request its rectification, deletion, or object to legitimate interest processing, please do so by contacting us or use the open a request feature in our App.

 

1. Access Request 

In the event you want to make a Data Subject Access Request, please contact us. We will respond to requests regarding access and correction as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days, we will tell you why and when we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we will tell you why.

 

1. Complaint to a supervisory authority

If you believe that the processing of your Personal Data is not lawful, you can lodge a complaint with a data protection supervisory authority. We would, however, appreciate the chance to deal with your concerns before you approach any supervisory authority.

 

1. What we do not do

• We do not request Personal Data from minors and children;

• We do not process special category data without obtaining prior specific consent; and

• We do not use automated decision-making, including profiling.

 

USA SPECIFIC PROVISIONS

The following applies to users located in the United States. While we understand and appreciate that privacy and consumer data protection laws differ as they are subject to each state's legislature and that no data protection framework similar to the GDPR exists on a federal level, we are committed to follow and apply the for your state relevant privacy rules and regulations. 

 

As of the day of drafting, the following states had enacted privacy and consumer data protection laws: California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia. Under consideration of the similarities of the above provisions, no conflict should arise pursuing a uniform approach in granting all users in the USA the same rights and privileges as set out above. However, should ambiguity occur, the most stringent provision is chosen to ensure the most comprehensive approach when it comes to protecting your Personal Data.

 

Further, the following also apply

 

1. “Shine the Light”

“Shine the Light” law (Civil Code Section 1798.83) requires us to respond to requests from California asking about the business’s practices related to disclosing Personal Data to third parties for the third parties’ direct marketing purposes. You may make a request about our collection and disclosure of your Personal Data using the contact details provided.

 

1. COPPA (Children Online Privacy Protection Act)

When it comes to the collection of Personal Data from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online. We do not specifically market to children under the age of 13 years old.

 

1. CAN SPAM Act

The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations. To be in accordance with CAN SPAM, we agree to the following: If at any time you would like to unsubscribe from receiving future emails, you can email us, and we will promptly remove you from ALL correspondence.

 

1. Telephone Consumer Protection Act (TCPA)

If we process your Personal Data for the purpose of sending you SMS marketing communications, you may manage your receipt of marketing and non-transactional communications from us by replying or texting ‘STOP’ if you receive our SMS communications. In this respect, the data processing is carried out solely on the basis of our consent in personalized direct advertising per SMS.

 

1. Controls For Do-Not-Track Features

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ('DNT') feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, our App does not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this policy.

 

1. Right to complain

Finally, and in regard to the right to complain to a supervisory authority. You have the right to lodge a complaint about our processing of Personal Data with a supervisory authority responsible for data protection. Users based in the above mentioned States may lodge a complaint with the relevant district attorney or attorney general office. However, we would appreciate the opportunity to address your concerns before you contact any supervisory authority.

 

CANADA AND MEXICO SPECIFIC PROVISIONS

Both Canada and Mexico have introduced data protection laws that are similar to the GDPR, namely Federal Law for the Protection of Personal Data in the Possession of Private Parties (“LFPDPPP”) supplemented by the Rules of the Federal Law for the Protection of Personal Data in the Possession of Private Parties in Mexico and the Personal Information Protection and Electronic Documents Act (“PIPEDA”) in Canada. Under consideration that the GDPR has played a pivotal role, no conflict should arise pursuing a uniform approach in granting all users in Mexico or Canada the same rights and privileges as set out above. However, should ambiguity occur, the most stringent provision is chosen to ensure the most comprehensive approach when it comes to protecting your personal data.

 

In terms of your right to complain, Canada’s national supervisory authority is the Office of the Privacy Commissioner (www.priv.gc.ca) and the National Institute of Transparency, Access to Information and Personal Data Protection (Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales) (“INAI”) is the national supervisory authority in Mexico (www.ifai.org.mx). 

 

HELP AND COMPLAINTS

If you have any questions about this policy or the information we hold about you, please contact us using [Insert Email].

 

CHANGES

The first version of this policy was issued on Friday, 18th of October, 2024, and is the current version. Any prior versions are invalid, and if we make changes to this policy, we will revise the effective date.