Privacy Policy

1. Introduction

This Privacy Policy describes how Print Chat ("we," "us," or "our") collects, uses, and protects your information when you use our website and services at printchat.app (the "Service").

We are committed to protecting your privacy and have designed our Service with a privacy-first, data-minimization architecture. By using Print Chat, you agree to the collection and use of information in accordance with this policy.

2. Legal Basis for Processing (GDPR Article 6)

For users in the European Economic Area (EEA), United Kingdom, and other jurisdictions requiring a legal basis for data processing, we process your personal data under the following lawful bases:

• Contractual Necessity (Article 6(1)(b)): Processing your Account Data is necessary to perform our contract with you—specifically, to provide the chat-to-PDF conversion service, manage your credits, and enable re-exports of purchased files.
• Legitimate Interests (Article 6(1)(f)): Processing for fraud prevention, security, and service improvement, where such interests are not overridden by your rights.
• Legal Obligation (Article 6(1)(c)): Processing required to comply with tax, accounting, or other legal requirements.

3. Data We Collect

We classify data into two distinct categories:

3.1 Chat Content (Zero-Knowledge — We NEVER Collect This)

3.2 Account Data (Minimal Collection)

We collect only the minimum data necessary to provide our Service:

• Email Address: For account authentication and essential service communications.
• Credit Balance: The number of export credits in your account.
• File Hashes: SHA-256 cryptographic fingerprints of files you've exported. These one-way hashes cannot be reversed to reconstruct your files—they only verify purchase history for free re-exports.
• Transaction Records: Records of credit purchases processed by our payment provider.

4. How We Use Your Information

We use Account Data exclusively for:

• Service Delivery: Authenticating your account and managing your credit balance.
• Purchase Verification: Matching file hashes to enable unlimited re-exports.
• Essential Communications: Emails about your account, purchases, or critical service updates.
• Security: Detecting and preventing fraud, abuse, or security incidents.

We do NOT use your information for marketing, advertising, profiling, behavioral analysis, or any purpose beyond providing the Service.

5. Analytics (Consent-Based Only)

We use PostHog, a privacy-focused analytics platform, to understand how visitors use our website (e.g., which pages are visited, button clicks). This helps us improve the Service.

6. Cookies

We use essential cookies required for the Service to function, plus optional analytics cookies that require your consent:

• Authentication Cookies: To maintain your logged-in session.
• Security Cookies: To prevent cross-site request forgery and other attacks.
• Analytics Cookies (consent required): If you accept analytics via the cookie consent banner, PostHog stores a cookie to remember your preference and collect anonymous usage data. If you decline, no analytics cookies are set.

We do not use advertising cookies, retargeting cookies, or any cookies that serve ads.

7. Service Providers (Sub-Processors)

We engage a limited number of trusted third-party providers. These providers only process Account Data—never your chat content:

7.1 Supabase (Authentication & Database)

• Purpose: User authentication and secure storage of Account Data.
• Data Processed: Email address, credit balance, file hashes, session tokens.
• Security: SOC 2 Type II certified data centers.
• Privacy Policy: supabase.com/privacy

7.2 Paddle (Merchant of Record)

• Purpose: Our order process is conducted by our online reseller Paddle.com. Paddle.com is the Merchant of Record for all our orders. Paddle provides all customer service inquiries and handles returns.
• Data Processed: Payment information (credit card details, billing address) is collected directly by Paddle. Print Chat never sees or stores your payment card information.
• Privacy Policy: paddle.com/legal/privacy

7.3 PostHog (Analytics — Consent Required)

• Purpose: Anonymous website usage analytics to improve the Service. Only active if you consent via the cookie banner.
• Data Processed: Page views, button clicks, anonymous session data. Never processes chat content.
• Privacy Policy: posthog.com/privacy

7.4 Vercel (Web Hosting)

• Purpose: Hosting our website and serving static assets.
• Data Processed: Standard server logs (IP address, browser type, access times) for security purposes only.
• Privacy Policy: vercel.com/legal/privacy-policy

8. Data Security

We implement appropriate technical and organizational measures to protect your Account Data:

• All data transmission is encrypted using TLS 1.3.
• Account Data is stored in encrypted databases with strict access controls.
• We use secure authentication protocols and session management.
• Regular security reviews and updates are performed.

For your chat content, security is guaranteed by architecture: since this data never leaves your device, it cannot be intercepted, breached, or leaked from our systems.

9. Data Retention

• Chat Content: Not retained. Erased from browser memory immediately after processing or when you close the tab.
• Account Data: Retained while your account is active. Permanently deleted within 30 days of account deletion, except where legally required.
• Server Logs: Automatically deleted after 30 days.

10. Your Privacy Rights

Depending on your location (including under GDPR, CCPA, and other privacy laws), you have the following rights:

10.1 Right to Access

You may request a copy of the personal data we hold about you. We will provide this within 30 days.

10.2 Right to Rectification

You may request correction of any inaccurate personal data we hold about you.

10.3 Right to Erasure ("Right to Be Forgotten")

You may request deletion of your personal data. Upon request, we will permanently delete your Account Data within 30 days, subject to any legal retention requirements.

10.4 Right to Data Portability

You may request your data in a structured, machine-readable format (e.g., JSON or CSV).

10.5 Right to Object

You may object to processing of your personal data in certain circumstances.

10.6 Right to Restrict Processing

You may request that we limit how we use your data while a complaint is being investigated.

10.7 CCPA Rights (California Residents)

California residents have the right to know what personal information is collected, request deletion, and opt-out of the sale of personal information. We do not sell your personal information.

To exercise any of these rights, contact us at support@printchat.app. We will respond within 30 days.

11. International Data Transfers

Our service providers may process Account Data in countries outside your jurisdiction (including the United States). Where such transfers occur, they are protected by:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Processing Agreements with each sub-processor
• Appropriate technical and organizational safeguards

12. Children's Privacy

Our Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately at support@printchat.app.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by posting the updated policy on this page and updating the "Last Updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions about this Privacy Policy, your data rights, or our privacy practices, please contact us:

• Email: support@printchat.app
• Website: printchat.app