Privacy Policy

ChatToMap ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our service at chattomap.com.

1. Information We Collect

1.1 Chat Export Data

When you upload a WhatsApp chat export, we temporarily process the text content to extract activity suggestions (places, restaurants, hikes, etc.). We do NOT store your actual chat messages. See Section 3 for details on how this data is handled.

1.2 Extracted Suggestions

We store only the extracted activity suggestions, which include:

• Activity name (e.g., "Try the new sushi place")
• Location name and coordinates
• Category (restaurant, hike, trip, etc.)
• Date the suggestion was made
• Sender's first name only
• A brief excerpt from the original message

1.3 Account & Payment Information

When you make a purchase, we collect:

• Email address (for sending results and receipts)
• Payment information (processed securely by Stripe - we never see your full card number)

1.4 Usage Data

We use privacy-focused analytics (Plausible) to understand how people use our service. This includes:

• Pages visited
• General geographic location (country level)
• Browser and device type

We do NOT use cookies for tracking. Plausible does not collect personally identifiable information.

2. How We Use Your Information

We use your information to:

• Process your chat export and generate your activity map
• Provide you with your results via the website and downloads
• Send you email with your results link (if requested)
• Process payments through Stripe
• Improve our service based on aggregate usage patterns
• Respond to support requests

3. Chat Data Handling

This is important:

• Your chat file is encrypted immediately upon upload using AES-256-GCM encryption.
• Your original chat file is deleted immediately after text extraction (typically within minutes).
• Extracted text is deleted immediately after AI processing (typically within minutes).
• We never store your actual messages - only the extracted activity suggestions.
• Processing has a hard 1-hour time limit - after which your encrypted data becomes permanently inaccessible.

For complete details on our security architecture, see our Security page.

4. Data Retention

• Extracted suggestions: Retained for 1 year to allow you to access your results, then automatically deleted.
• Payment records: Retained as required by law for tax and accounting purposes (typically 7 years).
• Support communications: Retained for up to 2 years.

You can request immediate deletion of your data at any time (see Section 7).

5. Data Sharing & Third-Party Services

We share your information only with the following services:

5.1 AI Processing (OpenAI / Anthropic)

We use AI to identify activities in your chat. What we send: Individual message snippets containing potential activity mentions (e.g., "We should try that new sushi place on Main St"). What we don't send: Your full chat history, personal conversations, or any context beyond the specific snippet being classified.

• OpenAI Privacy Policy
• Anthropic Privacy Policy

5.2 Location Services (Google Maps)

We use Google Maps to convert place names into map coordinates. What we send: Location names only (e.g., "Sushi Place, Main St, Auckland"). What we don't send: Any message content, sender names, or timestamps.

• Google Privacy Policy

5.3 Payment Processing (Stripe)

Stripe handles all payment processing. We never see or store your full card number. What Stripe receives: Your email, payment details, and purchase amount.

• Stripe Privacy Policy

5.4 Hosting & Infrastructure (Cloudflare)

Our service runs on Cloudflare Workers. Your data is processed on their globally distributed infrastructure with encryption at rest and in transit.

• Cloudflare Privacy Policy

5.5 What We Never Do

• We do NOT sell your data
• We do NOT share your data with advertisers
• We do NOT use your data to train AI models
• We do NOT retain chat content after processing

6. Data Security

We implement industry-standard security measures including:

• AES-256-GCM encryption for all stored data
• TLS 1.3 for all data in transit
• Asymmetric encryption so upload servers cannot decrypt data
• Tamper-proof audit logging
• Regular security reviews

ChatToMap is built by the team behind DocSpring, which is SOC 2 Type II certified. While ChatToMap itself has not been independently audited, we apply the same rigorous security standards.

7. Your Rights (GDPR & Similar Laws)

You have the right to:

• Access - Request a copy of all data we have about you
• Rectification - Correct any inaccurate data
• Erasure - Request deletion of all your data
• Portability - Receive your data in a machine-readable format
• Object - Object to processing of your data for certain purposes
• Withdraw consent - Withdraw consent for data processing at any time

To exercise any of these rights, email privacy@chattomap.com.

8. Children's Privacy

ChatToMap is not intended for children under 16. We do not knowingly collect information from children. If you believe we have collected data from a child, please contact us immediately.

9. International Data Transfers

Your data may be processed in countries outside your own, including the United States and European Union. We ensure appropriate safeguards are in place, including standard contractual clauses where required.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date.

11. Contact Us

If you have questions about this Privacy Policy, contact us at:

• Email: privacy@chattomap.com
• For security concerns: security@chattomap.com

ChatToMap is a product of DocSpring, Inc.