Welcome to ChatMint ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI WhatsApp chatbot service.
Key Principle: Your data remains in your account. We follow GDPR-friendly practices, and you can delete your data at any time.
2. Information We Collect
2.1 Account Information
Personal Details: Name, email address
Contact Information: WhatsApp phone number (for bot connection)
Payment Information: Billing details processed securely through Stripe
Connection Data: IP address, access times, session duration
Cookies: Essential cookies for service functionality and authentication
Log Data: Server logs for troubleshooting and security
3. How We Use Your Information
3.1 Service Provision
Operating your AI WhatsApp chatbot 24/7
Processing and responding to WhatsApp messages
Transcribing voice notes and analyzing images
Providing usage analytics and insights
Managing blocklists and usage limits
3.2 Account Management
Creating and maintaining your account
Processing payments and billing through Stripe
Providing customer support via email and WhatsApp
Sending important service notifications and updates
Managing subscriptions and plan changes
3.3 Service Improvement
Improving AI response quality and accuracy
Developing new features and capabilities
Ensuring service security, stability, and performance
Analyzing usage patterns for optimization
4. Data Storage and Security
Your Data Stays With You: All your conversation data, bot configurations, knowledge files, and usage statistics remain in your personal account. We don't use your data to train AI models or share it with third parties for marketing purposes.
4.1 Security Measures
Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
Access Controls: Strict role-based access controls and multi-factor authentication
Regular Audits: Security assessments, vulnerability scans, and penetration testing
Secure Infrastructure: Industry-standard cloud security with SOC 2 compliance
Data Isolation: Each customer's data is isolated and segregated
4.2 Data Retention
Active Accounts: Data retained while your account is active and for service provision
Cancelled Accounts: Data securely deleted within 30 days of account cancellation
Backup Data: Backups purged within 90 days of account deletion
Legal Requirements: Some data may be retained longer if required by applicable law
5. Data Sharing and Disclosure
We do not sell, rent, or trade your personal information. We may share limited data only in these specific circumstances:
5.1 Service Providers
Payment Processing: Stripe for secure payment handling and billing
Cloud Services: Secure hosting and infrastructure providers (AWS, Google Cloud)
AI Services: Language model providers for generating bot responses
Communication: Email service providers for notifications and support
5.2 Legal Requirements
When required by law, court order, or legal process
To protect our rights, property, or safety
To ensure user safety and service security
To prevent fraud or abuse of our services
5.3 Business Transfers
In the event of a merger, acquisition, or sale of assets
Users will be notified of any change in data ownership
Same privacy protections will apply to transferred data
6. Your Rights and Choices
6.1 GDPR Rights (EU Users)
Access: Request a copy of your personal data we hold
Rectification: Correct inaccurate or incomplete information
Erasure: Delete your data ("right to be forgotten")
Portability: Export your data in a machine-readable format
Restriction: Limit how we process your data
Objection: Object to certain types of data processing
Withdraw Consent: Withdraw previously given consent
6.2 Account Controls
Dashboard Access: View, modify, and delete your data through your account dashboard
Bot Configuration: Update instructions, settings, and blocklists anytime
Data Export: Download your conversation history, settings, and knowledge files
Account Deletion: Permanently delete your account and all associated data
Communication Preferences: Manage email notifications and preferences
6.3 California Privacy Rights (CCPA)
Know: What personal information we collect and how it's used
Delete: Request deletion of your personal information
Opt-Out: Opt out of the sale of personal information (we don't sell data)
Non-Discrimination: Equal service regardless of privacy choices
7. WhatsApp Integration
Important: ChatMint is not affiliated with WhatsApp or Meta Platforms, Inc. We connect to WhatsApp through official APIs and secure protocols. "WhatsApp" is a trademark of Meta Platforms, Inc.
7.1 How It Works
You connect your WhatsApp number via secure QR code scanning
Messages sent to your number are processed through our AI service
Bot responses are sent back through WhatsApp's messaging system
Your phone number remains under your control at all times
You can disconnect the service anytime from your dashboard
7.2 WhatsApp Data Handling
We only process messages sent to your connected WhatsApp number
We don't access your personal WhatsApp conversations or contacts
Message data is stored securely in your ChatMint account only
Voice notes are transcribed and the audio is not permanently stored
Images are analyzed for context but not stored beyond processing needs
7.3 Connection Security
All connections use end-to-end encryption where supported
QR code authentication ensures secure linking
Session tokens are regularly rotated for security
Connection status is monitored for unauthorized access
8. International Data Transfers
Your data may be processed in countries outside your country of residence, including the United States and European Union. We ensure adequate protection for international transfers through:
Standard Contractual Clauses (SCCs): EU-approved data transfer mechanisms
Adequacy Decisions: Transfers to countries with adequate privacy laws
Data Processing Agreements: Binding contracts with service providers
Technical Safeguards: Encryption and access controls for data protection
9. Children's Privacy
ChatMint is not intended for children under 13 years of age (or under 16 in the EU). We do not knowingly collect personal information from children under these ages. If you believe we have collected information from a child under the applicable age limit, please contact us immediately and we will delete such information.
If you are a parent or guardian and become aware that your child has provided personal information to us, please contact us using the information in the "Contact Us" section below.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of significant changes by:
Email notification to your registered account email address
Prominent notice in your ChatMint dashboard
Updated "Last updated" date at the top of this policy
For material changes, we may require your consent to continue using the service
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
11. Contact Us
ChatMint is a product of MakeFlow LLC. If you have questions about this Privacy Policy, want to exercise your privacy rights, or need assistance with your account, please contact us: