$50 free credit for new accounts - ends in

Claim $50

Legal

Privacy Policy

How Chatref collects, uses, and protects your data. Your content stays yours and is never used to train shared models.

Last updatedJune 26, 2026

1. Introduction

Chatref is an AI chatbot platform. You upload your docs, websites, or knowledge base, and Chatref builds an agent that answers questions grounded in that content.

This Privacy Policy explains what data Chatref ("we", "our", "us") collects, how we use it, and the choices you have. It applies to chatref.ai, app.chatref.ai, and any sub-domain or service we run under the Chatref brand (the "Services").

Chatref is operated by Lemaistre Lab Technologies LLP. If anything below is unclear, write to hello@chatref.ai and we will respond within 30 days.

2. What we collect

2.1 Account data

  • Name and email address when you sign up or request a demo
  • Workspace name and team member emails you invite
  • Optional profile fields you choose to add

2.2 Customer content (your agent's knowledge)

  • Documents, URLs, sitemaps, FAQ entries, and any other content you upload or link to train your agent
  • Visitor conversations that happen inside your deployed chatbot widget
  • Configuration: agent persona, prompts, allow-listed domains, branding

This content remains your property. Chatref processes it only to run your agent. It is never used to train shared or general-purpose AI models, and never shared with another customer.

2.3 Usage and technical data

  • IP address, browser, device, and approximate region
  • Pages visited inside the dashboard and feature interactions
  • Logs for debugging, abuse prevention, and uptime monitoring

We use PostHog to capture product-analytics events that show how the dashboard is used. This data is used in aggregate to improve Chatref, and is never sold.

2.4 Billing data

  • Paddle is the Merchant of Record and seller of record for every purchase, and acts as an independent data controller for your payment data. When you buy credit, your payment contract is with Paddle, and Paddle (not Chatref) collects and processes your card number, billing address, and transaction details. These are never stored on Chatref servers - Chatref only receives receipt metadata (amount, currency, status, and the last 4 digits of the card). Paddle also calculates, collects, and remits any sales tax or VAT. How Paddle handles your payment data is governed by the Paddle Buyer Terms and the Paddle Privacy Notice.
  • Coin balance, top-up history, and per-message consumption records. Chatref runs on a pay-as-you-go model: 1 to 5 coins per chatbot response, $50 free credit on signup, no subscriptions.

3. How we use your data

  • Operate your agent: retrieve from your content, generate grounded answers, and deliver responses to your visitors
  • Authenticate users and manage workspace access
  • Bill you accurately and apply your free credit
  • Provide support when you write in
  • Send product updates and security notices. Marketing emails are sent only with your consent and you can opt out at any time.
  • Detect abuse, prevent fraud, and meet legal obligations
  • Improve Chatref's own features (in aggregate, never per-customer)

We do not sell your personal data. We do not use customer content to train shared models.

4. AI model providers and how prompts flow

To generate answers, Chatref sends the retrieved context plus the visitor's question to a large language model. Requests are routed through Vercel AI Gateway, which gives Chatref access to models from leading providers including OpenAI, Anthropic, Google, Mistral, Groq, xAI, and Meta. The specific model used to answer is configurable, and we may change it to improve quality, speed, or cost.

Whichever provider serves a request, we require that they:

  • Process the data only to fulfil that request
  • Do not use Chatref traffic to train their foundation models
  • Retain prompt and response data only for the limited windows defined in their terms (typically 0 to 30 days for abuse detection)

If you require a specific model provider, or want a particular provider excluded for compliance reasons, write to hello@chatref.ai.

5. Sub-processors

Chatref relies on the following providers to deliver the service:

Sub-processorPurposeLocation
VercelWeb hosting, edge delivery, and AI Gateway routingUS, EU
ClerkAuthentication and account identityUS, EU
SupabaseApplication database and vector store (embeddings)EU
CloudflareObject storage (R2), DNS, CDN, and DDoS protectionGlobal
PaddlePayments and tax, as Merchant of RecordUK, US
PostHogProduct analyticsUS, EU
ResendTransactional emailUS, EU

AI answer generation runs through Vercel AI Gateway, which routes requests to the model providers named in Section 4 (such as OpenAI, Anthropic, Google, Mistral, Groq, xAI, and Meta). Each sub-processor is bound by a data protection agreement. We update this list when we add or remove providers.

6. Cookies and tracking

Chatref uses a small set of cookies for sign-in sessions (via Clerk), theme preference, and product analytics (via PostHog). See the Cookie Policy for the full list and how to control them.

7. International data transfers

Depending on the sub-processor, your data may be processed in the United States, the United Kingdom, the European Union, or India. Where required, we rely on Standard Contractual Clauses and equivalent safeguards under GDPR.

8. Data retention

  • Customer content and conversation history: kept for the lifetime of your workspace. You can delete any document or conversation at any time from the dashboard.
  • Account closure: workspace data is deleted within 30 days of account closure. Backups are purged within an additional 90 days.
  • Billing records: retained for 7 years to meet Indian and EU tax-record requirements.
  • Server logs and analytics: up to 24 months.

You can request earlier deletion of any data by writing to hello@chatref.ai.

9. Your rights

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Delete your data (the "right to be forgotten")
  • Export your data in a portable format
  • Restrict or object to certain processing
  • Withdraw consent for marketing at any time

To exercise any of these rights, contact hello@chatref.ai. We respond within 30 days.

10. Security

  • Encryption. TLS 1.2+ in transit. AES-256 at rest for object storage and database backups.
  • Access controls. Role-based permissions per workspace. Production access is restricted, logged, and reviewed.
  • No shared training. Customer content is never mixed across workspaces or used to train Chatref's own models.
  • Domain allow-listing. You can lock your widget to specific domains so the agent cannot be embedded elsewhere.
  • Vendor compliance. All sub-processors are SOC 2 or ISO 27001 aligned. Chatref's own SOC 2 work is in progress.

11. Children's data

Chatref is not intended for children under 16. We do not knowingly collect data from minors. If we discover such data has been collected, it will be deleted promptly.

12. Changes to this policy

We may update this Privacy Policy as our practices evolve. Material changes will be announced by email or an in-product notice. The "Last updated" date at the top always reflects the current version.

13. Contact

Questions about this policy or any privacy matter:

Still have questions about your data?

Write to us. A real human responds within 30 days.

Email hello@chatref.aiStart free