Chatlys

Privacy Policy

Effective date: December 18, 2025

This Privacy Policy explains how Chatlys ("Chatlys", "we", "us", or "our") collects, uses, discloses, and protects personal data when you use our websites, applications, products, and services, including the Chatlys Mail Assistant application (collectively, the "Services"). By using the Services, you agree to the practices described in this Policy.

1. Who we are

Chatlys provides tools that help individuals and teams interact with email more efficiently using automation and AI. Our Services may integrate with your email providers and other systems only with your explicit authorization.

2. Scope

This Policy applies to personal data we process in connection with the Services, whether collected online or offline, and regardless of the device you use to access them. This Policy does not apply to third-party services that are governed by their own privacy policies.

3. Information we collect

3.1 Information you provide to us

• Account and profile data, such as your name, email address, password (hashed), and any optional profile details you choose to provide.
• Email account connection data you authorize, such as OAuth tokens or app-specific credentials required to connect to your email provider (e.g., IMAP or Microsoft 365). We do not receive your email password unless you explicitly provide it for a custom connection; where available, we use OAuth.
• Content you process with the Services, such as emails, drafts, attachments’ metadata, message headers, and prompts you provide to generate replies. We only process such content to provide the features you use.
• Communications you send to us, including support inquiries and feedback.

3.2 Information collected automatically

• Usage data and log information, such as device and browser type, IP address, pages viewed, referring/exit pages, timestamps, and interactions with the Services. We use this to maintain security, prevent abuse, and improve performance.
• Diagnostic and performance data, including error reports and basic analytics to understand feature usage.
• Cookies and local storage. We may use strictly necessary cookies and local storage (for example, localStorage in your browser) to remember your preferences (such as UI settings or the email address you are currently configuring). We do not use third‑party advertising cookies in the app.

3.3 Information from third parties

• Email and identity providers, when you connect your account (e.g., Microsoft 365). These providers send us tokens and limited profile information required to enable the integration.
• Service providers that help us deliver the Services (hosting, cloud infrastructure, logging, communications). These providers may process limited personal data on our behalf under contracts that protect your information.

4. How we use your information

• To provide, operate, and maintain the Services, including connecting to your email account at your request.
• To draft or generate email responses based on your prompts and the content you select.
• To secure the Services, prevent spam, fraud, and abuse, and to debug and troubleshoot issues.
• To personalize and improve features, and to develop new capabilities.
• To communicate with you about updates, security alerts, and administrative messages.
• To comply with legal obligations and enforce our agreements.

4.1 AI and model usage

When you choose to generate or improve a message, the relevant text you provide may be sent to model providers or inference services strictly to fulfill your request. We do not use your email content to train our own models for general purposes. Where third‑party AI providers are used, we take steps to prevent your content from being retained for provider training and to limit processing to your request.

5. Legal bases for processing (EEA/UK)

Where the GDPR or UK GDPR applies, we process your personal data on the following legal bases:

• Contract: to provide the Services you request and perform our agreements with you.
• Legitimate interests: to secure and improve the Services, prevent misuse, and support users.
• Consent: for optional features where required; you may withdraw consent at any time.
• Legal obligation: to comply with applicable laws and regulations.

6. How we share information

• Service providers: We engage trusted vendors to provide hosting, infrastructure, analytics, and support. They may access personal data only to perform services on our behalf under binding contracts.
• Integrations you authorize: If you connect third‑party services (e.g., an email provider), data will be shared as necessary to enable that integration.
• Legal and safety: We may disclose information where required by law or to protect rights, safety, and the integrity of the Services.
• Business transfers: In connection with a merger, acquisition, reorganization, or asset sale, your information may be transferred as permitted by law and subject to appropriate safeguards.
• We do not sell your personal information or share it with third parties for cross‑context behavioral advertising.

7. International data transfers

We may process and store information in countries other than the one you reside in. Where required, we use appropriate safeguards for cross‑border transfers, such as Standard Contractual Clauses, and implement additional technical and organizational measures.

8. Data retention

We retain personal data only for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Access tokens and connection metadata are kept only while needed to maintain your integrations and are deleted or anonymized when no longer required or when you remove the connection.

9. Security

We implement administrative, technical, and physical safeguards designed to protect personal data against unauthorized access, loss, misuse, or alteration. No method of transmission or storage is completely secure; we work continuously to improve our protections.

10. Your rights and choices

10.1 EEA/UK users

You have the right to request access, rectification, erasure, restriction, and portability of your personal data, and to object to processing based on legitimate interests. Where processing is based on consent, you may withdraw consent at any time. You also have the right to lodge a complaint with your local supervisory authority.

10.2 California residents (CCPA/CPRA)

Subject to exceptions, you have the right to know, access, correct, and delete personal information, and to limit the use and disclosure of sensitive personal information. We do not sell your personal information or share it for cross‑context behavioral advertising. You may exercise your rights by contacting us at privacy@chatlys.com.

11. Email data and integrations

• The Services connect to your email account only after you explicitly authorize the connection. Depending on your provider, we use OAuth or app‑specific credentials you supply.
• Email content is processed only to provide requested features such as generating drafts or summaries. We do not use your email content to build general models or for advertising.
• You can disconnect integrations at any time from the application settings; doing so invalidates access tokens and stops further access.

12. Children’s privacy

The Services are not directed to children under 13 (or under the age required by local law). We do not knowingly collect personal information from children. If you believe a child has provided us personal information, please contact us so we can take appropriate action.

13. Automated decision‑making

We do not engage in solely automated decision‑making that produces legal or similarly significant effects about you without human involvement.

14. Changes to this Policy

We may update this Privacy Policy from time to time. We will post the updated Policy on this page and update the “Effective date” above. If changes are material, we will provide additional notice as required by law. Your continued use of the Services after the effective date of an updated Policy constitutes acceptance of the changes.

15. Contact us

Email: privacy@chatlys.com

If you prefer to contact us by mail, please email us to obtain our current mailing address and ensure your correspondence is routed correctly.

© Chatlys. All rights reserved.