ByChat LogoBack to App
Privacy & Data Usage Notice

Privacy & Data Usage Notice

Last updated: January 2026

This Privacy Policy describes how Matoffo OÜ ("we," "us," or "our") collects, uses, and discloses your personal information when you use ByChat.

Please note that our order process is conducted by our online reseller, Paddle. Paddle acts as an independent Data Controller for your financial and billing information.

  1. 1. Information We Collect
  2. 1.1. Information You Provide to Us
    • Account Data: Email address, username, and password.
    • AI Inputs: Text, documents, or data you submit to the AI Agent for processing.
    • Support Data: Communications with our customer service team.
  3. 1.2. Information Processed via Paddle When you make a purchase, you provide billing information directly to Paddle. We do not collect or store your full credit card number. We receive limited transactional data from Paddle to fulfill your order, including:
    • Transaction ID and Subscription status.
    • Country of residence (for tax compliance).
    • Last 4 digits of the payment method (for identification). Please review Paddle’s Privacy Policy here to understand how they handle your financial data.
  4. 2. How We Use Your Information
  5. We use your data to:
    • Process your AI Inputs to generate Outputs.
    • Manage your subscription and account.
    • Comply with legal obligations (e.g., tax laws via Paddle).
  6. 2.1. No AI Model Training We utilize enterprise-grade infrastructure provided by Amazon Web Services. We explicitly guarantee that:
    • No Training on Your Data: Your Inputs (prompts) and Outputs (responses) are NOT used to train, retrain, or improve the underlying artificial intelligence models (foundation models).
    • AWS Privacy: According to AWS data privacy standards, your data remains isolated within our cloud environment and is not shared with model providers (such as Anthropic, Meta, or Mistral) for their model improvements.
    • Data Usage: Your data is processed solely for the purpose of generating the requested response and is not stored for machine learning purposes.
  7. 3. Sharing Your Information
  8. We do not sell your personal data. We share information only with:
    • Paddle: To facilitate payments, manage subscriptions, and handle tax/refunds.
    • AI Service Providers: We use third-party LLM providers (e.g., OpenAI, Anthropic) as sub-processors to generate AI responses. These providers are contractually obligated to protect your data and not use it for training their foundation models (unless you explicitly consent).
    • Cloud Infrastructure: Hosting providers (e.g., AWS, Google Cloud) to run our Service.
  9. 4. Data Location and Sub-processors
  10. 4.1. European Data Residency. We are an Estonian company committed to GDPR compliance. Your account data and personal information are primarily stored on secure servers located within the European Economic Area (EEA) (specifically, AWS Europe). We prioritize local data storage to ensure maximum privacy protection.
  11. 4.2. Trusted Partners & Global Processing. To provide specialized services, such as secure payments and advanced AI reasoning, we collaborate with industry-leading partners. You acknowledge that limited operational data may be processed by these partners:
    • Payment Security: Our Merchant of Record, Paddle, handles billing securely. As a global reseller, they adhere to strict banking standards and may process transaction data in the United Kingdom and internationally.
    • AI Processing: We utilize enterprise-grade AI models to power our agents. Data sent to these models is encrypted and used solely to generate the response. We have strict agreements in place to ensure these partners protect your data according to European standards.
  12. 4.3. Mechanisms of Protection. We ensure that all our partners and sub-processors, regardless of their location, adhere to GDPR standards. We legitimize any necessary data transfer through:
    • Adequacy Decisions: Transfers to countries recognized by the EU Commission as safe (e.g., UK, Canada, or US companies certified under the Data Privacy Framework).
    • Standard Contractual Clauses (SCCs): Where necessary, we sign strict legal agreements approved by the EU Commission to guarantee your data rights remain protected globally.
  13. 5. Your Data Protection Rights (GDPR & CCPA)
  14. Depending on your location, you have the right to:
    • Access: Access: Request copies of your personal data.
    • Rectification: Correct inaccurate information.
    • Erasure: Request deletion of your data ("Right to be Forgotten").
    • Portability: Request transfer of your data.
    • Opt-out: Opt-out of automated decision-making or data processing for AI training.
  15. To exercise these rights, please contact us at contact@bychat.ai. For deletion of billing data, you may need to contact Paddle directly.
  16. 6. Data Retention
  17. We retain your personal data only as long as necessary to provide the Service and comply with legal obligations.
    • Account Data: Retained until you delete your account.
    • AI Inputs: Retained until you delete your account.
  18. 7. Security
  19. We implement industry-standard security measures (encryption, access controls) to protect your data. However, no method of transmission over the Internet is 100% secure.
  20. 8. Contact Us
  21. If you have questions about this Privacy Policy, please contact us:
    • Email: contact@bychat.ai
    • Address: Harju maakond, Tallinn, Kesklinna linnaosa, Kaupmehe tn 7-120, Estonia