CitaChat Logo
Get Started arrow_forward

PRIVACY POLICY
CitaChat

Last updated: April 12, 2026

At CitaChat LLC ("CitaChat", "us", "we"), we respect privacy and protect the personal data of our users, customers, and third parties. This Privacy Policy describes how we collect, use, store, and protect information when the CitaChat platform (the "Platform") is used.

1. Data Controller

CitaChat LLC
Address: 16192 Coastal Highway, Lewes, Delaware 19958, United States
Email: legal@citachat.co
Phone: +57 311 635 4428

2. Scope

This Policy applies to all personal information processed through the use of the Platform, the website https://citachat.co and associated services.

3. Types of Information Collected

We may collect and process the following categories of information:

  • Identification and contact information (name, email, telephone).
  • Business information (company name, role, sector).
  • User's end-customer data (name, phone number, conversations, location, interests).
  • Technical and usage information (IP addresses, logs, events, metadata).
  • Content uploaded to the Platform (knowledge bases, messages, configurations).
  • Transcriptions and recordings of interactions (text and voice notes) generated through the Platform.

CitaChat does not intentionally solicit sensitive data, and the User agrees not to upload this type of information unless legally permitted and necessary.

4. Purposes of Processing

Personal data are processed to:

  • Provide and operate the Platform.
  • Process and route communications.
  • Configure, train, and improve functionalities, including proprietary artificial intelligence models.
  • Research and development of conversational AI agent technology: CitaChat uses anonymized and/or aggregated interaction data for the development and improvement of its proprietary AI models, with the goal of creating more precise, contextual, and effective sales agents. This purpose is inherent to the service and constitutes part of the value delivered to the User. (See §6 for full details.)
  • Security, monitoring, fraud prevention, and auditing.
  • Technical support and customer service.
  • Compliance with legal and contractual obligations.

5. Role of the Parties

  • The User acts as the Data Controller for their customers' or leads' data.
  • CitaChat acts as the Data Processor with respect to end-customer data, in accordance with the User's instructions and applicable law.
  • CitaChat acts as the Data Controller with respect to data derived from the aggregate use of the Platform for the development of its proprietary AI models, always under appropriate anonymization or pseudonymization procedures.

6. Use of Data for Proprietary Artificial Intelligence Development

CitaChat develops conversational AI agent technology oriented toward sales (the "Agent"). To improve the quality, precision, and effectiveness of the Agent, CitaChat may use interaction data from the Platform under the following conditions and guarantees:

6.1 What data may be used for R&D:

  • Anonymized conversation transcripts (without name, phone number, or direct identifiers of the end user).
  • Aggregated conversational behavior patterns by vertical (real estate, automotive, healthcare, etc.).
  • Agent performance metrics (qualification rate, scheduling rate, resolution time).
  • Prompt configurations and knowledge bases, in aggregated format.

6.2 Applicable guarantees:

  • Data used for R&D is anonymized or pseudonymized before any processing for this purpose.
  • No data that directly identifies an individual (name, phone number, email) will be included in model training datasets.
  • Gmail data (see §10) is not used for any R&D or AI training purpose.
  • The User may request, through legal@citachat.co, that their data not be used for this purpose, without affecting the provision of the base service.
  • CitaChat does not sell, license, or transfer to third parties the models trained with User data.

6.3 Legal basis:

This purpose is supported by: (i) CitaChat's legitimate interest in improving its services (GDPR Art. 6(1)(f)); (ii) the execution of the service contract, which implicitly includes the continuous improvement of the Agent (GDPR Art. 6(1)(b)); and (iii) the User's consent as expressed in the acceptance of these Terms and the DPA.

7. Data Access and Use by CitaChat

The User expressly authorizes CitaChat to access, process, store, and analyze data processed on the Platform for the purposes described in this Policy, including the development and improvement of proprietary technology as established in §6.

8. Subprocessors and International Transfers

CitaChat may use technology providers (subprocessors) located in different countries, including cloud, messaging, and artificial intelligence services. Such providers comply with security and confidentiality standards in line with international practices. The updated list of main subprocessors is available upon request at legal@citachat.co.

9. Information Security

CitaChat implements reasonable administrative, technical, and organizational measures to protect data against unauthorized access, loss, alteration, or improper disclosure, as described in the Security Policy available at https://citachat.co/security.

10. Google Integration and Gmail Data Usage

CitaChat may integrate with Google services through user authorization via OAuth, including Gmail-related permissions for specific functionalities within the Platform.

Regarding Google user data:

  • CitaChat does not sell, share, or transfer Google user data to third parties.
  • Gmail data is used solely to send appointment confirmation emails on behalf of the authenticated user within the Platform.
  • Data obtained through Gmail permissions is not shared with artificial intelligence services or external AI providers, including but not limited to OpenRouter, Gemini, or other similar services.
  • Gmail data is not used for model training, artificial intelligence processing, mass data analysis, or any secondary purpose.
  • Access to Gmail data is strictly limited to the functionality requested by the user within CitaChat.

11. Data Retention

Data are retained as long as the account is active. Once the service ends, CitaChat will retain data for a maximum period of 90 days for backup and secure deletion, unless a legal obligation requires a longer period. Anonymized data used for R&D may be retained for longer periods as long as it does not allow the identification of any individual.

12. Public Authority Requests

12.1 Legality review

Upon any request from government authorities or public entities regarding users' personal data, CitaChat LLC will conduct a mandatory review of the legality, legitimacy, and proportionality of said request before providing any response, in accordance with the laws of the State of Delaware (USA) and applicable international data protection standards.

12.2 Right to challenge

CitaChat reserves the right to challenge, object to, or judicially contest any request for access to personal data that it considers excessive, illegitimate, not legally authorized, or that contravenes the fundamental rights of data subjects. In such cases, CitaChat will notify the data subject when the law permits.

12.3 Minimization principle before authorities

In the event that an authority request is legitimate, CitaChat will disclose only the minimum information necessary to comply with the legal obligation, in accordance with the data minimization principle.

12.4 Documentation

CitaChat will maintain an internal record of all requests received from public authorities, including: (i) the identity of the requesting authority; (ii) the legal basis invoked; (iii) the data disclosed if applicable; (iv) the response provided and the corresponding legal reasoning; and (v) the date of the request and response.

12.5 Transparency

CitaChat will publish, to the extent permitted by law, transparency reports on authority requests when the volume justifies it.

13. Rights of Data Subjects

Data subjects may exercise their rights of:

  • Access
  • Rectification
  • Update
  • Deletion
  • Opposition to processing for R&D purposes (see §6.2)
  • Portability (where applicable)

Through the User as Data Controller or by writing directly to: legal@citachat.co. CitaChat will respond within no more than 30 business days.

14. Modifications

CitaChat may modify this Privacy Policy at any time. Material changes will be notified to Users at least 15 days in advance via email or notice on the Platform.

CitaChat LLC — legal@citachat.co — citachat.co