Privacy Policy
1. Introduction and Who We Are
Welcome to ChatKYC. This Privacy Policy explains how Oganiru Advisory Ltd ("we," "us," or "our") collects, uses, shares, and protects your personal data when you use our ChatKYC service, including our website and platform (collectively, the "Service").
Oganiru Advisory Ltd is the company that owns and operates ChatKYC. We are registered in England and Wales, and for the purposes of data protection law, we act as the Data Controller for the personal data we collect directly from you (such as your account information).
When you use our Service as a client to process data about other individuals, you are the Data Controller for that data, and we act as your Data Processor. Our respective roles and obligations for that processing are governed by our Data Processing Agreement (DPA).
Our commitment is to be transparent about our data practices and to protect your privacy.
2. What Personal Data We Collect
We collect different types of personal data depending on how you interact with our Service.
2.1. Data You Provide Directly to Us:
Account Information: When you register for a ChatKYC account, we collect your name, email address, job title, company name, and a securely hashed password.
Payment Information: If you subscribe to a paid plan, our third-party payment processor will collect your payment card details. We do not store your full payment card information on our servers.
Communications: When you contact us for support or provide feedback, we collect the information you provide in your communications.
Customer Support Data: When you interact with our live chat support, we collect your name, email address, and the content of your communications with us.
User-Generated Content: We process the queries, prompts, and documents you voluntarily input into the Service. We strongly advise you not to input any sensitive or special category personal data into the Service unless it is strictly necessary and you have a lawful basis to do so.
2.2. Data We Collect Automatically:
Technical and Usage Data: When you use our Service, we automatically collect information such as your IP address, browser type, device identifiers, operating system, and usage patterns (e.g., features used, time spent on the platform).
Cookies and Similar Technologies: We use cookies to operate and administer our site, gather usage data, and improve your experience. For more details, please see our Cookie Policy.
3. How We Use Your Personal Data (and Our Legal Basis)
We only use your personal data when we have a valid legal basis to do so under data protection law.
Purpose of Processing | Personal Data Used | Legal Basis (under GDPR) |
|---|---|---|
To Provide and Maintain the Service | Account Information, User-Generated Content, Technical Data | Performance of a Contract with you. |
To Process Payments | Payment Information | Performance of a Contract with you. |
To Provide Customer Support | Account Information, Communications, Customer Support Data | Legitimate Interests (to respond to your enquiries and provide effective support). |
To Secure the Service | Account Information, Technical Data | Legitimate Interests (to protect our Service from fraud and abuse) and Legal Obligation. |
To Communicate with You | Account Information, Communications | Legitimate Interests (to respond to your enquiries and provide support). |
To Improve Our Service | Technical and Usage Data | Legitimate Interests (to understand how our Service is used and to develop new features). |
To Comply with Legal Obligations | All relevant data categories | Legal Obligation (e.g., for tax, accounting, or law enforcement requests). |
4. How We Use Artificial Intelligence (AI)
The responses you receive from ChatKYC are the product of our proprietary AI platform. This platform has been specifically engineered to provide high-quality, relevant, and context-aware outputs for compliance professionals.
Our proprietary platform consists of several trademarked technologies and features which are specifically configured for risk and compliance use cases. These proprietary components form a sophisticated orchestration engine that processes your queries using advanced techniques in prompt engineering and contextualization. While we integrate powerful, foundational Large Language Models (LLMs) like Google's Gemini to provide core language capabilities, the final output you receive is uniquely shaped and delivered by the ChatKYC framework. The value lies not just in the underlying LLM, but in how our platform intelligently interacts with it to generate a tailored response.
Your Data is Not Used for Training: We are committed to your privacy and confidentiality. We have configured our AI services so that your User-Generated Content is not used to train or improve the public, foundational AI models. Your data is used solely to generate a response to your specific query within your secure session.
Your Responsibility for Inputs: You are responsible for the content you input into the Service. Please be mindful of your own and others' privacy and do not input personal data that is not necessary for your query or for which you do not have a lawful basis to process.
5. Data Sharing and Disclosure
We do not sell your personal data. We only share it with trusted third parties who help us provide and improve our Service, as detailed below. These parties are our "sub-processors" and are contractually bound to protect your data.
Infrastructure Providers: We use Vercel for frontend hosting and Railway for backend hosting. They store the data processed by our application.
Database Provider: We use MongoDB Atlas as our cloud database provider to store your account information and other service data.
AI Service Provider: We share your User-Generated Content with Google LLC to utilize their Gemini LLM for generating responses.
Observability Tools: We use LangChain (LangSmith) to monitor the performance and trace the behaviour of our AI systems.
Authentication Provider: If you choose to sign in with Google, we use Google's OAuth 2.0 service to authenticate you.
Customer Support Platform: We use Intercom, Inc. to provide live chat support and manage customer communications.
Legal Requirements: We may disclose your data if required to do so by law or in response to a valid request from a public authority.
6. International Data Transfers
Our Service is global, and we use service providers located in different countries, primarily the United States. When we transfer your personal data out of the UK or the European Economic Area (EEA), we ensure it is protected by implementing appropriate safeguards.
These safeguards include relying on:
Adequacy Decisions: Decisions from the UK Government or European Commission that a third country provides an adequate level of data protection.
Standard Contractual Clauses (SCCs) and the UK Addendum: We have entered into these legal agreements with our sub-processors to ensure your data is protected to the same standard as it is in the UK and EEA.
7. Data Security
We take the security of your data very seriously and have implemented robust technical and organisational measures to protect it, including:
Encryption: Data is encrypted both in transit (using TLS) and at rest. Passwords are never stored in plaintext and are hashed using the industry-standard bcrypt algorithm.
Access Control: We use JSON Web Tokens (JWT) and secure authentication protocols to control access to our APIs and services.
Secure Development: We follow secure coding practices, including input validation with Pydantic schemas to prevent common vulnerabilities.
Secure Authentication: We support secure sign-in methods like Google's OAuth 2.0 and protect against CSRF attacks using secure cookies.
8. Data Retention
We will only retain your personal data for as long as is necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.
Account Data: We retain your account data for as long as your account is active and for a reasonable period thereafter in case you decide to re-activate the Service.
User-Generated Content: Content is retained while your account is active to provide you with a history of your interactions. You may be able to delete your content via the Service.
Backup Data: We may retain data in our backups for a limited period, but this data is isolated and not used for production purposes.
9. Your Data Protection Rights
Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.
Right of Access: You have the right to ask us for copies of your personal information.
Right to Rectification: You have the right to ask us to rectify information you think is inaccurate.
Right to Erasure: You have the right to ask us to erase your personal information in certain circumstances.
Right to Restriction of Processing: You have the right to ask us to restrict the processing of your information in certain circumstances.
Right to Object to Processing: You have the right to object to processing if we are doing so based on our legitimate interests.
Right to Data Portability: You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.
To exercise any of these rights, please contact us at info@chatkyc.ai. We will respond to your request within one month. You are not required to pay any charge for exercising your rights.
You also have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner's Office (ICO).
10. Children's Privacy
Our Service is not intended for or directed at children under the age of 16. We do not knowingly collect personal data from children under 16.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page and, where appropriate, by other means such as email. We encourage you to review this policy periodically.
12. Contact Us
If you have any questions about this Privacy Policy or our data protection practices, please contact us:
Company: Oganiru Advisory Ltd
Email: info@chatkyc.ai