Privacy Policy

1. Introduction

Welcome to JustSimpleChat (“we,” “our,” or “us”). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI chat platform service located at https://justsimple.chat (the “Service”).

Please read this Privacy Policy carefully. By using our Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide to Us

• Account Information: When you create an account, we collect your name, email address, and Google OAuth profile information.
• Chat Data: We store your conversations with AI models to provide our Service and maintain conversation history.
• Payment Information: If you subscribe to our paid services, we collect billing information through our payment processor. We do not store credit card numbers directly.
• Communications: When you contact us for support, we collect your name, email address, and the content of your communications.

2.2 Google OAuth Data

When you sign in with Google, we access the following information from your Google account:

• Basic Profile: Your name, email address, and profile picture
• OpenID: A unique identifier for authentication

Important: We follow Google's Limited Use requirements. We only use Google user data to authenticate you and display your profile information. We never access your Google Drive, Gmail, or other Google services. We do not use, share, or store Google user data for any purpose other than providing our Service's core functionality.

2.3 Information Automatically Collected

• Usage Data: We collect information about how you interact with our Service, including the AI models you use, frequency of use, and performance metrics.
• Device Information: We collect information about your device, including IP address, browser type, operating system, and device identifiers.
• Cookies and Similar Technologies: We use cookies and similar tracking technologies to maintain your session and analyze usage patterns.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our Service
• Process your transactions and manage your subscriptions
• Send you technical notices, updates, security alerts, and support messages
• Respond to your comments, questions, and customer service requests
• Monitor and analyze trends, usage, and activities in connection with our Service
• Detect, prevent, and address technical issues and security vulnerabilities
• Comply with legal obligations and enforce our terms of service
• Develop new features and services

3.1 Data Minimization Principle

We are committed to data minimization. We only collect and process personal information that is necessary for the functioning of our Service. We regularly review our data collection practices to ensure we are not collecting excessive information.

3.2 No Sale of Personal Data

We do not sell, rent, or trade your personal information to third parties under any circumstances. This includes your Google account information, chat history, and any other personal data.

4. How We Share Your Information

We may share your information in the following circumstances:

4.1 With Service Providers

We share your information with third-party service providers that help us operate our Service, including:

• AI Model Providers: We send your chat inputs to various AI providers (OpenAI, Anthropic, Google, etc.) to generate responses. Each provider has their own privacy policy.
• Cloud Infrastructure: We use AWS and other cloud providers to host our Service.
• Analytics Providers: We use analytics services to understand Service usage.
• Payment Processors: We use Stripe to process payments securely.

4.2 For Legal Reasons

We may disclose your information if required to do so by law or in response to valid requests by public authorities.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of our assets, your information may be transferred to the acquiring entity.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption of data in transit and at rest
• Regular security assessments and audits
• Access controls and authentication requirements
• Employee training on data protection

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

6. Data Retention

We retain your personal information for as long as necessary to provide our Service and fulfill the purposes outlined in this Privacy Policy. Specifically:

• Account Information: Retained for the duration of your account and up to 30 days after deletion
• Google OAuth Data: Refreshed on each login; deleted immediately upon account deletion or revocation of Google permissions
• Chat History: Retained for 90 days after creation unless you delete it sooner
• Usage Analytics: Aggregated and anonymized after 12 months
• Payment Records: Retained for 7 years for tax and accounting purposes
• Security Logs: Retained for 6 months for security analysis
• Legal Records: Retained as required by applicable laws

You can request immediate deletion of your data at any time by contacting [email protected]. We will process your request within 30 days.

7. Your Rights and Choices

You have the following rights regarding your personal information:

7.1 Access and Portability

You can access and download your data through your account settings.

7.2 Correction

You can update your account information at any time through your profile settings.

7.3 Deletion

You can delete your account and associated data by contacting [email protected]. Upon request:

• We will delete your account within 30 days
• Your Google OAuth tokens will be immediately revoked
• Your chat history will be permanently deleted
• Anonymized analytics data may be retained

Data Deletion Process: To request deletion, email [email protected] with "Data Deletion Request" as the subject. We will verify your identity and process your request within 30 days, sending confirmation when complete.

7.4 Opt-Out Mechanisms

You have granular control over your data:

• Marketing Emails: Click unsubscribe in any email or toggle off in account settings
• Analytics Collection: Disable in privacy settings (may impact Service quality)
• Chat History: Delete individual conversations or disable history in settings
• Cookies: Manage through browser settings or our cookie banner
• Google Data Access: Revoke at any time through Google Account settings

7.5 Data Portability

You can export your data at any time:

• Go to Account Settings → Privacy → Export Data
• Select the data types you want (profile, chat history, usage logs)
• Receive a JSON or CSV file within 24 hours
• Exports include all personal data we hold about you

8. Children's Privacy

Our Service is not intended for children under 13 years of age (or 16 in the EEA). We do not knowingly collect personal information from children under these ages.

8.1 Age Verification

During account creation, we verify that users meet our minimum age requirements. Users must confirm they are at least 13 years old (16 in the EEA).

8.2 Parental Rights

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at [email protected]. We will:

• Verify your relationship to the child
• Provide information about data collected
• Delete the child's information upon request
• Prevent further collection from that child

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country. We take appropriate safeguards to ensure your information remains protected in accordance with this Privacy Policy.

For transfers from the European Economic Area (EEA) to countries not deemed adequate by the European Commission, we use:

• Standard Contractual Clauses approved by the European Commission
• Your explicit consent where appropriate
• Other legal bases as permitted under applicable data protection laws

10. Cookie Policy

We use cookies and similar tracking technologies to enhance your experience on our Service.

10.1 Types of Cookies We Use

• Essential Cookies: Required for the Service to function properly (authentication, security)
• Analytics Cookies: Help us understand how users interact with our Service
• Preference Cookies: Remember your settings and preferences

10.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling certain cookies may limit your ability to use some features of our Service.

11. Legal Basis for Processing (GDPR)

If you are in the European Economic Area, our legal bases for collecting and using your personal information include:

• Consent: You have given consent for specific purposes
• Contract: Processing is necessary to perform our contract with you
• Legal Obligations: Processing is necessary to comply with the law
• Legitimate Interests: Processing is necessary for our legitimate interests (e.g., improving our Service, security)

12. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including:

• The right to know what personal information we collect, use, disclose, and sell
• The right to request deletion of your personal information
• The right to opt-out of the sale of your personal information (we do not sell personal information)
• The right to non-discrimination for exercising your privacy rights

13. Data Breach Notification

In the event of a data breach that may pose a risk to your rights and freedoms, we will:

• Notify you within 72 hours of becoming aware of the breach
• Provide information about the nature of the breach
• Advise on steps you can take to protect yourself
• Detail the measures we have taken to address the breach

14. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

15. Automated Decision-Making

We use automated systems in the following ways:

• AI Model Selection: Our router automatically selects appropriate AI models based on your query characteristics
• Fraud Detection: Automated systems may flag suspicious account activity
• Content Moderation: Automated filters check for prohibited content

You have the right to request human review of any automated decision that significantly affects you. Contact [email protected] to request manual review.

16. Third-Party Subprocessors

We use the following third-party subprocessors to provide our Service:

All subprocessors are required to maintain appropriate security measures and comply with our data protection standards.

17. Security Measures

We implement comprehensive security measures to protect your data:

• Encryption: All data is encrypted in transit using TLS 1.3 and at rest using AES-256
• Access Control: Role-based access control with multi-factor authentication for staff
• Infrastructure: Hosted on SOC 2 compliant cloud providers
• Monitoring: 24/7 security monitoring and intrusion detection
• Testing: Regular penetration testing and security audits
• Incident Response: Documented incident response procedures
• Employee Training: Regular security awareness training for all staff

18. Google API Services User Data Policy

JustSimpleChat's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Limited Use Disclosure: JustSimpleChat's use of Google user data is limited to the following:

• Authenticating users to access our Service
• Displaying user profile information (name, email, profile picture)
• Maintaining user sessions

We do not use Google user data for advertising, market research, or any purpose other than providing our core Service functionality. We do not share Google user data with any third parties except as necessary to provide our Service (e.g., displaying your name in the app interface).

19. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

For material changes, we will provide notice through one or more of the following methods:

• Email notification to your registered email address
• Prominent notice on our Service dashboard
• In-app notification requiring acknowledgment

20. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at: