Alapchat
Alapchat

Privacy Policy

Last updated: June 2026

1. Who We Are

Alapchat ('we', 'us', 'our') operates the Alapchat AI-powered customer support platform. For our full company details, see our Imprint page.

2. Data We Collect

  • Account data: name, email address (via Google OAuth)
  • Conversations: chat messages between end-users and the AI chatbot
  • Documents: PDFs and website content you upload for RAG indexing
  • Usage data: message counts, feature usage, billing information
  • Technical data: IP address, browser type, device information

3. How We Use Your Data

  • To provide and improve the Alapchat service (contract performance, Art. 6(1)(b))
  • To process AI-powered chat responses using RAG technology (legitimate interest, Art. 6(1)(f))
  • To send service-related communications such as billing notifications (legitimate interest, Art. 6(1)(f))
  • To ensure security and prevent abuse (legitimate interest, Art. 6(1)(f))

4. AI and Your Data

Alapchat uses AI (Retrieval-Augmented Generation) to answer questions based on your uploaded documents. Conversation data is processed in real-time to generate responses. We do NOT use your data to train AI models. Your documents and conversations remain isolated within your tenant.

  • legal.privacy.basis1
  • legal.privacy.basis2
  • legal.privacy.basis3

5. Google OAuth

We use Google OAuth for account authentication. We collect your name and email address from Google. We do not access your Google Workspace data, contacts, or any other Google services. Google's privacy policy applies to the authentication process.

  • legal.privacy.ai1
  • legal.privacy.ai2

6. Data Retention

legal.privacy.s6Body

7. Your Rights Under GDPR

  • Chat messages: 90 days
  • Usage events: 1 year
  • Audit events: 1 year
  • Semantic cache: 30 days

8. EU Data Residency

  • Right of access (Art. 15) — request a copy of your data
  • Right to rectification (Art. 16) — correct inaccurate data
  • Right to erasure (Art. 17) — request deletion of your data
  • Right to data portability (Art. 20) — receive your data in a structured format
  • Right to restriction (Art. 18) — limit how we process your data
  • Right to object (Art. 21) — object to processing based on legitimate interest

9. Data Security

We implement industry-standard security measures including TLS 1.3 encryption in transit, AES-256 encryption at rest, tenant isolation with Row-Level Security, and RS256 JWT authentication. For details, visit our Security page.

10. Children's Privacy

Alapchat is not intended for use by children under 16. We do not knowingly collect data from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a notice on our website.

12. Contact

For privacy-related inquiries, contact us at alapchat.com/contact.

13. Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority in your jurisdiction.