Privacy Policy.

Last updated: 28 April 2026

Who we are

ChatIFA is a sole-trader business based in Cardiff, Wales. Full legal name and registered address are available on request. If you have any questions about this policy, you can reach us at hello@chatifa.co.uk.

What data we collect

We collect the following information when you use ChatIFA:

  • Account information - your email address, used for authentication via magic link sign-in.
  • Website content - text from your website pages, which we process and store so the AI can answer visitor questions accurately.
  • Chat conversations - messages exchanged between your website visitors and the ChatIFA widget.
  • Lead details - contact information that visitors voluntarily share during chat conversations (e.g. name, email, phone number).

How we use your data

  • To provide and operate the ChatIFA service, including generating AI responses based on your website content.
  • To send you notifications about new leads and conversations via email.
  • To improve the service and fix issues.

We do not sell your data to third parties. We do not use your data for advertising.

Third-party services

The full sub-processor list, with each provider's purpose, location and transfer basis, lives at /subprocessors. At time of writing it covers Anthropic (AI inference), OpenAI (embeddings only, no visitor messages), Stripe (subscription billing), and Brevo (transactional email).

Vector storage of crawled site content runs on ChromaDB self-hosted on our own infrastructure, so it is not a third-party sub-processor.

Each third-party service has their own privacy policy. We only share the minimum data necessary for each service to function.

Data storage and security

Your data is stored on servers hosted in the European Union (Hetzner Online GmbH, Germany). Transfers from the UK to the EU are covered by UK adequacy regulations for the EEA. We take reasonable measures to protect your data, including encryption in transit (HTTPS) and secure access controls. See our sub-processor list for details.

Cookies and local storage

The ChatIFA dashboard uses standard session cookies for authentication. The chat widget on your website does not use cookies - it uses localStorage to maintain the conversation session, so visitors are not tracked across websites.

Your rights

Under UK GDPR, you have the right to:

  • Access - request a copy of the personal data we hold about you.
  • Rectification - ask us to correct any inaccurate data.
  • Deletion - ask us to delete your personal data.
  • Portability - request your data in a portable format.
  • Objection - object to our processing of your data.

To exercise any of these rights, email us at hello@chatifa.co.uk. We aim to respond within 30 days.

Changes to this policy

We may update this privacy policy from time to time. If we make significant changes, we will notify you by email. Your continued use of ChatIFA after changes are posted constitutes acceptance of the updated policy.

Contact

If you have any questions about this privacy policy or how we handle your data, please contact us at hello@chatifa.co.uk.