Privacy Policy
Last updated: 2026-05-26
ChatsControl respects your privacy. This document explains what data we collect, why, where we store it, and how you can control it. Written in line with GDPR (EU Regulation 2016/679) and Ukrainian personal data protection law.
1. Who we are (data controller)
Individual Entrepreneur Dmytro Buslov, Ukraine. Privacy contact: help@chatscontrol.com.
2. What data we collect
Data you provide
- Account: name, email, password (stored as a bcrypt hash).
- Documents: the DOCX/PDF/image files you upload for translation, and the translation outputs.
- Subscription and payments: billing data is handled by Stripe; we don't store card numbers — only your email, plan tier, and charge history.
- Feedback: the text of your support messages and feedback.
Data we collect automatically
- IP address (security and abuse prevention only; never linked to document contents).
- Session metadata: sign-in time, browser type, language preference.
- Usage analytics (Google Analytics) — only with your explicit consent via the cookie banner.
3. Why we process this data (legal bases)
- Contract performance (GDPR Art. 6(1)(b)) — to provide the translation service: processing uploads, delivering results, managing your account.
- Legitimate interest (Art. 6(1)(f)) — service security, fraud prevention, technical support.
- Consent (Art. 6(1)(a)) — analytics cookies, marketing emails (only if you've opted in).
- Legal obligation (Art. 6(1)(c)) — accounting records as required by Ukrainian tax law.
4. Where your data is stored
Servers are located in European Union (Germany / Finland), provider Hetzner Online GmbH. All data is encrypted at rest and transmitted only over TLS 1.2+.
5. How long we keep it
- Documents and translations: by default, kept for as long as your account exists. In Settings → Privacy → Auto-delete you can enable automatic deletion of documents and chat content older than 30 / 90 / 365 days. Files and text are permanently erased. You can also delete any document manually at any time — it's removed from our storage immediately.
- Account data: for as long as you use the service. After account deletion — a 30-day grace period (to recover from accidental deletion), then permanent destruction.
- Logs: 90 days.
- Accounting records: 3 years (Ukrainian tax law requirement).
6. Who we share data with (sub-processors)
We use the following services to operate. Each is bound by contract and cannot use your data for its own purposes:
| Service | Purpose | Location |
|---|---|---|
| OpenRouter, Inc. | LLM gateway for translation and OCR. All requests are routed to Google Gemini via OpenRouter. | United States |
| Mailgun Technologies, Inc. | Transactional email delivery (verification codes) | European Union |
| Stripe, Inc. | Payment processing | United States / EU |
| Hetzner Online GmbH | Server hosting and data storage | European Union (Germany / Finland) |
| Cloudflare, Inc. | DNS, DDoS protection, CDN | Global |
| Google LLC (Analytics) | Website usage analytics (consent-based) | United States / EU |
How translation works technically. All translation and OCR runs on Google Gemini, accessed through OpenRouter as a gateway. Document text and scan images go to OpenRouter first, then to Gemini. We have no direct contract with Google — they are a sub-sub-processor via OpenRouter.
Sub-sub-processors (via OpenRouter):
- Google LLC (Gemini API) — Underlying language and vision model (Gemini). Performs text translation and OCR for scans. Receives data via OpenRouter.. As of 2026-05-26, Google states that paid Gemini API inputs are NOT used to train models (see Gemini API terms linked above).
7. Your rights (GDPR)
- Access: request a copy of all data we hold about you.
- Rectification: correct inaccurate data.
- Erasure ("right to be forgotten"): delete your account and associated data.
- Restriction and objection to processing.
- Data portability in a structured format.
- Withdraw consent any time (for analytics, marketing).
- Lodge a complaint with your supervisory authority (Ukrainian Parliament Commissioner for Human Rights in Ukraine; your national DPA in the EU).
To exercise any right, email help@chatscontrol.com. We respond within 30 days.
8. Security
Security measures are detailed on the Security page: TLS encryption, encryption at rest, role-based access, audit logs, regular backups.
9. Children
The service is not intended for people under 16. If you know a child has registered without parental consent, email us and we'll delete the account.
10. Changes to this policy
We may update this document. We'll announce material changes by email and an in-app banner at least 14 days before they take effect. The last-updated date is at the top of this page.
Questions? Email us at help@chatscontrol.com or on Telegram @mrbuslov.