Privacy Policy
Last updated: May 17, 2026
1. Information We Collect
Account data: email, password (hashed), display name, gender, country, date of birth, profile photo.
Usage data: sign-in times, calls initiated, coins spent, gifts sent, messages count (metadata only), device type, IP address (truncated).
Payment data: processed by third-party processors; we store only the transaction reference, amount, and status — never full card numbers.
KYC data (hosts only): government ID and selfie collected solely to verify identity for withdrawals.
2. What We Do NOT Collect or Store
We do NOT record, store, or transcribe live video or audio calls — they are transmitted peer-to-peer via WebRTC. We do NOT sell your personal data. We do NOT access your contacts, photos, or location unless you grant explicit permission for a feature that needs it.
3. How We Use Your Data
To operate matching, billing, and withdrawals; to enforce safety and detect fraud; to send transactional emails (verification, password reset, withdrawal status); to comply with legal obligations. We do not use your data for third-party advertising profiling.
4. Legal Bases (GDPR)
Contract (operating the service you signed up for), legitimate interests (fraud prevention, service security), consent (camera, microphone, push notifications), and legal obligation (tax, AML, court orders).
5. Sharing
We share data only with: payment processors (to charge / pay you), cloud infrastructure providers (hosting and email delivery, under data processing agreements), and law enforcement when legally required. We never sell or rent your data.
6. Data Retention
Account data is kept while your account is active and for up to 90 days after deletion to handle disputes and legal obligations. Transaction records are kept for 7 years to comply with tax law. KYC documents are kept for the duration of the host relationship plus 5 years.
7. Your Rights
You may access, correct, export, or delete your personal data at any time. Use Settings → Delete Account, or email support@chatex.app. You may also lodge a complaint with your local data protection authority.
8. Security
Data is encrypted in transit (TLS 1.3) and at rest. Passwords are hashed with bcrypt. Database access uses Row-Level Security so each user can only read their own rows. Admin actions are logged and audited. We follow defense-in-depth: server-side input validation, parameterised queries, signed webhooks, and rate limiting.
9. Children
ChateX is strictly 18+. We do not knowingly collect data from anyone under 18. If we discover such an account, we delete it immediately. Report suspected minors to support@chatex.app.
10. International Transfers
Your data may be processed in regions other than your country. We rely on Standard Contractual Clauses or equivalent safeguards for cross-border transfers.
11. Cookies & Local Storage
We use essential local storage only — to keep you signed in and remember preferences. We do not use third-party advertising cookies.
12. Changes & Contact
Material changes will be notified in-app. Contact our Data Protection Officer at support@chatex.app.