ChatDocs ChatDocs

Privacy Policy

Last Updated: March 3, 2026

GDPR Compliant • EU-based • Encrypted

1. Introduction

Max Digital Solutions AB (org. nr 5593221046), operating as ChatDocs, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service at chatdocs.eu and app.chatdocs.eu.

We are a Swedish company and comply with GDPR and Swedish data protection laws.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, name (via Auth0 authentication)
  • Documents: Files you upload for processing and analysis
  • Chat Messages: Questions, AI-generated answers, conversation history, and associated metadata (token usage, relevance scores, timestamps, conversation source)
  • Payment Information: Processed securely through Stripe (we do not store full payment card details)

2.2 Automatically Collected Information

  • Usage Data: Pages visited, features used, time spent
  • Device Information: Browser type, operating system, IP address
  • Cookies: See our Cookie Policy for details
  • Error Logs: Technical error information via Sentry
  • Analytics: Aggregated usage statistics via Google Analytics

2.3 WhatsApp Channel

When you interact with ChatDocs via WhatsApp, we collect:

  • Phone Number: Your WhatsApp phone number (E.164 format), used to identify you and deliver messages
  • WhatsApp Profile Name: Your display name as provided by WhatsApp
  • Message Content: Questions you send and AI-generated answers based on your uploaded documents
  • Message Metadata: Timestamps, delivery and read status

WhatsApp-Specific Third Parties:

  • 360dialog GmbH (Germany): WhatsApp Business API provider. Message content transits their EU-based infrastructure for delivery to and from WhatsApp. Processes phone numbers and message content.
  • Meta Platforms (WhatsApp): End-to-end message delivery infrastructure. Messages transit Meta's global infrastructure. Subject to WhatsApp's own privacy policy.

WhatsApp messages are processed by the same AI infrastructure (Azure OpenAI, Sweden Central) as our web platform. Message content sent to Azure OpenAI stays within the EU.

2.4 WhatsApp Data Deletion

WhatsApp users can manage and delete their data in the following ways:

  • Self-Service Erasure: Send "DELETE MY DATA" (or "RADERA MINA UPPGIFTER" in Swedish) via WhatsApp to immediately erase your conversation history, questions, and profile name from our servers.
  • Confirmation: You will receive a confirmation message once your data has been deleted.
  • Re-addition: If you are re-added as a contact in the future, you will be informed of your erasure rights again on first message.

Note: Your phone number may be retained in the account owner's contact list, as it was provided by them. To be fully removed, contact the account owner or email us at privacy@chatdocs.eu.

3. How We Use Your Information

We use your information to:

  • Provide and improve our document chat service
  • Process your documents using AI/ML models
  • Authenticate your account and manage sessions
  • Process payments and manage your subscription
  • Send account-related emails (welcome, verification, password reset)
  • Send usage notifications (quota warnings, document processing status)
  • Send billing communications (payment confirmations, invoices)
  • Monitor and analyze usage patterns
  • Detect and prevent technical issues and abuse
  • Comply with legal obligations

3.1 AI Model Training

We do not use your data to train AI models. We use Azure OpenAI hosted in Sweden (EU) with strict no-training policies for customer data. Your documents and questions are processed entirely within the EU to generate answers but are not used to train or improve AI models. Azure OpenAI does not use customer data to train models, and all data remains within Microsoft's EU Data Boundary.

4. Legal Basis for Processing (GDPR)

We process your personal data based on:

  • Contract Performance: Processing necessary to provide our service (Art. 6(1)(b) GDPR)
  • Consent: For analytics cookies and marketing (Art. 6(1)(a) GDPR)
  • Legitimate Interests: For security, fraud prevention, and service improvement (Art. 6(1)(f) GDPR)
  • Legal Obligation: For tax and accounting purposes (Art. 6(1)(c) GDPR)

5. Data Sharing and Third Parties

We share your information with the following third parties:

5.1 Service Providers

  • Amazon Web Services (AWS): Data storage and processing infrastructure (Frankfurt, EU region eu-central-1)
  • Azure OpenAI (Microsoft): AI model provider for document analysis and chat responses (Sweden Central, EU)
  • Stripe: Payment processing
  • Auth0: Authentication and user management
  • Sentry: Error monitoring and application performance
  • Google Analytics: Website analytics (with consent)
  • 360dialog GmbH: WhatsApp Business API provider for message delivery (Germany, EU)
  • Meta Platforms (WhatsApp): Message delivery infrastructure for WhatsApp channel

5.2 Data Transfer Outside EU

Some service providers (Stripe, Auth0, Sentry, Google) may process data outside the EU. We rely on our service providers' compliance mechanisms:

  • AWS: EU Data Privacy Framework (data stored in Frankfurt, EU)
  • Azure OpenAI (Microsoft): EU Data Boundary — all AI processing in Sweden Central, EU. No data leaves the EU.
  • Stripe: EU-U.S. Data Privacy Framework + Standard Contractual Clauses
  • Auth0: EU-U.S. Data Privacy Framework + Standard Contractual Clauses
  • Sentry: Standard Contractual Clauses
  • Google Analytics: EU-U.S. Data Privacy Framework
  • 360dialog GmbH: EU-based (Germany), no data transfer outside EU
  • Meta Platforms (WhatsApp): EU-U.S. Data Privacy Framework. WhatsApp message content transits Meta's global infrastructure for delivery.

6. Data Storage and Security

6.1 Storage Location

Your data is stored in AWS Frankfurt (eu-central-1) within the European Union. AI processing (chat completions and embeddings) takes place in Azure OpenAI Sweden Central (EU). No document data leaves the EU.

6.2 Security Measures

  • Encryption in transit (TLS/SSL) and at rest (AES-256)
  • Secure authentication via Auth0
  • HttpOnly, Secure cookies for session management
  • Regular security monitoring and updates
  • Access controls and audit logging

6.3 Data Retention

  • Trial Data: Automatically deleted after 24 hours. If you create an account during the trial period, your trial documents are converted to permanent storage under your account.
  • Account Data: Deleted immediately upon account deletion request. AWS infrastructure-level backups may retain encrypted copies for up to 35 days for disaster recovery purposes, which are inaccessible to our application and automatically purged thereafter.
  • Chat History: Questions, answers, and conversation history are retained while your account is active. All chat data is deleted immediately when you close your account (via database cascade deletion).
  • Documents: Retained until you delete them or close your account
  • Processing Queue: Background processing jobs (metadata only, not document content) retained in queue for up to 14 days
  • Payment Records: Deleted immediately upon account deletion. Payment transaction history is retained by our payment processor (Stripe) for 7 years in accordance with tax regulations.
  • Analytics Data: Retained for 26 months (Google Analytics default)
  • WhatsApp Data: Conversation history and questions are retained while the account is active. Self-service erasure via the DELETE MY DATA command immediately deletes conversation history and questions. WhatsApp profile names are erased; phone numbers are retained in the account owner's contact list.

7. Your Rights (GDPR)

You have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Limit how we process your data
  • Data Portability: Receive your data in a structured, machine-readable format
  • Object: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent for analytics or marketing at any time
  • Lodge a Complaint: Contact your national data protection authority (in Sweden: Integritetsskyddsmyndigheten)

To exercise these rights, contact us at privacy@chatdocs.eu.

8. Children's Privacy

Our service is not intended for individuals under 16 years of age. We do not knowingly collect personal information from children under 16.

9. Cookies and Tracking

We use cookies for authentication, session management, and analytics. See our for detailed information.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last Updated" date.

11. Contact Us

For privacy-related questions or to exercise your rights, contact us at:

Max Digital Solutions AB
Email: privacy@chatdocs.eu
Organization Number: 5593221046
Sweden