Legal

Privacy Policy

Effective date: June 1, 2026 · Last updated: June 1, 2026

This policy describes how Chartt (“Chartt,” “we,” “us,” or “our”) collects, uses, and shares information when you use our Service. Please read it carefully.

1. Information We Collect

We collect information in the following categories when you use Chartt:

Account Information

Name and email address provided at sign-up
Authentication details managed through Clerk (we do not store raw passwords)
Profile preferences and account settings

Uploaded Content

Data files you upload to the Service (spreadsheets and other formats we support)
Column names, data values, and metadata parsed from those files
Natural-language questions and follow-ups you submit
Charts, dashboards, and reports generated from your data

Usage & Analytics Data

Pages visited, features used, and time spent in the app
Browser type, operating system, and device type
IP address and approximate geographic location (country / region)
Error logs and performance metrics

Payment Information

Payments are processed by Lemon Squeezy. We do not receive or store your credit card numbers or full payment details. We receive only a confirmation of the transaction and your subscription status.

2. How We Use Your Information

We use the information we collect to:

Create and maintain your account
Parse and store your uploaded files so you can query them
Send your data to AI providers to generate charts, insights, and answers
Render and save dashboards, reports, and exports
Process payments and manage your subscription
Send transactional emails (receipts, alerts, and account notifications)
Monitor for abuse, fraud, and security incidents
Analyze aggregate, anonymized usage patterns to improve the product
Respond to your support requests and inquiries
Comply with legal obligations

We do not sell your personal information to third parties, and we do not use your data for targeted advertising.

3. AI Processing

Chartt’s core functionality depends on sending relevant portions of your uploaded data to external AI providers in order to generate charts, answers, and insights.

Your data is never used to train AI models — by Chartt or by our AI providers. We use API access under terms that prohibit training on customer inputs.

AI providers we currently use:

OpenAI— used for natural-language understanding, data summarization, and chart recommendations. Governed by OpenAI’s Privacy Policy.
Google Gemini— may be used for specific analysis tasks. Governed by Google’s Privacy Policy.

Only the data necessary to answer your query is sent — typically the relevant column names and row values, not your entire file. We may update the list of AI providers and will reflect changes here.

4. Third-Party Service Providers

We share data with the following categories of service providers who help us operate the Service. These providers are contractually bound to use your data only to perform services on our behalf.

ProviderRole

VercelApplication hosting and edge delivery

Amazon Web Services (AWS)Cloud file storage (S3) for uploaded files and exports

NeonServerless PostgreSQL database for account data, metadata, and query history

ClerkUser authentication, session management, and identity

Lemon SqueezyPayment processing and subscription management

OpenAI / GoogleAI model APIs for generating insights, charts, and answers

We do not share your personal information with third parties for their own marketing purposes. We may disclose information if required by law, court order, or to protect the rights and safety of Chartt and its users.

5. Cookies & Tracking

Chartt uses a small number of cookies and similar technologies to operate the Service:

Authentication cookies — set by Clerk to keep you signed in across sessions. These are strictly necessary and cannot be disabled without breaking the Service.
Preference cookies — store your theme, layout, and UI preferences.
Analytics cookies — aggregate, anonymized data about how features are used. No cross-site tracking.

We do not use advertising cookies or third-party tracking pixels. You can clear cookies at any time via your browser settings; clearing authentication cookies will sign you out.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service, subject to the following:

Free plan — files and chat history are retained for a limited period of inactivity, then deleted
Paid plans — files are retained while your subscription is active; chat history retention varies by plan
Higher-tier plans — include extended or long-term archiving

Current retention limits for your plan are shown in your account settings.

Account deletion. When you delete your account, your personal information and uploaded files are scheduled for permanent deletion within 30 days. Anonymized, aggregate usage statistics may be retained indefinitely.

Backups. Our infrastructure providers maintain automated backups for disaster recovery. Deleted data may persist in encrypted backups for up to 90 days before being purged.

We may retain certain information for longer periods where required by applicable law (e.g., financial records) or to resolve disputes.

7. Your Rights & Choices

Depending on your location, you may have rights under applicable privacy law including GDPR, CCPA, or similar regulations. We honor the following requests for all users regardless of location:

AccessRequest a copy of the personal data we hold about you.

CorrectionUpdate incorrect or incomplete account information via your account settings.

DeletionRequest deletion of your account and all associated data. You can initiate this from your account settings or by contacting us.

File DeletionDelete individual uploaded files at any time from within the app. Files are removed from active storage promptly upon deletion.

ExportDownload your uploaded files and generated charts at any time from account settings.

Opt-out of analyticsContact us to opt out of non-essential analytics tracking.

To submit a privacy request, email us at privacy@chartt.io or use our contact form. We will respond within 30 days.

8. Security

We use commercially reasonable technical and organizational measures to protect your data, including:

Industry-standard encryption for all data in transit
Encryption at rest for stored files and database contents
Industry-standard session security for authentication
Access controls limiting employee access to production data
Regular dependency audits and security updates

However, no system is completely secure. We cannot guarantee absolute security of your data. In the event of a data breach that affects your personal information, we will notify you as required by applicable law.

If you discover a security vulnerability, please report it responsibly to security@chartt.io.

9. Children's Privacy

The Service is not directed to children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal information from children. If you believe a child has provided us with their information, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. For material changes, we will provide notice via email or a prominent in-app notification at least 14 days before the changes take effect.

Continued use of the Service after the effective date of a revised policy constitutes your acceptance of the changes.

11. Contact Information

For privacy questions, data requests, or concerns, please contact us:

CharttEmail: privacy@chartt.ioSecurity: security@chartt.ioGeneral: Contact form

If you are located in the European Economic Area and have concerns about our data practices that we have not resolved to your satisfaction, you have the right to lodge a complaint with your local data protection authority.