Privacy Policy

Effective Date: January 1, 2026 | Last Updated: April 8, 2026

1. Introduction

chat-keeper ("we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our AI-powered workflow orchestration platform designed for creative industries.

By accessing or using chat-keeper, you agree to the terms of this Privacy Policy. If you do not agree with the practices described herein, please do not use our services.

2. Data Processing Through Google Cloud Vertex AI

2.1 VPC Service Controls (VPC-SC)

All data processing operations conducted through chat-keeper occur within Google Cloud's VPC Service Controls (VPC-SC) perimeter. This enterprise-grade security infrastructure provides:

  • Data Perimeter Protection: Your data remains within the defined VPC boundary and cannot be accessed by external services outside the perimeter.
  • Context-Aware Access Control: Access to data requires authentication through approved identity providers within the same VPC.
  • Export Controls: Strict controls prevent data exfiltration outside the protected perimeter.

2.2 Google Cloud Infrastructure

Our platform leverages Google Cloud Vertex AI as the underlying infrastructure for AI model inference. This ensures:

  • Enterprise-grade security certifications (ISO 27001, SOC 2 Type II)
  • Regional data residency options for New Zealand-based clients
  • Encrypted data transmission using TLS 1.3
  • At-rest encryption using AES-256

3. Anthropic API Data Usage & Compliance

3.1 Anthropic Usage Policy Compliance

chat-keeper integrates with Anthropic's Claude AI models via API. We are committed to full compliance with the Anthropic Usage Policy, which includes strict guidelines on data handling:

  • No Model Training: Your input data and outputs are NOT used to train, improve, or develop Anthropic's base models. We maintain complete data isolation as required by Anthropic's policies.
  • Data Retention Limits: We process your data in real-time and do not maintain long-term storage of conversation data on Anthropic's systems beyond what's necessary for service delivery.
  • Prohibited Use Restrictions: We do not allow use of the API for any purposes prohibited by Anthropic's Usage Policy, including but not limited to: generating harmful content, facilitating illegal activities, or circumventing safety measures.

3.2 Data Isolation Guarantee

We explicitly guarantee that your data processed through Anthropic's API:

  • Is isolated from public training datasets
  • Will never be used to improve base models
  • Is never shared with third parties for any purpose
  • Is never used for model distillation

4. Information We Collect

4.1 Personal Information

We may collect the following types of personal information:

  • Account Information: Name, email address, company name, phone number
  • Business Data: Wedding event details, client information, vendor contacts (only as provided by you)
  • Content Data: Images, documents, scripts, and other materials you upload for AI processing
  • Usage Data: Features used, session duration, interaction patterns

4.2 Automatically Collected Information

  • Device information (browser type, operating system, IP address)
  • Access times and referring URLs
  • Cookies and similar tracking technologies

5. How We Use Your Information

We use your information for the following purposes:

  • Service Delivery: To provide, maintain, and improve our AI workflow orchestration services
  • Processing Requests: To process your inputs through our AI models and return generated outputs
  • Communication: To respond to your inquiries, provide support, and send service-related announcements
  • Analytics: To analyze usage patterns and improve user experience
  • Security: To detect, prevent, and address technical issues and fraudulent activities

6. Data Sharing & Disclosure

6.1 We Do NOT Sell Your Data

chat-keeper does not sell, rent, or trade your personal information to third parties for marketing purposes.

6.2 Service Providers

We may share data with trusted service providers who assist us in operating our platform:

  • Google Cloud: For cloud infrastructure and AI model hosting (within VPC-SC)
  • Anthropic: For Claude AI API access (with data isolation guarantees)
  • Authentication Providers: For enterprise SSO integration

These providers are bound by contractual obligations to protect your data and process it only as instructed by us.

6.3 Legal Requirements

We may disclose information when required by law, court order, or governmental regulation, or when such disclosure is necessary to protect our rights, safety, or the public.

7. Data Security

We implement comprehensive security measures to protect your data:

  • Encryption: All data in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access control with principle of least privilege
  • Monitoring: Continuous security monitoring and anomaly detection
  • Audit Logging: Comprehensive audit trails for all data access events
  • VPC-SC Boundary: Data processing confined within Google Cloud VPC Service Controls

8. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes outlined in this policy:

  • Account Data: Retained for the duration of your account plus 30 days after deletion
  • Processing Inputs: Not retained beyond the processing session (real-time only)
  • AI Outputs: Retained only if you choose to save them to your account
  • Log Data: Retained for 12 months for security and debugging purposes

9. Your Rights

Under New Zealand's Privacy Act 2020 and other applicable regulations, you have the right to:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate personal information
  • Deletion: Request deletion of your personal information (subject to legal retention requirements)
  • Portability: Request your data in a structured, commonly used format
  • Objection: Object to certain processing activities
  • Withdrawal: Withdraw consent where processing is based on consent

To exercise these rights, please contact us at [email protected].

10. International Data Transfer

Your data may be processed in New Zealand or other jurisdictions where our service providers operate. We ensure appropriate safeguards are in place for international transfers, including:

  • Standard Contractual Clauses approved by relevant authorities
  • adequacy decisions where available
  • Additional technical and organizational measures

For New Zealand clients, we offer regional data residency options to keep data within New Zealand where required.

11. Children's Privacy

chat-keeper is designed for business and professional use. We do not knowingly collect personal information from individuals under 16 years of age. If you become aware that a child has provided us with personal information, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date. We encourage you to review this policy periodically.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us: