Privacy Policy
Last updated: April 2026
1. Who We Are
TheChatApp is an enterprise communication platform built for organisations that take privacy seriously. It provides end-to-end encrypted messaging, voice and video calls, file sharing, and structured channels — all within infrastructure you or your organisation controls.
Entity status — company in formation. The operating company behind TheChatApp is being incorporated in Portugal and its final registered name has not yet been filed. Until incorporation is complete, the natural-person data controller for any personal data collected through this website (including the launch waitlist and any contact form submissions) is Guilherme Duarte De Carvalho, reachable at support@thechatapp.chat. On incorporation, controller status will be transferred to the newly registered entity by novation; affected data subjects will be notified at that point and may withdraw consent or request deletion beforehand.
TheChatApp is operated from Portugal. For any privacy-related question or request, contact us at support@thechatapp.chat. Our competent supervisory authority is the Comissão Nacional de Proteção de Dados (CNPD), Portugal.
2. Our Role — Processor vs. Controller
Data Processor (the vast majority of data). When an organisation deploys TheChatApp for its employees or members, that organisation is the data controller. TheChatApp acts solely as a data processor, handling data only as instructed under a Data Processing Agreement (DPA). We do not independently determine the purposes or means of processing communication data.
Data Controller (limited scope). TheChatApp is the data controller for information collected through this website, portal accounts, billing data, and optional cancellation feedback. This is the narrower category of data where we determine the processing purpose ourselves.
Why this matters for your rights: If you use TheChatApp at work, the rights you hold over your communication data (messages, call records, files) should be exercised through your organisation — your employer or IT administrator is the appropriate first point of contact. We will always direct individual requests to the relevant controller when we act as processor.
3. What Data We Process
Data We Can Access (as Processor)
The following account and infrastructure data is accessible to TheChatApp systems for operational purposes. It is stored in encrypted databases inside your organisation’s isolated container and is never used for any purpose beyond providing the service.
| Data | Purpose | Retention |
|---|---|---|
| Username / email / display name | Account identification | Account lifetime |
| Password hash | Authentication (Argon2id — we cannot see your password) | Account lifetime |
| Public encryption keys | Secure message delivery | Account lifetime |
| IP address | Security audit logging | Configurable by admin |
| Device identifiers | Multi-device management and push notifications | Session lifetime |
| Session tokens | Keeping you logged in | 7 days, auto-cleaned |
| Organisation role and channel memberships | Access control | Account lifetime |
Mobile App Permissions
The TheChatApp Android application may request camera and microphone permissions when you use voice calls, video calls, meetings, or related in-app communication features. Camera access is used to capture video that you choose to share during an active call or meeting. Microphone access is used to capture audio for voice and video communication.
We do not use camera or microphone access for advertising, analytics, profiling, or background monitoring. Audio and video are used only to provide the communication feature you start or join, and call media is protected in transit. You can deny or revoke these permissions in your Android device settings; features that depend on the camera or microphone may not work without them.
Data We Cannot Access (End-to-End Encrypted)
The following categories of data are end-to-end encrypted within your organisation’s container. TheChatApp has no technical capability to read this data under any circumstances.
| Data | Why we cannot access it |
|---|---|
| Message content | AES-256-GCM encrypted; we do not hold the keys |
| Files and attachments | AES-256-GCM encrypted at rest (CHEF format) |
| Meeting content | Encrypted within your isolated container |
| Search index | Stored inside the encrypted database |
| Poll votes and reactions | Part of encrypted message records |
Your organisation controls the encryption keys. In our default cloud deployment (Mode 2 — TenantControlled), the encryption vault is sealed until an authorised member of your organisation unlocks it. TheChatApp staff architecturally cannot access your communications — this is by design, not by policy.
Data We Control Directly (Portal and Billing)
When you create a portal account, purchase a subscription, or submit feedback, we collect and control the following data in our capacity as a data controller:
| Data | Purpose | Legal Basis | Retention |
|---|---|---|---|
| Portal account email | Account management and communications | Art. 6(1)(b) — contract | Account lifetime |
| Company name | Billing and identification | Art. 6(1)(b) — contract | Account lifetime |
| Payment method (masked card/token) | Billing via payment processor | Art. 6(1)(b) — contract | Account lifetime |
| Website server logs | Security and abuse prevention | Art. 6(1)(f) — legitimate interest | Short-term |
| Cancellation feedback | Product improvement (optional) | Art. 6(1)(a) — consent | Indefinite (or until withdrawn) |
4. Legal Bases for Processing
Enterprise Communication Data
When TheChatApp processes employee communication data as a data processor, the legal basis is determined by your organisation (the controller). In most enterprise deployments, the applicable basis is Article 6(1)(b) GDPR — processing necessary for the performance of a contract (the employment relationship or the provision of internal communications infrastructure). Individual employee consent is generally not an appropriate basis for workplace communication tools and is not relied upon for this category of processing.
Portal and Billing Data
Where we act as data controller, we rely on:
- Article 6(1)(b) — contract: to create and manage your portal account and process payments.
- Article 6(1)(f) — legitimate interest: for website security logging, fraud prevention, and service integrity.
- Article 6(1)(a) — consent: for optional cancellation feedback, which you may withdraw at any time.
5. How We Protect Your Data
- Transport and at-rest encryption. All traffic between clients and the server uses ChaCha20-Poly1305 with an ECDH P-256 key exchange. Data at rest is encrypted with AES-256-GCM. In Mode 2 (TenantControlled), encryption keys exist in memory only and are never written to disk by TheChatApp infrastructure.
- Tenant isolation. Each organisation runs in a dedicated Docker container with its own encrypted LiteDB database, isolated network, and separate key material. Cross-tenant data access is architecturally prevented.
- Operational privacy. Audit logs are pseudonymised using HMAC-SHA256 so that log correlation across tenants is not possible. Push notification payloads are sanitised — the content of messages is never included in push payloads sent to Apple or Google. The audit log itself is tamper-resistant via a cryptographic hash chain.
- What we do not do. We collect zero analytics about individual users, zero behavioural tracking, zero profiling. We do not install trackers in our applications. We do not sell your data. We do not share it with third parties for any purpose other than those listed in this policy. We do not use your communication data to train AI models — ours or anyone else’s.
6. Data Retention
| Category | Default | Admin-Configurable? |
|---|---|---|
| Messages | 30 days | Yes |
| Audit logs | Indefinite | Yes |
| Session tokens | 7 days | No |
| Files and attachments | Indefinite | Planned |
| Account data | Account lifetime | N/A |
| Billing data | Account lifetime | N/A |
When an account or tenant is deleted, personal data is removed via cryptographic erasure — the encryption keys are destroyed, making remaining encrypted blobs permanently unreadable. A short cooling-off period applies before irreversible deletion is executed, giving administrators the opportunity to reverse accidental deletions.
7. Your Rights
If your organisation uses TheChatApp (Processor data)
Under Articles 15–21 GDPR, you have the right to access, rectify, erase, restrict, object to, and port your personal data. For data processed on behalf of your organisation, please contact your IT administrator or data protection officer in the first instance. They are the data controller and are best placed to respond to your request. We will cooperate with any valid request forwarded to us by your organisation.
If you have a portal account (Controller data)
For data we control directly (portal account, billing information), you may exercise your rights by contacting us at privacy@thechatapp.chat. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with the CNPD:
Comissão Nacional de Proteção de Dados (CNPD)
Av. D. Carlos I, 134 - 1.º
1200-651 Lisboa, Portugal
www.cnpd.pt
8. Sub-Processors
We use a minimal set of sub-processors. A full, up-to-date list is available at /subprocessors. Key sub-processors are listed below.
| Name | Location | Purpose | Personal Data? |
|---|---|---|---|
| Hetzner Online GmbH | Germany (EU) | Primary infrastructure hosting | Yes (encrypted) |
| Apple Inc. | USA | iOS push notifications (APNs) | Sanitised payloads only |
| Google LLC | USA | Android push notifications (FCM) | Sanitised payloads only |
| Google LLC | USA | Calendar sync (optional) | Calendar metadata |
| Microsoft Corp. | USA | Calendar sync (optional) | Calendar metadata |
| Brevo SAS | France (EU) | All email delivery — transactional portal email (verification, password resets, receipts, notifications) and marketing-list management (launch waitlist, founding-partner intake) | Email addresses and the bodies of emails we send |
Push notification payloads sent to Apple and Google are sanitised before transmission: the content of messages is never included. Only a device token, a notification title, and a minimal alert badge count are transmitted.
Brevo scope note. Brevo is our sole email provider. It delivers transactional email for the cloud-hosted Enterprise portal (account verification, password resets, receipts, administrative notifications) and handles marketing-list management for the public website (launch waitlist, founding-partner intake). Brevo is not used for any content of customer conversations, voice or video streams, files, or calendar event bodies. Brevo SAS is a French processor, so email data stays within the European Economic Area.
9. International Data Transfers
Our primary infrastructure is hosted by Hetzner in Germany — an intra-EU transfer requiring no additional safeguard under GDPR.
Push notifications involve transfers to Apple and Google in the United States. These transfers rely on the EU–US Data Privacy Framework (DPF) where applicable and on Standard Contractual Clauses (SCCs) as a supplementary safeguard. As noted above, push payloads are sanitised to contain no message content.
Optional calendar integration with Google Calendar or Microsoft 365 involves transfers to the United States initiated directly by the user. These integrations are voluntary, user-initiated, and governed by the privacy policies of the respective providers.
Email delivery for the cloud-hosted Enterprise portal and the public marketing website is handled by Brevo SAS, a French processor based in the European Economic Area. No international transfer mechanism is required for this flow.
End-to-end encryption serves as an additional technical safeguard for all communication content transferred through any jurisdiction, in line with EDPB Recommendations 01/2020 on supplementary measures for international transfers.
10. Children’s Data
TheChatApp is a business-to-business product intended exclusively for professional use within organisations. It is not directed at, designed for, or intended to be used by children under the age of 13. In Portugal, Lei 58/2019 sets 13 as the minimum age for consent to information society services. If we become aware that a child under 13 has accessed the platform, we will work with the relevant organisation to remove the account.
11. Cookies and Tracking
Website. The thechatapp.chat website uses only essential cookies — those strictly necessary to operate the site (for example, session state for the portal). We do not use analytics cookies, advertising cookies, or any form of cross-site tracking or fingerprinting. No third-party analytics scripts are loaded.
Desktop and mobile applications. TheChatApp desktop and mobile clients contain no cookies, no analytics SDKs, no telemetry beacons, and no crash-reporting services that transmit data to third parties. Diagnostic information, if collected, stays within your organisation’s server and is never sent to TheChatApp.
12. Changes to This Policy
We will notify data controllers (i.e., your organisation) of any material changes to this privacy policy with reasonable advance notice before the changes take effect. Non-material clarifications may be made without notice. The “last updated” date at the top of this page reflects when this version was published.
13. Contact Us
For any privacy-related question, data subject request, or concern, please contact us at: privacy@thechatapp.chat
If you are not satisfied with our response, you may lodge a complaint with the Portuguese supervisory authority:
Comissão Nacional de Proteção de Dados (CNPD)
Av. D. Carlos I, 134 - 1.º
1200-651 Lisboa, Portugal
www.cnpd.pt