Privacy Policy

FalcoChat(“we”, “us”, or “our”) is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, and your rights in relation to it.

We collect the following categories of personal data:

• Account data: your name, email address, and hashed password when you register.
• Usage data: chat messages, conversation history, model selections, and timestamps.
• Billing data: payment information is collected and stored by Stripe; we only receive a payment status and customer reference.
• Technical data: IP address, browser type, and session identifiers collected automatically for security and service operation.

We use your data to:

• Provide, maintain, and improve the Service.
• Authenticate you and keep your account secure.
• Process payments and manage subscriptions.
• Send transactional emails such as password-reset links.
• Detect and prevent fraud, abuse, and security incidents.
• Comply with legal obligations.

We do not sell your personal data to third parties.

We share data with the following third-party service providers only to the extent necessary to operate the Service:

• OpenRouter: your chat messages are transmitted to OpenRouter to route requests to the selected AI model provider.
• Stripe: payment processing. Stripe’s privacy policy governs any data held by Stripe.
• Email provider: used to deliver transactional emails.
• Hosting infrastructure: your data is stored on servers within the European Economic Area or comparable jurisdictions with adequate data protection.

We retain your account data and chat history for as long as your account is active. If you delete your account, we will delete or anonymise your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g. billing records).

Depending on your jurisdiction, you may have the right to:

• Access a copy of the personal data we hold about you.
• Correct inaccurate data.
• Request deletion of your data (see our Data Deletion page).
• Object to or restrict certain processing.
• Data portability.
• Lodge a complaint with your local data protection authority.

To exercise any of these rights, please contact us at the address on the contact page.

We use cookies and similar technologies to manage authentication sessions and remember your preferences. You can control cookie settings through your browser, but disabling certain cookies may affect the functionality of the Service.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or destruction. Passwords are stored using industry-standard hashing algorithms and are never stored in plain text.

The Service is not directed at children under 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

We may update this Privacy Policy periodically. We will notify you of significant changes by email or via a notice on the Service. The updated policy will indicate the date it was last revised.

For any privacy-related questions or to exercise your rights, please use the contact details listed on the contact page.