BREWED CHAT PRIVACY POLICY

Last Updated: April 07, 2025

Welcome to the Brewed Chat Site / Service, operated by Tom Sorabella, acting as a micro-entrepreneur. We take the protection of your personal data very seriously. This Privacy Policy describes how we collect, use, share, and protect your personal information when you use our website accessible at https://brewed.chat.

1. Data Controller

The data controller responsible for processing your personal data is:

  • Tom Sorabella
  • Micro-entrepreneur
  • SIRET: 85347314800015
  • Address: 66 Boulevard Carnot, 06400 Cannes, France
  • Privacy contact email: [email protected]

2. Personal Data Collected

We collect different types of personal data about you:

  • Data provided directly by you:

    • Account Information: When you create an account, we collect your username, email address, and password (stored in hashed form).
    • Conversation Content: The messages, prompts, and information you exchange with the various Artificial Intelligences (AIs) via our Service.
    • Contact Information: If you contact us via a form, we collect your name, email address, and the content of your message.
    • Payment Information: If you subscribe to a paid service, our payment processor (Stripe) collects your payment information. We do not store your full credit card information but receive information from Stripe such as the card provider and the last 4 digits.

  • Data collected automatically during your use of the Service:

    • Connection and Usage Data: Your IP address, browser type and version, operating system, access dates and times, pages visited on our Site.
    • Data via Cookies and Trackers: Information collected through cookies and similar technologies (see section "Cookies and Other Trackers").

  • Data received from AIs:

    • The responses generated by the AIs in reply to your prompts are stored to provide you with the Service. If you include personal data in your prompts, this data may indirectly end up in the stored responses.

3. Purposes and Legal Bases for Processing

We process your personal data for the following purposes, based on the corresponding legal grounds:

Here is a reformatted version for clarity and readability:

1. Providing and managing the AI chat service
  • Type of Data Concerned:
    • Account Information
    • Conversation Content
    • Connection/Usage Data
    • AI Data
    • Payment Information
  • Legal Basis (GDPR Art. 6): Performance of a contract
2. Managing user accounts
  • Type of Data Concerned:
    • Account Information
    • Connection/Usage Data
  • Legal Basis (GDPR Art. 6): Performance of a contract
3. Responding to your contact requests
  • Type of Data Concerned:
    • Contact Information
  • Legal Basis (GDPR Art. 6): Legitimate interest (responding to users)
4. Improving and optimizing the Service, fixing bugs
  • Type of Data Concerned:
    • Connection/Usage Data (often aggregated or anonymized)
    • Data via Analytical Cookies
  • Legal Basis (GDPR Art. 6): Legitimate interest (improving our offering)
5. Personalizing your user experience
  • Type of Data Concerned:
    • Account Information
    • Preferences (via Cookies)
  • Legal Basis (GDPR Art. 6): Legitimate interest / Consent (Cookies)
6. Ensuring Site security and preventing fraud
  • Type of Data Concerned:
    • Connection/Usage Data
    • IP Address
    • Account Information
  • Legal Basis (GDPR Art. 6): Legitimate interest (security of the service)
7. Complying with our legal and regulatory obligations
  • Type of Data Concerned:
    • Account Information
    • Payment Information
    • Connection Data (if required by law)
  • Legal Basis (GDPR Art. 6): Legal obligation
8. Sending newsletters and marketing information
  • Type of Data Concerned:
    • Email address
  • Legal Basis (GDPR Art. 6): Consent
9. Analyzing service usage (via PostHog)
  • Type of Data Concerned:
    • Connection/Usage Data
    • Data via Analytical Cookies
  • Legal Basis (GDPR Art. 6): Legitimate interest / Consent (Cookies)

Important: The content of your conversations with the AIs is not used by Brewed Chat to train or improve our own AI models or those of our providers.

4. Data Recipients

We may share your personal data with the following categories of recipients:

  • Artificial Intelligence Providers: To provide the core of the Service, we transmit the content of your messages/prompts to the AI providers you choose to use via our platform. These providers include:

    • OpenAI
    • Google
    • Anthropic
    • Mistral AI
    • X AI These providers process your data according to their own privacy policies. We encourage you to review them.

  • Website Host: Ionos, which hosts our site and databases.

  • Analytics Tool Provider: PostHog, to analyze the usage of our site in order to improve it (often based on aggregated or pseudonymized data).

  • Email Service Provider: Brevo, for sending transactional emails (account confirmation, etc.) and, if you consent, newsletters.

  • Payment Processor: Stripe, to process your payments securely.

  • Legal and Regulatory Authorities: If we are legally required to do so or if it is necessary to protect our rights or those of third parties.

5. Data Transfers Outside the European Union

Some of our service providers, notably the AI providers (OpenAI, Google, Anthropic, X AI based in the United States) and potentially other services (Analytics, Emailing), may be located outside the European Union (EU) or the European Economic Area (EEA).

When we transfer your personal data to these countries, we ensure that an adequate level of protection is guaranteed, in accordance with current regulations. These transfers are governed by appropriate mechanisms such as:

  • Adequacy decisions of the European Commission (e.g., the EU-US Data Privacy Framework, where applicable and certified by the provider).
  • The signing of Standard Contractual Clauses approved by the European Commission with the recipient.

For more information on the safeguards implemented for specific transfers, you can contact us at [email protected].

6. Data Retention Period

We retain your personal data only for the duration necessary for the purposes for which it was collected, in compliance with applicable legislation:

  • Account Data: Retained as long as your account is active. If your account is deleted, your data is deleted or anonymized within a reasonable timeframe (e.g., 30 days), unless a legal obligation requires us to keep it longer (e.g., billing data for 10 years).
  • Conversation Content: Retained to allow you to access your history and ensure the service functions while your account is active. It is deleted or anonymized upon account deletion, unless technically or legally required otherwise.
  • Contact Data: Retained for the time necessary to process your request, then archived if a legal obligation requires it.
  • Server Logs (Security): Generally kept for 6 to 12 months.
  • Cookies: The lifespan of cookies is variable and detailed in our cookie management tool and/or our dedicated Cookie Policy. Consent for non-essential cookies is kept for a maximum duration (e.g., 6 months in France, to be verified according to the latest CNIL recommendations).

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access:

  • Use of the HTTPS protocol (SSL/TLS) to secure connections to our Site.
  • Hashing of passwords.
  • Strict access controls to limit access to your data to authorized personnel only.
  • Securing our hosting infrastructure through our provider Ionos.
  • Internal procedures in case of suspected or actual data breaches, in accordance with GDPR requirements and CNIL recommendations.
  • Anonymization or pseudonymization of data where possible and relevant (e.g., for certain statistical analyses).

Despite our efforts, no method of transmission over the Internet or electronic storage is completely secure.

8. Your Rights Regarding Your Personal Data

In accordance with the General Data Protection Regulation (GDPR) and the French Data Protection Act (Loi Informatique et Libertés), you have the following rights regarding your personal data:

  • Right of access: Obtain confirmation that data concerning you is being processed and receive a copy of this data.
  • Right to rectification: Request the correction of inaccurate or incomplete data.
  • Right to erasure ('right to be forgotten'): Request the deletion of your data, within the limits provided by regulation.
  • Right to restriction of processing: Request the suspension of the processing of your data in certain cases.
  • Right to data portability: Receive the data you have provided to us in a structured, commonly used, and machine-readable format, and transmit it to another data controller if technically feasible.
  • Right to object: Object to the processing of your data based on our legitimate interest. You can also object at any time to processing for direct marketing purposes.
  • Right to withdraw consent: If processing is based on your consent (e.g., for newsletters or certain cookies), you can withdraw it at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
  • Right not to be subject to automated individual decision-making: The right not to be subject to a decision based solely on automated processing which produces legal effects concerning you or similarly significantly affects you.

Exercising your rights: To exercise any of these rights, please contact us by email at: [email protected]. We may ask you to prove your identity before responding to your request. Exercising these rights is free of charge. However, in accordance with the GDPR, a reasonable fee may be requested, or the request may be refused in case of manifestly unfounded, excessive, or repetitive requests.

Right to lodge a complaint: If you believe, after contacting us, that your rights are not being respected, you have the right to lodge a complaint with the competent supervisory authority in France, the Commission Nationale de l'Informatique et des Libertés (CNIL): www.cnil.fr.

9. Cookies and Other Trackers

We use cookies and similar technologies on our Site to ensure its proper functioning, improve your experience, analyze our traffic, and potentially for advertising purposes.

A cookie is a small text file stored on your device (computer, tablet, mobile) when you visit a website.

We use different types of cookies:

  • Necessary cookies: Essential for the technical operation of the Site (e.g., user session, security). They do not require your consent.
  • Analytical cookies: Allow us to understand how visitors interact with our Site (via PostHog) in order to improve our services.
  • Preference cookies: Allow remembering your choices (e.g., language) to personalize your visit.
  • (If applicable) Advertising cookies: Used to display relevant advertisements to you.

During your first visit, an information banner allows you to accept or refuse the use of non-necessary cookies. You can change your preferences at any time via our cookie management tool accessible on the Site.

For more details on the specific cookies we use (name, purpose, retention period, issuer), please consult our [Link to your dedicated Cookie Policy or detailed section if integrated here] or our consent management tool.

10. Children's Privacy

Our Service is not intended for persons under the age of 18. We do not knowingly collect personal data from minors under 18. If you become aware that a child has provided us with personal data without the required parental consent, please contact us at [email protected] so we can take the necessary steps.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal or regulatory reasons. In the event of a substantial change, we will notify you by email to the address associated with your account or by a prominent notice on our Site before the change takes effect. We encourage you to review this page regularly to stay informed about the latest information on our privacy practices.

The date of the last update is indicated at the top of this document.

12. Contact Us

If you have any questions regarding this Privacy Policy or our data processing practices, please contact us at the following address:

Tom Sorabella (Brewed Chat)

66 Boulevard Carnot

06400 Cannes

France

[email protected]