Stark Chat Logo

Privacy Policy

Last updated: January 2025

1. Who We Are

Stark Chat is a trading name of Aduro Creative Ltd, a company registered in England and Wales (Company Number: 11200639). We are the data controller responsible for your personal data.

If you have any questions about this Privacy Policy or how we handle your data, please contact us at privacy@starkchat.com.

2. What Data We Collect

We collect and process the following categories of personal data:

2.1 Account Information

  • Your name
  • Email address

2.2 Content You Upload or Connect

When you upload files or connect third-party sources (such as Google Drive, Notion, or Dropbox), we process this content by converting it to markdown or plain text format. We then generate and store text embeddings and content chunks to enable our search and retrieval functionality.

2.3 Usage and Session Data

  • Your queries and responses within chat sessions
  • Page views and product usage patterns
  • IP address

2.4 Sharing and Access Rules

When you share projects, we store access rules including email addresses or email domains you have authorised to access your content.

2.5 Payment Information

Payment processing is handled by Stripe. We do not store your full payment card details on our servers. Stripe may collect and process your payment information in accordance with their own privacy policy.

3. How We Use Your Data

We use your personal data for the following purposes:

  • Providing our services: Processing your uploaded content, generating embeddings, and delivering AI-powered search and chat functionality
  • Account management: Creating and managing your account, authenticating your access
  • Sharing functionality: Enabling you to share projects with others via email-based access rules
  • Payment processing: Processing subscription payments through Stripe
  • Analytics and improvement: Understanding how users interact with our platform to improve our services
  • Error monitoring: Identifying and resolving technical issues to maintain service quality
  • Marketing measurement: Measuring the effectiveness of our advertising campaigns

4. Legal Bases for Processing

Under the UK and EU General Data Protection Regulation (GDPR), we rely on the following legal bases:

  • Contract: Processing your account information and uploaded content is necessary to provide you with our services under our Terms of Service.
  • Legitimate interests: We process usage data and analytics based on our legitimate interest in understanding how our service is used, improving our platform, measuring advertising effectiveness, and maintaining security. We have assessed that these interests do not override your fundamental rights and freedoms.
  • Consent: For non-essential cookies on our marketing website, we obtain your consent via our cookie management tool (Cookiebot).
  • Legal obligation: We may process and retain data where required by law.

5. AI Processing and Data Isolation

Your content is processed using Google's Gemini AI technology through a Retrieval-Augmented Generation (RAG) system. It is important to understand:

  • Your data is isolated: Your uploaded content and generated embeddings are stored separately and are not accessible to other users or chatbots outside of your authorised sharing settings.
  • No training on your data: The AI models we use do not train on your data. Your content is used solely to provide you with responses and is not used to improve or train the underlying AI models.
  • Session-based queries: Your chat queries and responses are session data associated only with your account.

6. Data Sharing and Third Parties

We share your personal data with the following categories of recipients:

6.1 Infrastructure and Hosting

  • Amazon Web Services (AWS): Cloud infrastructure provider hosting our application, databases, and stored content (Region: eu-west-2, London)
  • Google Cloud Platform: Hosts our AI processing infrastructure and embedding storage (Region: europe-west2, London)

6.2 Service Providers

  • Stripe: Payment processing
  • Mixpanel: Product analytics
  • Google Analytics: Website analytics
  • Sentry: Error monitoring and debugging
  • Google Ads: Advertising and conversion tracking

6.3 Authorised Users

When you share a project publicly or via email access rules, the content chunks (but not original source files) become accessible to those you have authorised. You control who can access your shared projects.

6.4 Legal Requirements

We may disclose your data if required by law, regulation, legal process, or governmental request.

7. International Data Transfers

Your data is primarily stored and processed within the United Kingdom and European Economic Area (EEA). Our primary infrastructure is located in:

  • AWS eu-west-2 (London, UK)
  • Google Cloud europe-west2 (London, UK)

Some of our third-party service providers (such as Stripe, Mixpanel, and Sentry) may transfer data to the United States. Where such transfers occur, they are protected by appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission and/or the UK Information Commissioner's Office.

8. Data Retention

We retain your personal data as follows:

  • Account data: Retained for as long as your account is active
  • Uploaded content and embeddings: Retained for as long as your account is active
  • After account deletion: We delete your data within 90 days of account closure, unless we are required to retain it for longer to comply with legal obligations, resolve disputes, or enforce our agreements
  • Analytics data: Retained in accordance with our analytics providers' retention policies

9. Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right of access: You can request a copy of the personal data we hold about you.
  • Right to rectification: You can request that we correct any inaccurate or incomplete data.
  • Right to erasure: You can request that we delete your personal data in certain circumstances.
  • Right to restrict processing: You can request that we limit how we use your data.
  • Right to data portability: You can request a copy of your data in a structured, machine-readable format.
  • Right to object: You can object to processing based on legitimate interests, including for direct marketing purposes.
  • Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time.

To exercise any of these rights, please contact us at privacy@starkchat.com. We will respond to your request within one month.

You also have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk.

10. Cookies and Tracking

10.1 Essential Cookies

We use essential cookies that are strictly necessary for the operation of our platform, including authentication and session management. These do not require consent.

10.2 Analytics Cookies

We use Mixpanel and Google Analytics to understand how users interact with our platform. These tools collect information about page views, feature usage, and user journeys. This data is linked to your user account to help us improve our services.

10.3 Advertising Cookies

We use Google Ads conversion tracking (including GCLID) to measure the effectiveness of our advertising campaigns. On our marketing website, consent for advertising cookies is managed through Cookiebot.

10.4 Managing Cookies

You can manage your cookie preferences through the Cookiebot consent banner on our marketing website. You can also configure your browser to refuse cookies, although this may affect the functionality of our services.

11. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption in transit and at rest, access controls, and regular security assessments.

However, no method of transmission over the internet or electronic storage is completely secure. While we strive to protect your data, we cannot guarantee absolute security.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. We encourage you to review this policy periodically.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@starkchat.com

Company: Aduro Creative Ltd (trading as Stark Chat)
Company Number: 11200639

Address: Aduro Creative Ltd (trading as Stark Chat)
27 Old Gloucester Street, London, WC1N 3AX