Chameleon AI

Privacy Policy

Last updated: November 18, 2024

1. Introduction

Welcome to Chameleon AI Chat ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our AI chat platform.

2. Information We Collect

2.1 Account Information

  • Email address (for account creation and authentication)
  • Password (encrypted and stored securely via Supabase)
  • Account creation date and last login timestamp

2.2 Usage Data

  • Chat messages and conversation history
  • Selected AI models and personas
  • Custom settings and preferences
  • API usage statistics and cost tracking data
  • File uploads (if applicable)

2.3 Technical Data

  • Browser type and version
  • Device information
  • IP address (via hosting provider logs)
  • Cookies and similar tracking technologies

2.4 Guest Mode Data

  • Guest users: All data stored in browser localStorage only
  • No server-side storage for guest sessions
  • Data cleared when browser cache is cleared

3. How We Use Your Information

  • Provide Service: Process your chat requests, sync data across devices, maintain conversation history
  • Personalization: Remember your preferences, personas, and settings
  • Cost Tracking: Calculate and display your API usage costs
  • Authentication: Verify your identity and secure your account
  • Service Improvement: Analyze usage patterns to improve features
  • Communication: Send important updates about the service (can be disabled)

4. Third-Party Services

We use the following third-party services:

Supabase (Database & Authentication)

Stores user accounts, chat history, and settings. Privacy: supabase.com/privacy

OpenRouter (AI Models)

Processes chat requests. You use your own API key. Privacy: openrouter.ai/privacy

Tavily / Serper (Web Search - Optional)

Web search functionality. Only if you enable and provide API keys.

Vercel (Hosting)

Hosts the application. Privacy: vercel.com/legal/privacy-policy

5. API Keys and Payment Information

Important: We do NOT store your API keys on our servers. You provide your own API keys for:

  • OpenRouter (required for AI chat)
  • Tavily or Serper (optional for web search)

API keys are stored encrypted in your browser's localStorage or in your Supabase user settings. You are responsible for all costs incurred through your API keys.

6. Data Storage and Security

  • Location: Data stored in Supabase servers (configurable region)
  • Encryption: All data encrypted in transit (HTTPS) and at rest
  • Access Control: Row-Level Security (RLS) ensures users can only access their own data
  • Passwords: Hashed using industry-standard bcrypt algorithm
  • Guest Mode: Data stored locally in browser only, not on our servers

7. Your Rights (GDPR / CCPA)

You have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Delete your account and all associated data
  • Data Portability: Export your chat history and settings
  • Withdraw Consent: Stop using our service at any time
  • Object: Object to processing of your personal data

To exercise these rights, delete your account in Settings or contact us at the email below.

8. Cookies and Tracking

We use cookies for:

  • Essential: Authentication sessions (Supabase auth cookies)
  • Functional: Guest mode flag, theme preferences
  • Analytics: We do NOT use third-party analytics cookies

See our Cookie Policy for more details.

9. Data Retention

  • Active Accounts: Data retained as long as your account is active
  • Deleted Accounts: All data permanently deleted within 30 days of account deletion
  • Guest Mode: Data deleted when browser cache is cleared
  • Backups: Backup data deleted within 90 days of account deletion

10. Children's Privacy

Our service is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us immediately.

11. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data in accordance with this privacy policy.

12. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this privacy policy or how we handle your data, please contact us through:

GitHub Discussions

We aim to respond to all inquiries within 48 hours.

← Back to Home