Privacy Policy

Last updated: December 2024

🔒 Our Zero-Knowledge Promise

ChtSafe operates on a zero-knowledge architecture. We anonymize and end-to-end encrypt everything you type or say. No request is ever tied to your identity. We cannot see your data, and we cannot provide to third parties what we don't have.

1. Introduction

At ChtSafe (operated by Innovius.ai), privacy isn't just a feature—it's our foundation. This Privacy Policy explains our minimal data practices and your rights.

ChtSafe is designed from the ground up to know as little about you as possible while providing powerful AI capabilities. We employ homomorphic encryption techniques that ensure AI providers cannot see who you are, where your request came from, or what your content is about.

2. Information We DON'T Collect

Unlike traditional AI services, we explicitly DO NOT collect:

  • ❌ Your actual prompts or conversations (encrypted before reaching us)
  • ❌ Your real identity or location
  • ❌ Browsing history or tracking cookies
  • ❌ Device fingerprints or unique identifiers
  • ❌ Any data that could link requests to you

3. Minimal Data We Process

Account Information

  • Email address: Only for account access and critical communications
  • Payment information: Processed by secure third-party providers (Stripe/PayPal), we don't store card details
  • Encrypted session data: If you choose to use your own session key, we store only encrypted blobs that only you can decrypt

Technical Operations

  • Aggregate usage metrics: Total API calls for billing (not linked to specific content)
  • Service logs: Minimal logs for security and debugging, auto-deleted after 7 days
  • Error reports: Anonymous crash data to improve stability

4. How Encryption Protects You

End-to-End Encryption

Your prompts are encrypted on your device before transmission. We act as a secure relay, never seeing the actual content.

Hands-Off Transparent Database Encryption

We employ full hands-off transparent encryption within our database layer. This means all data is encrypted at rest using industry-standard encryption, and our systems are designed so that even our administrators cannot access your raw data without proper decryption keys.

User-Controlled Session Keys

On top of our transparent encryption, you have the option to set your own session key. When you enable this feature, your data is encrypted with your personal key before it even reaches our systems. This completely eliminates the possibility for anyone but you to access your data, even in the unlikely event of theft or unauthorized access to our systems.

Semantic Obfuscation

Our system replaces identifying information and uses Tor-like routing, making it impossible for AI providers to identify you.

Zero-Knowledge Architecture

Even under legal compulsion, we cannot provide data we don't have. Your conversations remain private by design.

5. Your Rights (GDPR & Beyond)

You have the right to:

  • Access: Request what minimal data we have about your account
  • Rectification: Correct your account information
  • Erasure: Delete your account and all associated data
  • Portability: Export your encrypted session data
  • Object: Opt-out of any optional processing
  • Restriction: Limit how we process your data

To exercise these rights, email privacy@chtsafe.com

6. Data Storage & Security

  • Location: EU servers with GDPR compliance
  • Encryption: AES-256 encryption at rest and in transit
  • Access: Strictly limited to essential personnel
  • Retention: Account data deleted 30 days after cancellation
  • Backups: Encrypted backups retained for 90 days

7. Third-Party Services

We use minimal third-party services:

  • Payment Processing: Stripe/PayPal (PCI compliant)
  • Infrastructure: EU-based cloud providers (GDPR compliant)
  • AI Providers: Your encrypted requests are routed through our obfuscation layer

We never share your data with third parties for marketing or analytics.

8. Anonymous Payment Options

For maximum privacy, we offer cryptocurrency payments upon request. Contact innovius@pm.me for details.

9. Children's Privacy

ChtSafe is not intended for users under 16. We don't knowingly collect data from children. If you believe a child has provided us information, please contact us immediately.

10. Data Breach Protocol

In the unlikely event of a breach:

  • Affected users notified within 72 hours
  • Authorities notified per GDPR requirements
  • Due to encryption, conversation content remains protected

11. International Transfers

We primarily operate in the EU. Any necessary international transfers are protected by:

  • Standard Contractual Clauses
  • Encryption throughout transit
  • Minimal data principle

12. Changes to This Policy

We'll notify you of any material changes via email. Continued use after changes constitutes acceptance.

13. Contact Us

Privacy Inquiries: privacy@chtsafe.com

Data Protection Officer: dpo@innovius.ai

General Contact: info@chtsafe.com

Postal Address:
Innovius UG
Elbestr. 1A
14513, Teltow

14. Legal Basis for Processing (GDPR)

We process your minimal data based on:

  • Contract: To provide the ChtSafe service you requested
  • Legitimate Interests: To ensure security and prevent abuse
  • Legal Obligations: To comply with applicable laws
  • Consent: For any optional features you explicitly enable

🛡️ Privacy is Not Optional

Your ideas stay yours. Your data stays safe. One app, total privacy.

Start Your Private AI Journey