Privacy Policy

ChatPress (“we”, “our”, “us”) is committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, and your rights under the General Data Protection Regulation (GDPR) and other applicable EU data protection law.

Our service is hosted in the EU (Frankfurt, Germany) and operated in compliance with GDPR (EU) 2016/679.

We collect the following categories of personal data:

• Account data: Name, email address, and (if applicable) billing details when you register.
• Messaging account identifiers: Your Telegram chat ID or WhatsApp phone number, used solely to route messages between you and your WordPress site.
• WordPress credentials: Your WordPress site URL and Application Password, stored encrypted (AES-256-GCM). The encryption key is never stored in our database.
• Usage data: Logs of commands sent (e.g., “update homepage title”), counts of monthly updates, and timestamps. We do not store the full text of your messages beyond what is needed to process the current action.
• Payment data: If you subscribe to a paid plan, payment is handled by Stripe. We do not store card details. We retain your Stripe Customer ID and subscription status.
• Technical data: IP address, browser type, and cookie identifiers collected automatically when you use the dashboard.

We process your personal data on the following legal bases under GDPR:

• Performance of a contract (Art. 6(1)(b)): Account data and WordPress credentials are processed to deliver the ChatPress service you have signed up for.
• Legitimate interests (Art. 6(1)(f)): Technical and usage data is processed to maintain service security, detect abuse, and improve reliability.
• Legal obligation (Art. 6(1)(c)): We may retain billing records as required by EU tax law.
• Consent (Art. 6(1)(a)): For non-essential cookies and marketing communications, we rely on your explicit consent.

We do not sell your data. We do not use your data for advertising.

We share limited personal data with the following processors, all operating under GDPR-compliant data processing agreements:

• Supabase (EU-Central-1, Frankfurt): Database and authentication. All data stored in the EU.
• Vercel (fra1 region): Application hosting.
• Stripe: Payment processing. Stripe is certified under PCI DSS and operates under Standard Contractual Clauses for EU data transfers.
• Anthropic: AI parsing of your WordPress update commands. Messages are sent to Anthropic's API for processing; Anthropic's data usage policy applies. We transmit only the command text, not your credentials.
• Brevo: Transactional email (e.g., verification codes). Brevo is GDPR-compliant and EU-based.
• Sentry: Error tracking. Stack traces may contain technical data. We configure Sentry to redact personal data from error reports.

• Account data: Retained until you delete your account. On deletion, we permanently delete your data within 30 days.
• WordPress credentials: Deleted immediately upon account deletion or disconnection of your WordPress site.
• Usage logs: Retained for 90 days, then automatically purged.
• Billing records: Retained for 7 years as required by EU VAT regulations.
• Cookies: Session cookies expire when you close your browser. Consent cookies expire after 12 months.

As a data subject under GDPR, you have the following rights. To exercise any of them, contact us at privacy@getchatpress.com:

• Right of access (Art. 15): Request a copy of the personal data we hold about you.
• Right to rectification (Art. 16): Ask us to correct inaccurate data.
• Right to erasure (Art. 17): Request deletion of your personal data.
• Right to restriction (Art. 18): Ask us to restrict processing of your data.
• Right to data portability (Art. 20): Receive your data in a machine-readable format.
• Right to object (Art. 21): Object to processing based on legitimate interests.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.

You also have the right to lodge a complaint with your national data protection authority. In Ireland, this is the Data Protection Commission (dataprotection.ie).

We use the following cookies:

• Essential cookies: Required for authentication and session management. These cannot be disabled.
• Preference cookies: Store your cookie consent choice (localStorage key: chatpress_cookies_accepted).

We do not use advertising cookies, tracking pixels, or third-party analytics scripts.

For any privacy-related queries or to exercise your rights, contact our data controller at:

Email: privacy@getchatpress.com
Response time: We aim to respond within 30 days as required by GDPR.