GDPR Compliance

Last updated: 2/19/2026

1. Introduction

ChatGent is committed to compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679. This page outlines our GDPR compliance measures and your rights as a data subject.

GDPR applies to all personal data of individuals located in the European Economic Area (EEA) that we process, regardless of where we are located.

2. Legal Basis for Processing

We process your personal data based on the following legal bases:

2.1 Consent

When you provide explicit consent for specific processing activities, such as marketing communications.

2.2 Contract Performance

To perform our contractual obligations to you, such as providing the Service you have subscribed to.

2.3 Legal Obligation

To comply with legal obligations, such as tax and accounting requirements.

2.4 Legitimate Interests

For our legitimate business interests, such as improving our Service, preventing fraud, and ensuring security.

3. Your Rights Under GDPR

As a data subject, you have the following rights:

3.1 Right of Access (Article 15)

You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and access to that personal data.

3.2 Right to Rectification (Article 16)

You have the right to have inaccurate personal data corrected and incomplete personal data completed.

3.3 Right to Erasure (Article 17) - "Right to be Forgotten"

You have the right to request deletion of your personal data when:

  • The data is no longer necessary for the original purpose
  • You withdraw consent and there is no other legal basis
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

3.4 Right to Restriction of Processing (Article 18)

You have the right to restrict processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

3.5 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

3.6 Right to Object (Article 21)

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

3.7 Rights Related to Automated Decision-Making

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you.

4. How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at privacy@chatgent.com with:

  • Your full name and email address
  • A clear description of the right you wish to exercise
  • Any relevant information to help us locate your data

We will respond to your request within one month. If your request is complex, we may extend this period by up to two additional months, and we will inform you of the extension.

5. Data Protection Measures

We implement appropriate technical and organizational measures to protect your personal data:

5.1 Technical Measures

  • Encryption of data in transit (TLS/SSL)
  • Encryption of data at rest
  • Regular security assessments and penetration testing
  • Access controls and authentication
  • Secure backup and recovery procedures

5.2 Organizational Measures

  • Staff training on data protection
  • Data protection policies and procedures
  • Regular audits and compliance reviews
  • Incident response procedures

6. Data Processing Agreements

When we use third-party service providers (data processors) to process your personal data, we enter into Data Processing Agreements (DPAs) that ensure they:

  • Process data only on our instructions
  • Implement appropriate security measures
  • Comply with GDPR requirements
  • Assist us in responding to data subject requests

7. Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay, and in any event within 72 hours of becoming aware of the breach.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • For the duration of your account and subscription
  • As required by law or regulatory requirements
  • To resolve disputes and enforce agreements

When data is no longer needed, we will securely delete or anonymize it.

9. International Data Transfers

Your personal data may be transferred to and processed in countries outside the EEA. When we do so, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by the European Commission
  • Other appropriate safeguards as required by GDPR

10. Data Protection Officer

If you have any questions or concerns about our data processing activities or wish to exercise your rights, please contact our Data Protection Officer:

11. Supervisory Authority

If you are not satisfied with our response to your data protection concerns, you have the right to lodge a complaint with your local supervisory authority. For a list of supervisory authorities, visit: European Data Protection Board.

12. Updates to This Policy

We may update this GDPR Compliance page from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes.

ChatGent - AI-Powered Chatbot Platform