Privacy Policy
Last updated: March 31, 2026
1. What We Collect
We collect the minimum information needed to provide the service: your email address, display name, and account credentials. We also store encrypted API keys for your AI providers. When you create an account, we record that you accepted our Terms of Service (timestamp and version).
2. What We Don't Access
We never access, read, or store your chat conversations, AI sessions, agent execution data, or any content processed by your assistant. Your assistant container runs in isolation with encrypted storage. The Go API only queries gateways with operator.read scope (metadata only: health status, session counts, channel status).
3. Legal Basis for Processing
We process your personal data under the following legal bases (GDPR Article 6):
- Contract performance (Art. 6(1)(b)): processing your account data and API keys is necessary to provide the Service
- Consent (Art. 6(1)(a)): you consent to our Terms of Service and this Privacy Policy at signup
- Legitimate interest (Art. 6(1)(f)): security monitoring, fraud prevention, and service improvement
4. Your API Keys
API keys are stored encrypted (AES-256-GCM) and used solely to configure your assistant container. They are passed to your container as environment variables via Nomad and never logged or transmitted to third parties.
5. Data Storage & Security
Account data is stored in a PostgreSQL database hosted on Supabase (EU region). Tenant data (assistant configuration, credentials) is stored on encrypted JuiceFS volumes with AES-256-GCM client-side encryption and per-tenant POSIX isolation. Infrastructure is hosted on Hetzner (Germany).
All data in transit is encrypted via TLS. All data at rest is encrypted. Container isolation ensures tenants cannot access each other's data.
6. Data Retention
We retain your account data for as long as your account is active. When you delete your assistant, all associated data (container, encrypted storage directory, channel credentials, config backups) is permanently removed within 24 hours. Account data (email, name) is retained until you request full account deletion.
We may retain minimal records (e.g. billing transaction history) as required by applicable law for up to 7 years after account deletion.
7. Your Rights (GDPR)
If you are in the European Economic Area, you have the right to:
- Access — request a copy of the personal data we hold about you
- Rectification — correct inaccurate personal data (you can update your name and email in Settings)
- Erasure — request deletion of your personal data (delete your assistant from Settings, or contact support for full account deletion)
- Data portability — receive your data in a structured, machine-readable format
- Restriction — request that we limit processing of your data
- Object — object to processing based on legitimate interest
- Withdraw consent — withdraw consent at any time by deleting your account
To exercise any of these rights, contact us at support@chelar.ai. We will respond within 30 days. You also have the right to lodge a complaint with a supervisory authority (e.g. the Dutch Autoriteit Persoonsgegevens).
8. Third Parties & Subprocessors
We use the following third-party services to operate the platform. We do not sell, share, or monetize your data in any way.
- Supabase — PostgreSQL database hosting (EU)
- Hetzner — bare metal server infrastructure (Germany)
- Cloudflare — DNS and DDoS protection
- Google OAuth — optional authentication provider
- Resend — transactional email delivery
- Stripe — payment processing
We will notify users via email of any material changes to our subprocessor list at least 30 days in advance.
9. Cookies
Chelar uses only strictly necessary cookies required for the platform to function. No analytics, tracking, or marketing cookies are set. Because all cookies are strictly necessary for the service, no cookie consent banner is required under EU ePrivacy regulations (Article 5(3) of the ePrivacy Directive).
The following table lists every cookie set by the platform. All cookies are transmitted over HTTPS only (Secure flag).
| Cookie Name | Purpose | HttpOnly | Expiry |
|---|---|---|---|
next-auth.session-token | Encrypted JWT session token for authentication | Yes | 30 days |
next-auth.csrf-token | CSRF protection for authentication forms | Yes | Session |
next-auth.callback-url | Post-login redirect URL | No | Session |
next-auth.pkce.code_verifier | PKCE code verifier for OAuth sign-in | Yes | OAuth flow only |
next-auth.state | OAuth state parameter to prevent CSRF | Yes | OAuth flow only |
next-auth.nonce | OAuth nonce to prevent replay attacks | Yes | OAuth flow only |
chelar-gateway | Cross-subdomain authentication for accessing your assistant | Yes | 72 hours |
10. International Data Transfers
Chelar's infrastructure is located in Germany (Hetzner) and the EU (Supabase). If you are located outside the EU, your data will be transferred to and processed in the EU. For transfers from the EU to third countries (e.g. Cloudflare CDN edge nodes), we rely on Standard Contractual Clauses (SCCs) or adequacy decisions as appropriate.
11. Children's Privacy
Chelar is not intended for use by individuals under 16 years of age. We do not knowingly collect personal data from children. If we become aware that a child has created an account, we will promptly delete it.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email. The "Last updated" date at the top of this page indicates when the policy was last revised.
13. Contact
For privacy-related questions, data subject access requests, or complaints, contact us at support@chelar.ai.