Back to Home

Privacy Policy

How AllMyChats collects, uses, and protects your data.

Last Updated: January 10, 2025

Your privacy matters

Your messages are never used to train AI models and are never shared with third parties. Your data stays private and secure on our servers.

Note: Messages are stored with encryption but are not end-to-end encrypted because we provide some AI features which needs to analyze your message data. Please avoid uploading sensitive information. Learn more in our FAQ Page.

Commitment: Your privacy is our top priority. We minimize data collection, never sell your data, and provide full control over your information.

Information We Collect

At AllMyChats, we collect and process the following types of information to provide our services:

Account Information

  • Email address (for account creation and authentication)
  • Display name (as provided by you)
  • Avatar color preference
  • Password (hashed and salted using bcrypt)

Message Data

  • WhatsApp chat export messages you upload
  • Message content (text, timestamps, sender information)
  • Categories you assign to messages
  • Message metadata (starred status, archived status)

Usage Data

  • AI model usage (tokens consumed, costs)
  • Feature interactions and preferences
  • System logs and error reports

Payment Information (if applicable)

  • Payment processing is handled securely by Stripe
  • We do not store your credit card information directly
  • Stripe is PCI-DSS compliant and handles all payment data

How We Use Your Data

We use your data solely to provide and improve our services:

  • Message Analysis: Process your messages with AI models to provide categorization, summaries, and insights
  • Account Management: Authenticate your account and manage your subscription
  • Feature Delivery: Enable search, filtering, and organization of your messages
  • Service Improvement: Analyze usage patterns to improve features and performance
  • Communication: Send you important account notifications (via Resend email service)
  • Security: Detect, prevent, and address technical issues and security threats

Data Storage & Security

We implement industry-standard security measures to protect your data:

Data Storage

  • Stored securely on PostgreSQL databases with encryption at rest

Security Measures

  • All passwords hashed using bcrypt (10 salt rounds)
  • HTTPS/TLS encryption for all data in transit
  • CSRF protection on all state-changing operations
  • Rate limiting to prevent abuse and attacks
  • Input sanitization to prevent injection attacks
  • Regular security updates and dependency monitoring
  • Structured logging with request tracing for security auditing

AI Processing

  • Messages are sent to AI providers (OpenAI/Anthropic/OpenRouter etc.) for processing only when you request categorization or summaries
  • For any BYOK functionality (if any): Your API keys are stored securely and used only for your requests
  • We use LLM-agnostic prompts that work with any provider

Your Rights & Choices

You have the following rights regarding your data:

Right to Access

You can view all your messages and account information through your dashboard at any time.

Right to Data Export

You can export all your data in a machine-readable format. Contact us for assistance.

Right to Deletion

You can delete your account and all associated data from the Settings page. Deletion is permanent and irreversible.

Right to Opt-Out (If the option is available)

You can disable AI features in Settings. When disabled, no AI processing will occur on your messages.

Third-Party Services

We use the following third-party services to operate our platform:

Stripe (Payment Processing)

Processes subscription payments. Privacy Policy →

AI Providers

Process message content for categorization and summarization:

These providers may process your messages for the duration of the API request only. They do not use your data to train their models.

Resend (Email Service)

Sends transactional emails (password reset, email verification, notifications). Privacy Policy →

Data Retention

We retain your data as follows:

  • Active Accounts: All data is retained while your account is active
  • Deleted Messages: Permanently deleted immediately upon request
  • Deleted Accounts: Account is deactivated immediately upon deletion. Data is retained to prevent unauthorized recreation and may be permanently deleted after 30 days. You can request immediate permanent data deletion by contacting us.
  • Logs: System logs retained for security auditing and error monitoring
  • Data Export: You can export your data at any time through your dashboard or by contacting us

Important: We do not currently maintain automated backups. We recommend regularly exporting your data. Upon account deletion, your data is retained in a deactivated state and may be permanently deleted after 30 days. Contact us if you need immediate permanent deletion.

Contact Us

If you have questions, concerns, or requests regarding your privacy or this policy:

  • If you are signed in, you can submit feedback through our Feedback page
  • Check our FAQ for common questions
  • Email us at: stuffThatWorks.dev@proton.me

We will respond to privacy inquiries within 7 working days.

This privacy policy is a living document and may be updated as our service evolves. We will notify users of significant changes via email and in-app notifications.