Privacy Policy

We collect only the minimum personal data necessary to operate our service. The types of data collected and their purposes are as follows:

• Account Information: Information used for account identification and authentication, such as email addresses. Used for account management, such as sign-up, login, and password reset, as well as customer support.
• Payment and Credit Information: Information related to the purchase of prepaid credits, including recharge history, usage, and remaining balance. Used for billing and accounting based on credit usage. (Note: We do not directly collect or store financial information such as credit card details. All payment processing is securely handled by trusted payment providers.)
• Chat Content: Questions, requests, and conversations that users enter in PayPerChat to use LLM services. This content is processed to generate AI responses and may be transmitted to our LLM API partners.
• Usage Data: Automatically generated logs and technical data during service use (e.g., IP address, browser and device information, model used, number and time of requests). Used to ensure service stability and enhance security, including abnormal behavior monitoring, debugging, and misuse prevention.
• Optional Information: Personal data collected when users voluntarily submit inquiries or feedback (e.g., email address, inquiry content). Used to respond to inquiries and improve the service.

We do not use personal data for any purposes other than those explicitly stated above. We do not collect or use users' location-based data. Additionally, we do not use personal data for advertising, marketing purposes.

Users' personal data is securely stored in trusted cloud infrastructure. We use services such as Google Cloud Run and Firebase Firestore provided by Google Cloud Platform, which maintains robust security systems.

• Encryption and Transmission Security: All personal data is protected by TLS/HTTPS encryption during transmission between the user's device and our servers. Data is also securely encrypted at rest. See Firebase's security policy for more information. These measures prevent unauthorized access to data during transmission or while stored.
• Access Control: Access to personal data is strictly limited to authorized personnel. Internal access is granted only when necessary for operational purposes, and all access attempts are logged and monitored.
• Security Practices: We implement technical, administrative, and physical safeguards to protect personal data. For example, we use firewalls and intrusion detection systems to prevent unauthorized access, regularly apply security patches, and conduct vulnerability assessments. Sensitive data such as passwords is stored in hashed form.
• Data Storage Location: Our servers may be located in global cloud regions. User data may be stored or processed outside the user's country of residence, in which case we take appropriate protective measures in compliance with applicable laws. Regardless of where the data is located, the same level of protection described in this policy is applied.

We do not share or sell users' personal data to third parties without user consent. In particular, we do not sell or share users' data with advertisers or marketing companies.

However, certain data may need to be shared with trusted third parties when necessary for service operation. In such cases, the third parties involved comply with relevant data protection laws and maintain appropriate security standards.

• LLM API Partners: PayPerChat utilizes external AI model APIs such as OpenAI, Anthropic (Claude), and Google (Gemini) to provide responses to users. The content users input during chats may be sent to these partners to generate AI responses. We do not share identifying information (e.g., name, email address); only the question content is transmitted. These partners act as independent processors following our instructions and do not use the data for training or other purposes. They are required to delete the data after a limited period (e.g., OpenAI does not use API data for training and deletes it within 30 days. See StackExchange discussion on data opt-out).
• Infrastructure and Payment Providers: We use cloud infrastructure providers such as Google Cloud and may utilize payment processors (e.g., electronic payment services) to handle credit purchases. These partners are contractually bound to protect personal data and use it solely for the purpose of delivering our services.
• Legal Compliance and Protection of Rights: We may disclose user information when required by law or in response to legal processes (e.g., warrants or court orders). Additionally, we may provide such data when necessary to investigate terms of service violations, prevent unlawful activity, or protect the rights, property, or safety of our company and users.

Other than the above, we do not share personal data with third parties. We particularly emphasize that user data is not used for advertising or marketing purposes.

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected. Once the retention period has expired or the purpose has been fulfilled, the data is securely deleted without delay. Our key retention and deletion policies are as follows:

• User Account Information: When a user deletes their PayPerChat account, the associated personal information is immediately deactivated. The related data is stored in backup form for up to one year and then permanently deleted. (This grace period exists for purposes such as dispute resolution and legal compliance.)
• Chat History: If a user does not manually delete their chat history, the content is retained for up to one year from the time of collection. After one year, the data is permanently deleted in sequence and becomes unrecoverable.
• Manual Deletion of Chat History: If the user uses in-service features to delete chat history, the data is permanently and immediately deleted from our system. Deleted data is not stored on our servers in any form and cannot be recovered.
• Account Re-registration Restriction: Once a user has deleted their account, re-registration with the same account is not allowed. This is a protective measure to prevent misuse and safeguard personal data. Users are advised to carefully consider their decision before initiating account deletion.
• Legally Required Retention: In cases where data must be retained for a legally mandated period (e.g., transaction records and receipts may need to be preserved under tax and accounting laws), we retain such information in accordance with applicable laws. After the required retention period, the information is securely deleted without delay.

Users of PayPerChat have the following rights regarding their personal information:

• Right to Access Information: You may view your personal data held by us at any time. For example, you have the right to access your profile information and review stored chat history.
• Right to Request Corrections: If your personal information is inaccurate or outdated, you may request corrections or updates. We will promptly take necessary actions upon receiving such a request.
• Right to Request Deletion: You may request deletion of your personal data via service features (e.g., deleting chats or closing your account). Upon account deletion, your data will be removed after a retention period (see section above), and chat deletion requests result in immediate and permanent data removal. All personal data, except those required by law to be retained, will be securely destroyed without delay.
• Right to Withdraw Consent and Decline Services: You can withdraw your consent for data collection and use at any time. This may limit your ability to use our service, in which case you may deactivate your account. Although we do not use your data for marketing, if you have consented to receive promotional information, you may withdraw that consent at any time.
• Right to Data Portability: Depending on applicable laws, you may request a copy of your personal information in a structured and commonly used format or ask for it to be transferred to another service provider. We will support such requests in accordance with relevant regulations.
• How to Exercise Your Rights or Inquire: If you wish to exercise any of the above rights or have questions about your data, please contact our privacy officer at contact@payperchat.org. We will respond promptly and in good faith. In particular, access and deletion requests will be processed within the legal time frame and the results will be communicated to you.

PayPerChat is available to users of all ages without a specific age restriction. However, if a child under the age of 14 wishes to use the service, parental or guardian consent is required. We do not knowingly collect personal information from children under 14 without such consent. If we become aware that personal information has been collected from a child without parental consent, we will promptly delete the information and take necessary actions.

PayPerChat does not provide services specifically targeted at children and is intended for a general audience. To help protect the privacy of minors, parents or guardians are encouraged to guide their children not to share personal information online. If you believe that your child has submitted personal information without your consent, please contact us immediately so we can take appropriate action.

We have designated a Data Protection Officer to handle inquiries and requests related to the protection of personal information. If you have any questions or concerns regarding your personal data, please contact us at the email address below:

• Email: contact@payperchat.org

We are committed to responding promptly and thoroughly to all inquiries. We value your privacy and rights, and will handle all matters not explicitly covered in this Privacy Policy in accordance with applicable laws and guidelines.

We use web analytics tools such as Google Analytics to improve user experience and optimize the operation of our website. These tools collect anonymized information, such as visit frequency, navigation paths, and browser types. All collected data is processed in a way that does not identify individuals.

• Purpose of Collection: Analyzing website usage patterns, improving user experience, and monitoring technical issues.
• Data Collected: Visited pages, session duration, browser information, IP address, device information, and more.
• Opt-Out Options: Users may disable or delete cookies via browser settings. Additionally, you can block Google Analytics data collection by using the Google Analytics Opt-out Browser Add-on.

The information collected via cookies and analytics tools is not used for advertising purposes. We do not use any third-party analytics tools other than Google Analytics. Moreover, we have agreements in place with our analytics provider to ensure the collected data is not used for purposes other than the operation of our services.

This Privacy Policy may be revised to reflect changes in our services or applicable laws and regulations. In the event of significant changes, we will notify users in advance via our website or email. The updated policy will take effect from the specified effective date.

• Initial Effective Date: June 1, 2025
• Last Revised: June 1, 2025