Privacy Policy

At App2Chat, operated by Frontz Technologies, we are committed to protecting your privacy and handling your personal information with care and transparency. This Privacy Policy explains how we collect, use, share, and protect your information when you use our conversational API gateway service.

By using App2Chat, you agree to the collection and use of information in accordance with this policy. If you do not agree with our practices, please do not use our services.

1. Information We Collect

Account Information

When you create an account with App2Chat, we collect:

• Email address (via Clerk authentication)
• Avatar URL (from OAuth providers when available)
• Account creation and last login timestamps

Bot Configuration Data

We store the following information about your bots:

• Bot names, descriptions, and custom settings
• OpenAPI specifications and endpoint configurations
• Platform connection tokens (encrypted and securely stored)
• Conversation flow configurations and AI personality settings
• Bot deployment status and health check data

Usage Analytics

To provide and improve our services, we collect:

• Message counts and frequency per user
• API call counts and endpoint usage patterns
• Performance metrics and response times
• Error logs and debugging information
• Platform usage statistics (which messaging platforms you use)

Payment Information

Financial information is processed securely by Stripe:

• Billing addresses and payment methods (stored by Stripe)
• Subscription status and plan information
• Transaction history and invoices
• Usage-based billing calculations

Note: We never store or have access to your complete payment card details. All payment processing is handled by Stripe in compliance with PCI DSS standards.

Message Content

We temporarily process message content to provide our services, including user messages to your bots and bot responses. This data is processed to understand intent, route to appropriate APIs, and generate responses.

2. How We Use Information

Service Provision

• User authentication and account management
• Bot deployment, configuration, and management
• Message processing, routing, and response generation
• Enforcement of usage limits and subscription tiers
• Platform integration and API connectivity

Billing and Payments

• Subscription management and plan enforcement
• Usage-based billing calculations
• Invoice generation and payment processing
• Account status management

Analytics and Improvement

• Service performance monitoring and optimization
• Usage pattern analysis for feature development
• Security monitoring and fraud prevention
• Quality assurance and debugging
• Research and development of new features

Communications

• Account notifications and security alerts
• Billing and subscription communications
• Product updates and feature announcements
• Customer support and technical assistance
• Legal and regulatory communications

3. Information Sharing

Third-Party Service Providers

We share information with trusted service providers who help us operate our platform:

• Stripe: Payment processing and subscription management
• Clerk: Authentication and user management services
• OpenRouter: AI model access and processing
• Vercel: Hosting and infrastructure services
• Platform APIs: Message delivery to WhatsApp, Telegram, Viber, Discord, etc.

All service providers are bound by data protection agreements and process data only as necessary to provide their services.

Legal Requirements

We may disclose your information when required by law or to:

• Comply with legal obligations and regulatory requirements
• Respond to lawful requests from government authorities
• Protect our rights, property, and safety
• Protect the rights and safety of our users
• Enforce our Terms of Service

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity. We will provide notice and ensure continued protection of your data under this privacy policy or a substantially similar one.

Aggregated Data

We may share aggregated, anonymized data that cannot identify individual users for business purposes, analytics, and research.

4. Data Security

Technical Safeguards

• Encryption in transit using TLS/SSL protocols
• Encryption at rest for sensitive data
• Secure authentication through Clerk with OAuth support
• Regular security assessments and vulnerability testing
• Access controls and monitoring systems
• Secure API token management and rotation

Organizational Measures

• Staff training on data protection and privacy
• Limited access to personal data on a need-to-know basis
• Incident response procedures for security breaches
• Regular review and update of security policies
• Compliance monitoring and audit procedures

While we implement strong security measures, no system is completely secure. We cannot guarantee absolute security but are committed to protecting your information using industry-standard practices.

5. International Transfers

Your information may be processed and stored in multiple locations, primarily in the United States and European Union regions, depending on the service providers we use.

Transfer Safeguards

• We ensure adequate protection through recognized adequacy decisions
• Standard contractual clauses are used where required
• Service providers maintain appropriate data protection certifications
• Your rights remain protected regardless of processing location

Regional Compliance

We comply with applicable data protection laws including GDPR for EU users, CCPA for California residents, and other regional privacy regulations as they apply.

6. Data Retention

Account Data

• Retained while your account is active
• 30-day grace period after account deletion for recovery
• Some data may be retained longer for legal obligations
• You can request immediate deletion subject to legal requirements

Bot and Usage Data

• Bot configurations retained for service provision
• Usage analytics may be retained longer in aggregated form
• Message content processed transiently and not permanently stored
• Error logs retained for debugging and improvement purposes

Financial Data

• Billing records retained per legal and tax requirements
• Payment data retention handled by Stripe according to their policies
• Invoice data retained for accounting and audit purposes

We regularly review our data retention practices and delete information that is no longer necessary for our legitimate business purposes or legal obligations.

7. Your Rights

Access Rights

• Request a copy of your personal data
• Request information about how your data is processed
• Request your data in portable format

Correction Rights

• Request correction of inaccurate data
• Request completion of incomplete personal information
• Notification of corrections to relevant third parties

Deletion Rights

• Request deletion of your account and associated data
• Request erasure of specific information
• Right to be forgotten under applicable laws
• Subject to legal retention requirements

Restriction and Objection

• Restrict certain types of data processing
• Object to processing based on legitimate interests
• Opt-out of marketing communications
• Withdraw consent where processing is based on consent

To exercise these rights, please contact us using the information provided in the Contact section. We will respond to your request within 30 days and may require verification of your identity.

8. Changes to Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

Notification Process

• Email notification for material changes
• Notice through the service or dashboard
• 30-day notice period for significant changes
• Updated "Last modified" date at the top of this policy

Your Options

Continued use of our services after notification constitutes acceptance of the updated policy. If you do not agree with changes, you may:

• Discontinue use of our services
• Request account deletion before changes take effect
• Contact us with questions or concerns

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

9. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We are committed to resolving privacy concerns promptly and will work with you to address any issues regarding your personal information.