Privacy Policy

Introduction

DataChi ("we", "us", or "our") recognizes the importance of privacy. We manage your Personal Data collected through our website datachi.ai based on our commitment to respect for individuals and in accordance with this Privacy Policy.

By using our website in any way — including browsing, using, or purchasing any services provided through the website — you agree to this Privacy Policy and the processing of your personal data in accordance with the terms herein. If you do not agree, please do not provide Personal Data and do not use the website.

References to "DataChi", "we", or "us" in this Privacy Policy mean the relevant DataChi group company. DataChi S.à r.l., with its registered office at 68 rue de L'Etang, L-3465 Dudelange, Luxembourg, acts as Controller for all processing activities performed on your Personal Data as described in this Privacy Policy within the meaning of Art. 4 No. 7 of the General Data Protection Regulation (GDPR).

About DataChi. DataChi provides an autonomous AI Sales Team — software that automates sales workflow tasks such as prospect research, meeting preparation, follow-up drafting, call summarisation, and pipeline updates by integrating with third-party tools (e.g., CRM systems, email, calendar, LinkedIn, and video-call platforms) and large language model providers.

Data Protection Officer. DataChi has appointed a Data Protection Officer (DPO). You can reach the DPO at support@datachi.ai (subject line: "DPO").

When does this Privacy Policy apply?

This Privacy Policy applies when DataChi is the data controller of Personal Data — meaning when we determine how and why your Personal Data is processed. This includes situations where you:

• Visit or interact with our websites available at datachi.ai and their subdomains
• Register for or participate in our webinars, trainings, or events
• Inquire about or engage in commercial transactions with us
• Interact with the DataChi software, apps, or related services where we collect information for which we determine the means and purposes of processing

1. The Personal Data we process

We collect Personal Data from various sources: (i) directly from you; (ii) from third parties such as our partners or service providers; and (iii) automatically when you engage with our website, Product, or services.

Contact information and other identifiers

When you register for a demo, trial, webinar or event, request certain content, or otherwise contact us to receive information about our products and services, we collect the contact details you provide. This may include your full name, private or company email address, (company) phone number, and physical address. We may also ask for your job title, role, or other relevant information. We use this information to communicate with you and provide you with information about our products and services in line with your marketing preferences.

Prospect and customer account details

If you represent an organization that has expressed an interest in DataChi (a prospect) or an organization that is an existing DataChi customer, we collect your business contact information to create or link you to a business account. Account details include your name, company email address, phone number, job title, and the name of your organization. We use this information to manage your organization's account (including invoicing and other account-related activities) and to communicate with you.

Communication data

When you contact us via email, telephone, or any other communication channel, we collect any Personal Data contained in those communications so we can respond and follow up appropriately.

Call recordings

If you have scheduled a call with a DataChi representative, we may record the call. You will be notified prior to the call and will have the opportunity to object. We use recordings for internal training and coaching. We may also use AI-assisted tools to analyze recordings to understand prospect and customer interests in order to better tailor our products and services.

Financial information

If you register for a paid event or webinar organized by DataChi, we may collect billing information such as billing name, billing address, and payment card details. Payment information is encrypted and handled only by PCI-certified organizations.

Technical information when you visit our website

When you visit the DataChi website, we automatically collect information linked to your device: IP address, browser type, domain names, internet service provider (ISP), time zone difference to GMT, content of the web page, access status (HTTP status), amount of data transferred, requesting website, browser language, browser version, operating system, and cookies. To continuously improve our website and how we interact with you, we may use tracking technologies to analyze which sections you visit, how long you stay, and how you engage with certain communications and advertisements. See our Cookie Policy for more information about the cookies we use and how to control these technologies.

Product usage data

When you use our Product through your employer or other organization (a DataChi customer), we log certain technical information automatically. This may include IP address, device type, OS type and version, Product version, date/time stamps, cookies, and browser type. We also collect information about which features you use and how you use them. Product usage data is primarily technical, anonymized, or aggregated; however, it may occasionally contain limited information that constitutes Personal Data under applicable laws.

Information from third parties and publicly available sources

We may collect information about you or your company from third-party sources or services, including partners with whom we engage in joint marketing or sales. Such information may include your name, company email address, social media account, IP address, telephone number, company name/description/website, company revenue and employee range, industry, role, title, and seniority. This information is used to enhance our marketing and sales efforts.

Training and e-learning platform details

DataChi may offer an external or integrated learning platform. Use is voluntary. If you participate, you may be asked to create an account. Upon registration, we may collect your full name, email address (business and/or private), job title, areas of interest, and information about your organization. We also process your training progress and may issue certificates upon course completion.

Feedback about our Product and services

We enable partners and customers to provide ideas and feedback about the DataChi Product. Before submitting feedback, we may request your name and email address to keep you updated on status. Sometimes we request feedback through forms, panels, surveys, or third-party platforms. In those cases, we may collect your name, email address, location, type of organization, role, and other study-relevant information. For certain studies we may collect photos, video, or audio with your permission.

2. The purpose and legal basis of processing

We process the Personal Data described above for the purposes set out below, based on the corresponding legal bases under the GDPR.

3. How and why we share your Personal Data

Third-party service providers (subprocessors)

We engage a limited set of third-party service providers to operate the Product and the Website. These providers may have access to Personal Data only to the extent necessary to perform their services and only under written data protection agreements. Our current subprocessors are:

• Scaleway (France, EU) — cloud infrastructure and hosting
• Gcore (Luxembourg / global) — cloud infrastructure, edge delivery and AI inference
• Cloudflare (United States / global) — CDN, DDoS protection, DNS, and edge compute
• OpenAI (United States) — large language model inference
• Anthropic (United States) — large language model inference
• OpenRouter (United States) — model routing for LLM inference
• Stripe (United States / Ireland) — payment processing

We may also use website analytics and marketing tools (such as Google Analytics, Google Tag Manager, HubSpot, and Microsoft Clarity). These tools are not currently active on the Website and will only be enabled after we obtain valid consent through our cookie banner; the Cookie Policy reflects the current set of active tools.

Third-party websites and social media providers

Our website may contain or embed links to websites or services not owned or controlled by DataChi. We are not responsible for their privacy practices. Please review the privacy notices of any linked websites or services you visit.

DataChi partners

We may share your information with partners, for example to co-organize an event. In such cases, we will inform you in advance and identify the receiving party and their intended use.

Advertising agencies

When you visit our website, we may enable third parties to use cookies and similar technologies to show you advertisements on third-party websites. See our Cookie Policy for details.

DataChi Group

To provide our services efficiently, we may share information within the DataChi group of entities. We may also disclose or transfer information in connection with corporate transactions (e.g., mergers, reorganizations).

Government authorities or law enforcement

In exceptional circumstances, we may disclose Personal Data to a governmental authority or law enforcement agency when reasonably necessary to: (a) comply with applicable law, regulation, legal process, or governmental request; (b) enforce our agreements and policies; (c) protect the security or integrity of our products and services; (d) protect DataChi, our customers, or the public from harm or illegal activities; or (e) respond to an emergency requiring disclosure to prevent death or serious bodily injury.

Hosting and international data transfers

Personal Data is hosted in data centres located within the European Union (Scaleway, Gcore EU regions) and the United States (Cloudflare, OpenAI, Anthropic, OpenRouter, Stripe). Where Personal Data is transferred outside the European Economic Area (EEA), we rely on a valid Chapter V GDPR transfer mechanism — primarily the European Commission's Standard Contractual Clauses (2021/914), supplemented by additional technical and contractual safeguards (e.g., encryption, no-training commitments). Where the receiving organisation is certified under the EU-US Data Privacy Framework, that adequacy decision applies.

4. How we store and secure Personal Data

We implement industry-standard technical and organizational measures to protect your Personal Data against unauthorized access, destruction, or modification. This includes encryption (in transit and at rest), strict access controls, confidentiality obligations for authorized staff, and regular security and privacy training for our employees. We also review our service providers to ensure they meet our stringent requirements, supported by data protection agreements, and all payment information is fully encrypted and handled solely by PCI-certified organizations.

Personal Data is retained only as long as necessary for the purposes described in this Privacy Policy. Where applicable law sets a minimum retention period (for example, accounting and tax records under Luxembourg law — typically 10 years), we retain the relevant Personal Data for that minimum period and delete it thereafter. Marketing data is retained until you unsubscribe or until the data is no longer accurate. Anonymous or aggregated information may be stored indefinitely.

5. Your privacy rights and how to exercise them

Under the GDPR, you have the following rights with respect to your Personal Data:

• Right to be informed and access — Know whether we process data about you and obtain access to it
• Right to rectification — Correct or update Personal Data
• Right to deletion — Have your Personal Data erased
• Right to restrict processing — Limit how we process your data
• Right to withdraw consent — At any time, for processing based on consent
• Right to object — Where processing is based on legitimate interests
• Right to data portability — Receive your data in a structured, commonly used, machine-readable format
• Right to lodge a complaint — With a supervisory authority

6. How to unsubscribe from direct marketing

We want to communicate with you in the ways that you want to hear from us. If you no longer want to receive marketing messages from us, you can click on the appropriate link at the bottom of our marketing emails. Please allow sufficient time for your preferences to be processed.

If you no longer want to receive delivery notifications from us, you can change your notification preferences at any time by emailing us or by clicking on the appropriate link at the bottom of our emails.

7. Contact us

If you have any questions related to DataChi's privacy practices or this Privacy Policy, please contact us:

If you have any complaints, you have the right to contact the supervisory authority of the place where you live. For Luxembourg, this is the Luxembourg National Commission for Data Protection (CNPD).