Privacy Policy
Effective from: April 1, 2026 Version: 1.0
1. Data Controller
ChatJunto AI Operated by: Jiří Čapek Registered Office: Českolipská 1449/81, Mělník 276 01, Czech Republic Company ID (IČO): 04993896 Email: hello@chatjunto.com Web: https://chatjunto.com
(hereinafter referred to as "Controller", "We", "Us", or "ChatJunto AI")
Contact for data protection inquiries: Email: hello@chatjunto.com
2. Introduction
Your privacy is our priority. This document describes what personal data we collect, why we collect it, how we use it, and what rights you have.
We process personal data in accordance with:
- GDPR (Regulation EU 2016/679)
- Czech Act No. 110/2019 Coll., on the processing of personal data
By using the ChatJunto AI service, you agree to this Privacy Policy.
3. What Personal Data We Collect
3.1 Data You Provide Directly
When you register and use the ChatJunto AI service, we collect:
| Category | Data | Purpose |
|---|---|---|
| Registration data | Email, password (hashed) | Account creation and management |
| Profile data | Profile name, phone number (WhatsApp), Telegram chat ID | Identification and connection to messaging platform |
| Conversation data | Message content between you and AI companions | Service delivery, conversation memory |
| Payment data | Email, name (processed via Stripe) | Payment processing |
| Preferences | Selected interests, custom companion name | Service personalization |
3.2 Automatically Collected Data
When you visit junto.cz and use the service, we automatically collect:
| Data | Source | Purpose |
|---|---|---|
| IP address | Your browser / messaging platform | Security, abuse prevention |
| Browser and device type | HTTP headers | Technical support, optimization |
| Message timestamps | System logs | Service functionality, debugging |
| Referrer URL | Referer header | Marketing analytics (anonymized) |
3.3 Data from Third Parties
- Telegram: Chat ID, username (if public)
- WhatsApp (via Twilio): Phone number, message delivery status
- Stripe: Payment status, transaction ID
4. Why We Process Your Data (Purpose and Legal Basis)
4.1 Contract Performance (GDPR Art. 6(1)(b))
We process your data to:
- Provide the ChatJunto AI service (AI companions)
- Manage your account
- Send messages via messaging platforms
- Process payments
Legal basis: Performance of contract (Terms of Service)
4.2 Legitimate Interest (GDPR Art. 6(1)(f))
We process your data to:
- Prevent fraud and service abuse
- Provide technical support and troubleshooting
- Improve service quality (error analysis, AI response optimization)
- Send important service notifications
Legal basis: Legitimate interest of the Controller
4.3 Consent (GDPR Art. 6(1)(a))
With your consent, we process data for:
- Marketing communications (newsletter, updates)
- Analytics using cookies (see Cookies section)
You can withdraw consent at any time by emailing: hello@chatjunto.com.
4.4 Legal Obligation (GDPR Art. 6(1)(c))
We process your data to comply with legal obligations:
- Accounting records (Accounting Act)
- Retention of billing data (tax regulations)
5. How Long We Retain Your Data
| Data Category | Retention Period | Reason |
|---|---|---|
| Registration data | Duration of account + 30 days after deletion | Account recovery option |
| Conversation data | Duration of account + 30 days after deletion | Service delivery, data export |
| Payment data | 10 years from transaction | Legal obligation (accounting, taxes) |
| Technical logs | 90 days | Security, debugging |
| Marketing data | Until consent withdrawn or 5 years of inactivity | Legitimate interest |
After the retention period expires, data is permanently and irreversibly deleted.
6. Who Has Access to Your Data (Third Parties)
6.1 Processors (Service Providers)
We share your data with the following processors who help us operate the service:
| Processor | Location | Purpose | Data |
|---|---|---|---|
| Anthropic (Claude AI) | USA | Generate AI responses | Message content (anonymized) |
| Supabase | USA/EU | Database | All user data |
| Vercel | USA | Web application hosting | IP addresses, technical logs |
| Stripe | USA/EU | Payment processing | Email, name, payment data |
| Twilio | USA | WhatsApp messaging | Phone number, message content |
| Telegram | UAE/EU | Telegram messaging | Chat ID, message content |
All processors are bound by Data Processing Agreements (DPA) and comply with GDPR standards.
6.2 Data Transfer Outside the EU
Some processors have servers in the USA (Anthropic, Stripe, Vercel). Transfers are based on:
- EU Standard Contractual Clauses (approved by the European Commission)
- Privacy Shield or equivalent certification
6.3 We Do Not Sell Your Data
We do not sell, rent, or share your data for third-party marketing purposes.
Exception: We may provide data to public authorities if required by law (court order, criminal investigation).
7. Your Rights Under GDPR
As a data subject, you have the following rights:
7.1 Right of Access (Art. 15 GDPR)
You have the right to know what data we process about you.
How to exercise: Contact us at hello@chatjunto.com. We will provide a copy of your data within 30 days.
7.2 Right to Rectification (Art. 16 GDPR)
You have the right to correct inaccurate or incomplete data.
How to exercise: Update data in your dashboard (https://chatjunto.com/dashboard) or contact us.
7.3 Right to Erasure — "Right to be Forgotten" (Art. 17 GDPR)
You have the right to request deletion of your data.
How to exercise:
- Delete your account in the dashboard → data will be deleted within 30 days
- Or contact us at hello@chatjunto.com
Exception: We cannot delete data we are legally required to retain (invoices, tax documents).
7.4 Right to Restriction of Processing (Art. 18 GDPR)
You can request suspension of processing of your data (e.g., while resolving a dispute about data accuracy).
7.5 Right to Data Portability (Art. 20 GDPR)
You have the right to obtain your data in a structured, commonly used format (JSON, CSV).
How to exercise: Click "Export my data" in the dashboard or contact us.
7.6 Right to Object (Art. 21 GDPR)
You can object to processing of data based on legitimate interest.
How to exercise: Contact us at hello@chatjunto.com with your reasoning.
7.7 Right to Lodge a Complaint with a Supervisory Authority
If you believe we violate GDPR, you have the right to lodge a complaint with:
Office for Personal Data Protection (ÚOOÚ) Pplk. Sochora 27, 170 00 Prague 7, Czech Republic Web: https://www.uoou.cz Tel: +420 234 665 111
8. Security of Your Data
8.1 Technical Measures
To protect your data, we use:
- HTTPS/TLS encryption for all web communication
- Password hashing using bcrypt (10 salt rounds)
- Database encryption at-rest (Supabase encryption)
- Regular backups of the database (daily automatic)
- Firewall and DDoS protection (Vercel, Cloudflare)
8.2 Organizational Measures
- Only authorized personnel have database access
- Regular security code audits
- Suspicious activity monitoring (rate limiting, spam detection)
- Incident response plan for data breaches
8.3 Security Incident
In case of a data breach:
- We will notify ÚOOÚ within 72 hours of discovery
- We will notify affected users without undue delay
- We will provide recommendations to minimize harm
9. Cookies and Tracking Technologies
9.1 What Are Cookies
Cookies are small text files stored in your browser. We use them for website functionality and analytics.
9.2 What Cookies We Use
| Type | Name | Purpose | Duration |
|---|---|---|---|
| Necessary | authjs.session-token | User login | 30 days |
| Functional | locale | Language preference | 1 year |
| Analytics | _ga, _gid (Google Analytics) | Traffic analytics | 2 years / 24 hours |
| Marketing | _fbp (Facebook Pixel) | Conversion tracking | 90 days |
9.3 Managing Cookies
Analytics and marketing cookies require your consent. You can:
- Decline on first website visit (cookie banner)
- Manage in browser settings
- Delete anytime in browser (Settings → Privacy → Clear cookies)
Necessary cookies cannot be disabled as they are essential for service functionality (login).
More information: Cookie Policy
10. Children and Protection of Minors
The ChatJunto AI service is intended for persons aged 18 and over.
If you create a profile for a person under 18, you must be their legal guardian and provide consent for data processing on behalf of the child.
If we discover that we have unintentionally collected data from a child under 13 without parental consent, we will delete such data immediately.
11. Automated Decision-Making and Profiling
11.1 AI Response Generation
The ChatJunto AI service uses an AI system (Claude) to generate responses. This process is partially automated, but:
- Has no legal effects (not decision-making about credit, insurance, employment)
- Is not profiling in the GDPR Art. 22 sense (we do not create profiles for discriminatory purposes)
- Serves only to provide conversational service
11.2 User Profiling (AI Profiling)
Companions create a "user profile" (personality summary, topics, inside jokes) to improve conversation. This profiling:
- Is part of the service provided
- Is not used for marketing or discriminatory purposes
- Can be deleted anytime (by deleting profile or account)
IMPORTANT DISCLAIMER: ChatJunto AI and its AI companions do not provide professional advice. Responses generated by AI companions are for informational and conversational purposes only and should not be considered as:
- Medical, health, or therapeutic advice
- Legal or regulatory advice
- Financial or investment advice
- Professional consultation of any kind
We are not responsible for decisions made based on AI companion responses. Always consult qualified professionals for important decisions regarding health, legal matters, finances, or other significant life decisions.
Content Liability: Users are solely responsible for the content of their messages and conversations with AI companions. We do not monitor, endorse, or take responsibility for user-generated content or how users interact with the service. Users must comply with applicable laws and our Terms of Service.
12. Changes to This Privacy Policy
We may update this Privacy Policy when laws or service change.
We will inform you of changes:
- By email to your registered address
- By notification in the dashboard
- At least 30 days before changes take effect
If you do not agree with changes, you may terminate your account.
13. Contact and Questions
If you have any questions about data protection, contact us:
Email: hello@chatjunto.com Address: Českolipská 1449/81, Mělník 276 01, Czech Republic Web: https://chatjunto.com/privacy
We will respond within 5 business days.
14. Final Provisions
14.1 Effectiveness
This Privacy Policy becomes effective on April 1, 2026.
14.2 Language
This document is available in multiple languages. In case of dispute, the Czech version takes precedence.
14.3 Governing Law
This Privacy Policy is governed by the laws of the Czech Republic and GDPR.
Version: 1.0 Last updated: April 1, 2026 Controller: ChatJunto AI, operated by Jiří Čapek, Českolipská 1449/81, Mělník 276 01, Czech Republic
© 2026 ChatJunto AI. All rights reserved.