← Back to Home

Privacy Policy

Last updated: March 19, 2026

1. Introduction

Digitalog Inc. ("Company", "we", "us") operates the Chaton platform ("Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the Korean Personal Information Protection Act (PIPA), and other applicable international privacy laws.

2. Information We Collect

2.1 Information You Provide

  • Account registration information (name, email address, company name)
  • Channel configuration data (API keys, tokens for messaging platforms)
  • Customer support conversation content
  • Payment and billing information (processed by third-party payment providers)

2.2 Information Collected Automatically

  • Log data (IP address, browser type, operating system, access times)
  • Device information (device type, unique device identifiers)
  • Usage data (pages viewed, features used, click patterns)
  • Cookies and similar tracking technologies

2.3 Information from Third-Party Channels

  • End-user profile information from messaging platforms (display name, profile picture) as permitted by each platform's policies
  • Message content transmitted through integrated channels

3. How We Use Your Information

  • To provide, maintain, and improve the Service
  • To process transactions and send related information
  • To send administrative notifications and service updates
  • To respond to inquiries and provide customer support
  • To monitor and analyze usage trends to improve user experience
  • To detect, prevent, and address technical issues and security threats
  • To comply with legal obligations

4. Legal Basis for Processing (GDPR)

Under the GDPR, we process your personal data based on the following legal grounds:

  • Performance of a contract: Processing necessary to provide the Service you have requested.
  • Legitimate interests: Processing for our legitimate business interests, such as improving the Service, provided these interests are not overridden by your rights.
  • Consent: Where you have given explicit consent for specific processing activities.
  • Legal obligation: Processing necessary to comply with applicable laws and regulations.

5. Data Sharing & Disclosure

We do not sell your personal information. We may share information in the following circumstances:

  • Service Providers: Third-party vendors who assist in operating the Service (hosting, analytics, payment processing).
  • Messaging Platforms: Data shared with integrated third-party channels as necessary to deliver messages (subject to each platform's privacy policies).
  • Legal Requirements: When required by law, regulation, legal process, or governmental request.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets.

6. Data Security

We implement industry-standard security measures to protect your data, including:

  • AES-256-GCM encryption for sensitive configuration data (API keys, tokens)
  • TLS/SSL encryption for all data in transit
  • Secure cloud infrastructure with access controls
  • Regular security audits and monitoring

While we strive to protect your personal information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy, or as required by applicable law. Conversation data may be retained for the duration of your subscription plus 90 days, after which it will be securely deleted upon request.

8. Your Rights

8.1 GDPR Rights (EEA/UK Users)

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate data.
  • Right to Erasure: Request deletion of your personal data.
  • Right to Restrict Processing: Request limitation of processing.
  • Right to Data Portability: Receive your data in a structured, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests.
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

8.2 CCPA Rights (California Residents)

  • Right to Know: Request disclosure of personal information collected, used, and shared.
  • Right to Delete: Request deletion of personal information.
  • Right to Opt-Out: Opt out of the sale of personal information (we do not sell personal information).
  • Right to Non-Discrimination: Exercise your rights without discriminatory treatment.

8.3 PIPA Rights (Korean Residents)

  • Right to access, correct, delete, and suspend processing of personal information in accordance with the Personal Information Protection Act of Korea.

9. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses (SCCs) as approved by relevant authorities.

10. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child, we will take steps to delete such information promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Your continued use of the Service after any changes constitutes acceptance of the revised policy.

12. Contact Us

For any privacy-related inquiries or to exercise your rights, please contact:

Digitalog Inc. — Data Protection
Email: privacy@digitalog.co.kr