Privacy Policy

Last Updated: March 8, 2026

At ChatStack AI, we fundamentally believe in data ownership and privacy. We have designed our architecture to give you control over your data. This Privacy Policy outlines how we handle your information in compliance with the General Data Protection Regulation (GDPR).

1. Default "Local-First" Usage

If you use ChatStack AI without an account or without enabling Cloud Sync, the core functionality happens entirely within your browser:

  • API Keys: Encrypted and stored locally in your browser's IndexedDB. They are never sent to our servers.
  • Chat History & Prompts: Stored locally on your device. We cannot read, access, or analyze your data.

2. Data We Collect When Using Cloud Sync

If you choose to create a Premium account and utilize our Cloud Sync feature, your app state is continuously synchronized with our servers to allow cross-device usage. By enabling this feature, we securely store the following data on our servers:

  • Account Credentials: Your email address and a securely hashed password.
  • Application Data: Your chats, messages, folders, prompts, and application preferences.
  • Encrypted API Keys: Your provider configurations are synced to our database. Because your API keys are encrypted client-side before being synchronized, our servers only receive and store the ciphertext. We cannot view, access, or utilize your raw API keys.

3. Third-Party AI Providers

Because you provide your own API keys, your chat prompts and messages are sent directly from your browser to the respective AI providers (e.g., OpenAI, Anthropic, Google). Your interactions with these models are governed by the privacy policies of those specific providers. We recommend reviewing their policies regarding data retention and model training.

4. Your GDPR Data Protection Rights

Under the GDPR, you have the following rights regarding the data we hold on our servers:

  • The right to access: You can request copies of your personal data.
  • The right to erasure: You can request that we delete your account and wipe all synchronized data from our database at any time.
  • The right to rectification: You can request that we correct any inaccurate information.
  • The right to data portability: You can export your data directly from the application at any time.

5. Cookies and Local Storage

We do not use tracking or advertising cookies. We exclusively use essential local storage mechanisms (IndexedDB and localStorage) alongside secure session cookies to store your app preferences, authentication state, and chat data to ensure the app functions correctly.

6. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us at support@chatstack-ai.com.

Move Chat

Select a destination folder:

Move Folder

Select a parent folder:

Folder Settings