Privacy Policy

Effective Date:

247ch.at ("we," "us," "our") respects your privacy. This Privacy Policy describes the personal information we collect, how we use it, when we share it, and the rights you have under U.S. and EU/UK law. By using 247ch.at, the embeddable widget, the operator desktop app, or any related service (the "Services"), you agree to this Policy. For terms of use, see our Terms of Service.

1. Information We Collect

1.1 Information You Provide (Operators)

• Account data: email address, display name, password hash (or Google account ID if you signed up with Google).
• Site config: the domains you configure for the widget, plus branding and routing settings.
• Billing data (Pro only): Stripe handles payment processing. We store your Stripe customer ID and plan status. We never see or store your full card number or Cash App PIN.
• SMS opt-in data (operator): mobile phone number, opt-in timestamp, opt-in source, and your notification preferences.
• Support tickets & contact-form messages.

1.2 Information We Collect About Visitors (on Operator Sites)

• Chat transcripts: messages visitors send through the widget and operator replies.
• Optional contact info: name, email, and/or phone number, when a visitor enters them into the chat widget for callback or SMS delivery.
• SMS opt-in data (visitor): mobile phone number, opt-in timestamp, and the specific chat session associated with the consent.
• Session metadata: IP address, user-agent, page URL, timestamps.

1.3 Automatically Collected

• Operator app: IP address you connect from, basic device info, session token.
• Cookies: session cookie for dashboard login; widget cookie on operator sites so a returning visitor lands back in the same conversation. No third-party trackers, no ad pixels.
• Web server / application logs: standard request logs for security and debugging.

2. How We Use Information

• To operate the service — route messages between visitors and operators, keep operators signed in, restore transcripts.
• To bill correctly if the operator is on Pro.
• To prevent fraud and abuse (rate limiting, suspending compromised accounts).
• To send transactional email and SMS (verification, password reset, billing receipts, offline-message pings, two-factor codes).
• To send opt-in operator notifications by SMS when a visitor starts a chat or leaves an offline message.
• To deliver opt-in visitor replies by SMS when a visitor has chosen that as their preferred channel.
• To respond to support requests.
• To comply with legal obligations.

3. Text Messaging (SMS) — Specific Notice

If you opt in to SMS — as an operator or as a visitor on an operator's chat widget — we collect your mobile phone number along with the timestamp and source of your consent. We use this information only to deliver the text messages you requested, to honor your STOP/HELP requests, and to keep an audit record of consent as required by U.S. telecommunications regulations (TCPA / CTIA / The Campaign Registry).

We do not sell, rent, lease, share, or otherwise disclose your SMS opt-in information (mobile number and the fact that you consented to receive text messages) to any third party for marketing or promotional purposes. SMS opt-in data is shared only with our messaging service provider (currently Twilio) strictly as necessary to deliver, route, and report on the messages you requested. Visitor phone numbers collected through an operator's chat widget are NOT shared with anyone other than the operator who runs that widget and our messaging provider.

You can opt out at any time by replying STOP (or END, CANCEL, UNSUBSCRIBE, QUIT) to any 247ch.at text. Reply HELP or email support@247ch.at for assistance. Msg & data rates may apply. See Terms of Service §8 for full SMS-program detail.

4. Who We Share With

• Stripe — payment processing for Pro subscribers. See stripe.com/privacy.
• Anthropic / OpenAI / ElevenLabs — when AI auto-reply or voice features are enabled, the visitor's message and recent transcript are sent to the AI provider to generate a reply. They process the data under our API agreement and do not use it for training.
• Twilio — for SMS delivery (operator notifications, visitor replies, account security codes).
• Email provider — for transactional email delivery (verification, receipts, offline pings).
• Nobody else. We don't sell or share your data, your visitors' messages, or your contact info to advertisers, brokers, or anyone else.

We do not sell personal information (as that term is defined under California, Virginia, Colorado, or Connecticut law), and we do not "share" personal information for cross-context behavioral advertising.

5. Data Retention

• Visitor chat transcripts: 90 days by default, or until you delete them from the dashboard.
• Operator account: kept as long as the account exists. Delete the account and we wipe it within 30 days.
• Billing records: Stripe retains payment data per their own policy. We keep subscription history for 7 years for tax purposes.
• SMS opt-in audit log: at least 4 years after opt-out (carrier / TCR audit requirement).
• Web server logs: 90 days.
• Support tickets: 2 years.

6. Your Rights

You can access, export, or delete your data any time. Email support@247ch.at from your account email and we'll handle it within 7 days.

6.1 California (CCPA / CPRA)

California residents have the rights to know, delete, correct, and portability, plus the right to opt out of sale or sharing (we do neither). We do not discriminate against users who exercise these rights. We respond within 45 days.

6.2 EU / UK (GDPR / UK GDPR)

Articles 15–22 of the GDPR give you rights of access, rectification, erasure, restriction, portability, and objection. Our lawful bases are: (a) contract — to operate your account; (b) legitimate interest — security and aggregate analytics; (c) consent — marketing email and SMS; (d) legal obligation — tax and recordkeeping. The data controller is 247ch.at. We respond within 30 days.

7. Cookies, Analytics & Tracking

We use one session cookie to keep operators signed in to the dashboard. The widget optionally drops a small cookie on operator sites so a returning visitor lands back in the same conversation. No third-party trackers, no ad pixels, no cross-site behavioral advertising.

8. Children's Privacy (COPPA)

247ch.at is not directed at children under 13 and we don't knowingly collect data from them. If you believe a child has signed up, email support@247ch.at and we'll delete the account. Operators who embed the widget on sites directed to children under 13 are responsible for their own COPPA compliance and verifiable parental consent.

9. International Transfers

247ch.at is based in the United States; personal information you provide is processed in the U.S. If you are located in the EU/UK/EEA, transfers rely on the EU Standard Contractual Clauses or equivalent safeguards through our processors.

10. Security

We use TLS for all data in transit, hashed and salted passwords, least-privilege database access, segmented production credentials, regular software updates, and access logging. No system is perfectly secure; if you suspect a vulnerability, please report it to security@247ch.at.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced here (with a new effective date) and, where required, by email or in-app notice at least 14 days in advance.

12. Contact

247ch.at
Privacy / Support: support@247ch.at
Toll-free: (833) 319-3160

See also: Terms of Service.