Enterprise-Grade Security

Data Protection & Privacy

Your privacy is our priority. Learn how we protect your data with advanced security measures, transparent practices, and full regulatory compliance.

GDPR Compliant
SOC 2 Certified
ISO 27001 Aligned

Last updated: January 31, 2025

Effective Date: February 1, 2025

Data Protection at a Glance

What We Collect

  • Account information (email, name)
  • AI conversation data
  • Usage analytics (anonymized)

How We Protect It

  • End-to-end encryption
  • Zero-knowledge architecture
  • Swiss data residency

Table of Contents

Data We Collect

Account Information

  • Personal Details: Name, email address, and profile information you provide
  • Billing Information: Payment details processed securely through Stripe (we don't store payment data)
  • Preferences: Account settings, language preferences, and subscription details

Conversation Data

  • AI Conversations: Messages you send to AI models and their responses
  • Uploaded Files: Documents, images, or other files you share with AI models
  • Chat History: Your conversation history with timestamps and model selection

Technical Data

  • Usage Analytics: Feature usage, session duration, and interaction patterns (anonymized)
  • Device Information: Browser type, operating system, IP address (anonymized)
  • Error Logs: Technical errors and performance data to improve our service

How We Use Your Data

Service Provision

  • Deliver AI collaboration services
  • Maintain chat history and preferences
  • Process payments and subscriptions

Service Improvement

  • Analyze usage patterns (anonymized)
  • Improve AI collaboration algorithms
  • Enhance security and performance

AI Training & Model Improvement

Important: We Do NOT Use Your Data for AI Training

Unlike some AI platforms, MultipleChat does not use your conversations, uploads, or personal data to train AI models. Your data remains private and is used solely to provide our services to you.

Third-Party AI Providers: When you use our service, your queries are sent to third-party AI providers (OpenAI, Anthropic, Google, xAI) through their official APIs. Each provider has their own data handling practices:

  • OpenAI (ChatGPT): Does not use API data for training when using their commercial API
  • Anthropic (Claude): Does not use API conversations for training their models
  • Google (Gemini): Commercial API usage is not used for model training
  • xAI (Grok): Follows enterprise-grade data handling practices

Data Sharing & Third Parties

We Never Sell Your Data

MultipleChat will never sell, rent, or lease your personal information to third parties for marketing or commercial purposes.

Limited Data Sharing

We only share data in these specific circumstances:

  • AI Service Providers: Your queries are sent to AI providers to deliver our service (with enterprise data protection agreements)
  • Payment Processing: Stripe processes payments securely (we don't see your payment details)
  • Legal Requirements: When required by law, court order, or to protect our legal rights
  • Business Transfers: In case of merger or acquisition (with continued data protection commitments)

Security Measures

Technical Security

  • AES-256 encryption at rest
  • TLS 1.3 encryption in transit
  • Zero-knowledge architecture
  • Regular security audits

Operational Security

  • Multi-factor authentication
  • Employee background checks
  • Principle of least privilege
  • 24/7 security monitoring

Your Rights

Under GDPR, CCPA, and other privacy laws, you have the following rights regarding your personal data:

Right to Access

Request a copy of your personal data we hold

Right to Rectification

Correct inaccurate or incomplete information

Right to Erasure

Request deletion of your personal data

Right to Portability

Export your data in a machine-readable format

Right to Restriction

Limit how we process your data

Right to Object

Object to certain types of data processing

How to Exercise Your Rights: Contact us at [email protected] or use the data controls in your account settings. We'll respond within 30 days.

Data Retention

Retention Periods

Chat History

Retained while your account is active. You can delete conversations anytime.

Account Information

Retained while your account is active, then 30 days after account deletion.

Analytics Data

Anonymized usage data retained for up to 2 years for service improvement.

Billing Records

Retained for 7 years for legal and tax compliance requirements.

International Data Transfers

Swiss Data Residency

MultipleChat is based in Switzerland and primarily processes data within Switzerland and the EU. Switzerland is recognized by the EU as providing adequate data protection.

When We Transfer Data:

  • AI Service Providers: Some AI providers (OpenAI, Google, xAI) are US-based. We use Standard Contractual Clauses (SCCs) and ensure they have adequate safeguards.
  • Cloud Infrastructure: Our EU-based cloud infrastructure ensures data remains within jurisdictions with adequate protection.

Regulatory Compliance

GDPR

Full compliance with EU General Data Protection Regulation

SOC 2 Type II

Independently audited security and availability controls

ISO 27001

Information security management system alignment

Additional Compliance

  • CCPA (California Consumer Privacy Act)
  • Swiss Federal Data Protection Act
  • UK Data Protection Act 2018
  • Canada PIPEDA compliance

Contact Our Privacy Team

Have questions about data protection, want to exercise your rights, or need to report a privacy concern? Our dedicated privacy team is here to help.

Privacy Inquiries

[email protected]

Data Protection Officer

[email protected]

Postal Address

MultipleChat AI

Untere Wiltisgasse 5

CH-8700 Küsnacht

Switzerland

CHE-232.104.780