Privacy Policy
Effective Date: January 1, 2024
This Privacy Policy explains how chippyo LLC (“chippyo,” “we,” “us,” or “our”) collects, uses, and shares information about you when you use https://www.chippyo.com, our APIs, or any related services (the “Service”).
1. Information We Collect
| Category | What it Includes | Purpose |
|---|---|---|
| Account Info | Name, email, hashed password, username, avatar | Create & secure your account, authenticate you |
| User Content | Uploaded quotes (PDF/images), project photos, ratings, comments | Display on the platform, enable community feedback, train in-house models |
| Usage Data | Pages viewed, actions taken (clicks, slider movements), referral URL, timestamps | Analytics, product improvement, fraud prevention |
| Device & Log Data | IP address, browser type, OS, device identifiers, error logs | Troubleshooting, security, localization |
| Cookies & Similar Tech | Session cookies, analytics cookies, JWT tokens | Keep you logged in, measure traffic, personalize content |
| Optional Survey / Beta Feedback | Responses to forms, feature-feedback, demographic insights | Product research, feature prioritization |
2. How We Collect Information
- Directly from you when you create an account, upload content, or communicate with us.
- Automatically via cookies, server logs, and similar technologies.
- From third parties such as OAuth providers (e.g., Google sign-in) if you choose to link them.
3. How We Use Information
- Operate, maintain, and improve the Service.
- Parse quotes using AI services (OpenAI API) to extract line items.
- Moderate content, detect fraud, and enforce our Terms of Service.
- Send transactional emails (account verification, policy updates).
- Show anonymized analytics and market-rate insights.
- Develop new features—including machine-learning models—using aggregated or de-identified data.
- Comply with legal obligations and respond to lawful requests.
4. Legal Bases for Processing (EEA/UK Users)
When we process personal data of individuals in the European Economic Area (EEA) or United Kingdom, we rely on:
- Contractual necessity (to provide the Service you request).
- Legitimate interests (e.g., security, analytics, AI improvements) that do not override your rights.
- Consent for optional cookies or marketing communications.
- Compliance with legal obligations.
5. How We Share Information
- Community Visibility. Quotes, project photos, ratings, and comments you post are public by default. Redact personal info before uploading.
- Service Providers. Hosting (Vercel), database & storage (Supabase), AI processing (OpenAI), analytics (Plausible or Google Analytics). These vendors access data only to perform services for us.
- Legal & Safety. We may disclose information if required by law, subpoena, or to protect rights, property, or safety of chippyo, users, or the public.
- Business Transfers. If we are involved in a merger, acquisition, or asset sale, your information may be transferred.
6. Cookies & Analytics
We use first-party cookies for session management and third-party/first-party analytics cookies to understand usage. You can disable cookies in your browser, but some features may break.
7. Your Choices & Rights
- Account Settings: View, edit, or delete your profile at any time.
- Content Removal: Delete your own quotes or comments; residual copies may remain in backups.
- Email Preferences: Opt out of non-essential emails through settings or unsubscribe links.
- GDPR/UK/EEA: You may request access, correction, deletion, portability, or restriction of your personal data. Email hello@chippyo.com.
- California Residents: See §10 for CPRA rights and “Do Not Sell or Share“ options.
8. Data Retention
We retain personal data for as long as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. Backups are purged on a rolling 30-day basis.
9. Security
We employ industry-standard practices: TLS encryption in transit, AES-256 encryption at rest (Supabase), strict row-level security, and least-privilege IAM roles. No method is 100% secure; you use the Service at your own risk.
10. Notice to California Residents (CPRA)
We do not “sell“ personal information in the traditional sense. We may “share“ (as defined by CPRA) usage data with analytics providers. You can opt out by enabling a GPC (Global Privacy Control) signal or emailing hello@chippyo.com.
11. Children's Privacy
The Service is not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child provided us data, contact us to delete it.
12. International Transfers
We are based in the United States. If you access the Service from outside the U.S., your information will be transmitted to and stored in the U.S. We rely on Standard Contractual Clauses or equivalent safeguards for EEA/UK transfers.
13. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be posted here and sent via email or site notice at least 14 days before they take effect. Continued use after the effective date constitutes acceptance.
14. Contact Us
For privacy questions, data requests, or complaints, contact:
Email: hello@chippyo.com