Privacy Policy

Last updated: February 2026

This Privacy Policy explains how ChatCup ("we", "us", or "our") collects, uses, and protects your information when you use the ChatCup AI Workforce Platform at chatcup.ai. We've written this in plain language — no legalese. If you have questions, reach out at support@chatcup.ai.

1. Information We Collect

We collect information you provide directly and information generated as you use the platform.

  • Account information — your name, email address, and password when you register. If you invite team members, we collect their email addresses as well.
  • Conversation data — messages exchanged between your AI agents and end users across connected channels (Telegram, WhatsApp, Web Widget, Instagram, Messenger). This data is stored per organization and is used to power your agents.
  • Uploaded documents — files you upload to build your agents' knowledge base (PDFs, text files, and other supported formats). These are stored securely in Cloudflare R2 object storage.
  • Usage analytics — how you interact with the platform: pages visited, features used, agent performance metrics, and task pipeline activity. This helps us improve the product.
  • Technical data — IP address, browser type, and device information collected automatically when you access the platform.

2. How We Use Your Information

We use the information we collect to:

  • Operate and deliver the ChatCup platform — building, training, and deploying your AI agents.
  • Process and index documents you upload so your agents can retrieve and use that knowledge in conversations.
  • Run task pipelines you configure (data collection, lead qualification, document generation, etc.).
  • Enable multi-channel messaging between your agents and end users.
  • Support team collaboration features within your organization workspace.
  • Send transactional emails (account verification, password reset, billing receipts).
  • Improve platform performance, reliability, and features based on aggregate usage patterns.
  • Investigate and resolve security issues or abuse.

We do not use your data to train our own AI models or sell your information to third parties.

3. Data Processing & AI

When you upload a document to your knowledge base, it passes through our document processing pipeline. Here is exactly what happens:

  • Extraction — the raw content is extracted from your file (text, tables, etc.) and stored in our database.
  • Categorization (graph building) — extracted content is sent to Google Gemini's API to identify concepts, relationships, and structure a knowledge graph. This helps your agents understand context, not just keywords.
  • Embedding (vectorization) — document chunks are converted into numerical embeddings and stored in Cloudflare Vectorize, our vector database. This powers semantic search so your agents can find the most relevant information for any question.

Your document content is sent to Google's Gemini API strictly for processing (categorization and graph building). Google does not use this data to train their models under our API agreement. See Google's API Terms of Service for details.

AI agent responses are generated using the AI model you configure for your agent. Conversation context sent to those models is governed by the respective provider's data policies.

4. Data Storage & Security

ChatCup runs on Cloudflare's global infrastructure. Here is where your data lives:

  • Files — uploaded documents are stored in Cloudflare R2 object storage, encrypted at rest.
  • Structured data — account records, agent configurations, conversations, and task data are stored in PostgreSQL, encrypted at rest.
  • Vector embeddings — document embeddings for semantic search are stored in Cloudflare Vectorize.
  • Session & cache data — short-lived session tokens and cache entries are stored in Cloudflare KV.

All data is encrypted in transit using TLS. Your organization's data is logically isolated — one customer cannot access another's agents, conversations, or documents. Our platform runs on Cloudflare Workers, which means your requests are processed at the edge with no persistent application servers holding your data in memory.

We apply security best practices including access controls, audit logging, and routine dependency updates. That said, no system is 100% secure. If you discover a vulnerability, please report it to support@chatcup.ai.

5. Data Sharing

We do not sell your data. We do not share your data for advertising. We share data only in these limited cases:

  • Cloudflare — our infrastructure provider for compute (Workers), storage (R2, KV), and vector search (Vectorize). Cloudflare processes your data as a data processor on our behalf.
  • Google Gemini API — document content is sent for categorization and knowledge graph building. This data is used for processing only and is not used by Google to train Gemini models under our API agreement.
  • AI model providers — when your agent generates a response, conversation context is sent to the AI provider you have configured (e.g., OpenAI, Anthropic, Google). Each provider's own privacy policy governs their handling of that data.
  • Messaging platforms — messages are delivered through the channels you connect (Telegram, WhatsApp, Instagram, Messenger). Those platforms receive message content as part of normal delivery.
  • Legal requirements — we may disclose data if required by law, court order, or to protect the rights and safety of our users.

6. Your Rights

You are in control of your data. Here is what you can do:

  • Access — view all data associated with your account and organization directly from the platform dashboard.
  • Correct — update your account information at any time from your profile settings.
  • Delete — remove uploaded documents, agents, and conversation history from within the platform. Deleted data is purged from active storage within 30 days.
  • Export — request an export of your data by contacting us at support@chatcup.ai. We will provide it in a machine-readable format within 30 days.
  • Delete your account — you can close your account from settings. This will permanently delete your organization's data, including all agents, documents, conversations, and configurations. This action cannot be undone.

If you are located in the European Economic Area (EEA), UK, or California, you may have additional rights under GDPR or CCPA. Contact us to exercise those rights.

7. Cookies & Analytics

We use a minimal set of cookies:

  • Session cookies — required to keep you logged in. These expire when you close your browser or after a period of inactivity.
  • Authentication tokens — stored securely to maintain your session across requests. These are HTTP-only and cannot be accessed by JavaScript.

We do not use third-party advertising cookies or tracking pixels. Any analytics we collect are aggregated and used solely to understand how the platform is being used so we can improve it.

8. Changes to This Policy

We may update this policy from time to time. When we make significant changes, we will notify you by email or with a notice inside the platform before the changes take effect. The "Last updated" date at the top of this page always reflects the most recent version.

Continuing to use ChatCup after changes are posted means you accept the updated policy. If you disagree with a change, you can close your account before it takes effect.

9. Contact Us

If you have any questions, requests, or concerns about this Privacy Policy or how we handle your data, please reach out:

Email: support@chatcup.ai
Website: chatcup.ai

We aim to respond to all privacy-related inquiries within 5 business days.