Legal

Privacy Policy

Last updated: June 1, 2026

1. Introduction

ChartGPT ("we", "our", or "the Service") is operated by YT Corporation. This Privacy Policy explains how we collect, use, disclose, and protect information about you when you use chartgpt.in or our API. By using the Service you agree to this policy.

2. Information We Collect

  • Account data — name, email address, and hashed password when you register.
  • Database credentials — connection strings are encrypted at rest using AES-128-CBC (Fernet) and never stored in plaintext.
  • Usage data — queries run, dashboards created, widget interactions, and error logs collected to improve the Service.
  • Device and log data — IP address, browser type, pages visited, and timestamps via server logs.
  • Communication data — messages you send us via the contact form or email.

3. How We Use Your Information

  • To provide, maintain, and improve the Service.
  • To authenticate your identity and enforce workspace isolation.
  • To process AI-generated queries against your databases on your behalf.
  • To send transactional emails (password reset, verification).
  • To analyse aggregated, anonymised usage patterns and improve AI models.
  • To comply with legal obligations and enforce our Terms of Service.

4. Data Sharing and Third Parties

We do not sell your personal data. We share data only with:
  • OpenAI — schema context and query intent are sent to the OpenAI API to generate SQL and insights. We do not send raw database contents.
  • Infrastructure providers — cloud hosting, database, and monitoring providers bound by data processing agreements.
  • Legal authorities — when required by applicable law, court order, or governmental authority.

5. Data Retention

We retain your account data for as long as your account is active. Database credentials are deleted immediately upon connection removal. Query logs are retained for 90 days. You may request deletion of your data at any time via privacy@chartgpt.in.

6. Security

We implement technical and organisational measures to protect your data: TLS in transit, AES-128 at rest, tenant-isolated vector stores, read-only credential recommendations, and JWT with refresh token rotation. See our Security Policy for full details.

7. Your Rights

Depending on your jurisdiction you may have the right to access, correct, port, or delete your personal data, and to object to or restrict processing. Contact us at privacy@chartgpt.in to exercise these rights.

8. Cookies

We use essential cookies for session management. See our Cookie Policy for details.

9. Children

The Service is not directed to individuals under 16. We do not knowingly collect personal data from children.

10. Changes to This Policy

We may update this policy periodically. We will notify you of material changes via email or a prominent notice on the Service. Continued use after notice constitutes acceptance.

11. Contact

For privacy enquiries: privacy@chartgpt.in · YT Corporation, India.