Privacy Policy

Welcome to ChatRook's Privacy Policy. Your privacy and the security of your data are fundamental to our business.

ChatRook, Inc. ("ChatRook," "we," "us," or "our") with headquarters at 685 1st Ave, New York, NY 10016, provides a secure video conferencing platform with integrated financial analytics capabilities ("Services"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Services.

As a company built on security and privacy, we have designed our systems with encryption, access controls, and privacy-by-design safeguards. This Privacy Policy reflects our commitment to transparency and data minimization principles.

PLEASE READ THIS PRIVACY POLICY CAREFULLY. By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by all terms of this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.

We collect information using the principle of data minimization - we only collect what is necessary to provide, improve, and secure our Services.

2.1 Information You Provide to Us

Account Information:

• Name, email address, and company information
• Authentication credentials (encrypted and never stored in plaintext)
• Payment information (processed through PCI-DSS compliant providers)

Content Information:

• Video meeting recordings (only when explicitly initiated by you)
• Chat messages exchanged during meetings
• Shared files and documents
• Financial data that you analyze using our AI tools

User Preferences:

• Settings and configurations
• User interface preferences
• Notification preferences

2.2 Information We Collect Automatically

Device Information:

• IP address (pseudonymized)
• Browser or application type
• Operating system
• Device identifiers
• Network information

Usage Information:

• Meeting durations and frequencies
• Features utilized
• Interaction with our platform
• Performance and error data

Analytics Information:

• Aggregated statistical data
• Anonymized performance metrics
• Service utilization patterns

2.3 Information from Third Parties

With your explicit consent, we may collect:

• Authentication information from single sign-on providers
• Financial market data from authorized data providers
• API-based integrations with your authorized financial services

ChatRook uses privacy-focused architecture and controls designed to protect customer content:

• Encryption: Video and audio streams are encrypted using modern protocols where supported by the meeting configuration.
• Modern Protocols: We evaluate modern cryptographic protocols and update our safeguards as standards evolve.
• Content Access Controls: We limit internal access to customer content and use role-based controls for authorized support and operations.
• Local Processing: Where supported, selected processing can happen locally on your device or under user-controlled settings.
• Encrypted Storage: Stored content is encrypted according to the applicable feature, plan, and retention settings.
• Access Controls: Administrative access is limited, logged, and governed by internal security procedures.

We use your information for the following purposes:

4.1 Provide and Maintain our Services

• Deliver secure video conferencing capabilities
• Process and analyze financial data as directed by you
• Generate requested financial reports and insights
• Authenticate users and maintain account security
• Process transactions and billing

4.2 Improve and Develop our Services

• Analyze anonymized usage patterns to enhance features
• Identify and fix technical issues
• Develop new features and capabilities
• Train our AI models using fully anonymized data sets (with opt-out options)

4.3 Communicate with You

• Respond to your inquiries and support requests
• Send service-related notifications
• Provide information about new features and updates
• Send security alerts and privacy notices

4.4 Ensure Security and Compliance

• Detect and prevent fraud, abuse, and security incidents
• Verify identity and enforce access controls
• Conduct security audits and vulnerability assessments
• Comply with legal obligations and enforce our terms

We limit sharing of your information to the following circumstances:

5.1 With Your Consent

• We share your information with third parties only when you explicitly consent.
• Financial analyses are shared only with meeting participants you authorize.

5.2 Service Providers

We share minimal necessary information with trusted service providers who help us deliver our Services, including:

• Cloud infrastructure providers (under strict contractual security requirements)
• Payment processors (who receive only necessary billing information)
• Customer support tools (with limited access to troubleshooting data)

All service providers are bound by strict data protection agreements and are regularly audited.

5.3 Compliance with Laws

We may disclose information when required by:

• Valid legal process such as a court order or subpoena
• Governmental requests that comply with applicable laws
• Protection of our legal rights or prevention of harm

When legally permitted, we will notify you of such requests.

5.4 Business Transfers

In connection with a corporate transaction such as a merger, acquisition, or sale of assets, your information may be transferred. Any such transfer will be subject to commitments that the information will remain protected as described in this Privacy Policy.

5.5 What We Do NOT Share

• We never sell your personal information to third parties.
• We never share the content of your encrypted communications.
• We never provide access to your financial analytics data for advertising purposes.
• We never share your information with data brokers.

ChatRook is headquartered in the United States, but operates globally. When we transfer personal data outside your region:

• We implement technical safeguards such as encryption and pseudonymization.
• We execute appropriate data transfer agreements incorporating standard contractual clauses.
• We utilize regional data processing where required by law.
• We use technical, organizational, and contractual safeguards designed to support applicable data protection obligations.

7.1 Retention Periods

• Account Information: Retained while your account is active and for a limited period after closure to support reactivation.
• Meeting Contents: By default, not stored unless explicitly saved by you. When saved, retained according to your specifications.
• Financial Analyses: Retained for the period specified by you, with a default 90-day retention period.
• Usage Data: Retained in aggregated form for up to 24 months for service improvements.

7.2 Data Deletion

• You can delete your content at any time through our platform.
• Account deletion permanently removes all personal information except where retention is required by law.
• Our secure deletion workflows are designed to remove deleted content from active systems and backups according to documented retention schedules.
• Backups are purged on a rolling 30-day cycle for complete data removal.

Depending on your location, you may have various rights regarding your personal information:

8.1 Access and Portability

• View your personal information through your account settings.
• Request a complete export of your data in machine-readable format.
• Access logs of all account activities and data processing operations.

8.2 Correction and Update

• Modify and update your personal information via account settings.
• Request correction of any inaccurate information we hold about you.

8.3 Deletion and Restriction

• Delete specific content or your entire account at any time.
• Restrict certain types of processing while continuing to use our Services.
• Request that we remove your information from specific features or analytics.

8.4 Objection and Automated Decision-Making

• Opt-out of non-essential data processing activities.
• Object to automated decision-making and request human review.
• Control AI-based analytics applied to your financial data.

8.5 Exercising Your Rights

To exercise any of these rights, please:

• Use the privacy controls in your account settings
• Contact our dedicated Data Protection Office
• Write to us at: Data Protection Officer, ChatRook Inc., 685 1st Ave, New York, NY 10016

We will respond to all legitimate requests within 30 days.

ChatRook implements advanced security measures to protect your information:

9.1 Technical Safeguards

• Modern Encryption: Encryption protocols designed to protect data in transit and at rest where applicable.
• Privacy-Focused Architecture: Access controls and encryption are designed to limit internal access to customer content.
• Multi-Factor Authentication: Required for all account access by default.
• Ephemeral Keys: Session-specific encryption keys that are never stored permanently.
• Secure Enclaves: Processing of sensitive data within isolated secure computing environments.
• Regular Penetration Testing: Conducted by independent security researchers.

9.2 Organizational Safeguards

• Security First Development: Security review at every stage of our development process.
• Employee Access Controls: Strict need-to-know access policies with multi-factor authentication.
• Security Training: Mandatory security training for all employees.
• Vendor Assessment: Rigorous security evaluation of all third-party service providers.
• Bug Bounty Program: Rewards for responsibly disclosed security vulnerabilities.

9.3 Compliance and Security Practices

• Security governance aligned with recognized industry frameworks
• NIST Cybersecurity Framework adherence
• Annual independent security audits
• Privacy and security reviews for applicable data protection frameworks

Our Services are not intended for use by children under 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child under 18, please contact us immediately, and we will promptly remove such information.

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, and other factors. We will post the updated Privacy Policy on our website and, if the changes are significant, we will provide a more prominent notice, including email notification for substantial changes.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our Services after any changes to this Privacy Policy constitutes your acceptance of the revised policy.

As a provider of financial analytics tools, ChatRook implements additional protections for financial data:

12.1 Financial Data Processing

• All financial data analysis is conducted within isolated secure computing environments.
• Financial reports and insights are encrypted with user-controlled keys.
• Market data is sourced from authorized providers with appropriate licensing.
• Historical financial analyses are maintained with strict access controls.

12.2 Financial Regulatory Compliance

• FINRA compliance where applicable
• Implementation of relevant SEC data protection guidelines
• Adherence to international financial data protection standards
• Regular financial compliance audits

12.3 AI Analytics Transparency

• Clear disclosure of AI-generated insights versus factual market data
• Explanation of methodologies used in financial predictions
• Transparency in data sources for financial analytics
• Options to control AI processing of your financial information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: