Privacy Notice
chatrut takes user privacy seriously. This document explains what data we collect, how we use it, and your rights.
1. Data we collect
Automatically (from everyone)
- IP address, User-Agent, access timestamps (server logs)
From registered users
- Username (required)
- Email (optional — not required for quick signup)
- Google profile (if you sign in with Google: name, email, avatar)
- Content you upload (text, images, video, messages, likes, follows)
- AI prompt text (for Grok / DeepSeek / Claude features)
2. Data we do NOT collect
- Government ID, phone number, postal address, financial data
- Location (GPS), biometrics, facial recognition
- Ad profiles, third-party tracking pixels
3. What gets sent to AI services
Full transparency:
- Grok / DeepSeek / Claude: only the prompt you write is sent. Generated output is stored on Cloudflare R2.
- Claude moderation: when you upload a video, 12 sample frames are sent for NSFW detection — frames are not retained.
- These providers contractually commit not to use your content to train their models (per their API terms).
4. International transfers
| Provider | Location | Purpose |
|---|---|---|
| Cloudflare | USA / Global | CDN, DNS, R2 media storage, security, email routing |
| USA | OAuth sign-in (only if you choose Google) | |
| xAI (Grok) | USA | AI image + video generation (on user request) |
| DeepSeek | China | AI text generation (optional, on user request) |
| Anthropic (Claude) | USA | NSFW moderation (frames processed transiently) |
| Hetzner Cloud | Germany (EU) | Server hosting |
By creating an account and posting content, you consent to these transfers. You can withdraw consent at any time by deleting your account.
5. Direct messages
DMs are not end-to-end encrypted. They are stored as plain text on our servers. This means:
- They may be disclosed to authorities under valid legal process (court order)
- Moderators may read them when investigating a report
- Do not share sensitive data (passwords, card numbers, government IDs) via DM
6. Security
- All traffic over HTTPS (TLS 1.2+)
- Passwords hashed with bcrypt (irreversible)
- Session tokens: 32-byte random + HttpOnly + Secure cookies
- Cloudflare WAF + bot fight mode + rate limiting
7. Account deletion
Email [email protected] to delete your account. All your data is removed within 7 business days.
8. Children
The platform is not directed at children under 13. If we learn a user is under 13, the account is deleted immediately.
9. Cookies
cr_session— session token (60 days, HttpOnly + Secure, required)cr_dismiss_protect— banner dismissal (24 hours)__cf_bm— Cloudflare bot management (required)
We do not use advertising, analytics, or tracking cookies.
10. Your rights
- Find out whether your data is being processed
- Request deletion or correction
- Find out which third parties received your data
For requests, email [email protected]. We respond within 30 days.