Privacy Notice

    Last updated: 19 June 2026

    1. WHO WE ARE

    CHATOBSERVER LTD ("Chatobserver", "we", "us") is a company registered in Scotland under company number SC869380. Our registered office is Suite 2/3, 2nd Floor, 48 West George Street, Glasgow, Scotland G2 1BP.

    For the personal information described in this notice, Chatobserver is generally the controller. Contact: [email protected].

    When a business customer submits personal information to the Chatobserver platform for us to process solely on its instructions, that customer is normally the controller and Chatobserver is its processor. Requests concerning that customer-controlled information should usually be directed to the relevant customer. Our Data Processing Addendum governs that processing.

    2. SCOPE

    This notice explains how we handle personal information when you visit our websites, request a report or demonstration, create or use an account, communicate with us, receive marketing, apply for a role, or act as a contact for a customer, prospect, supplier or partner. It does not govern personal information processed solely on a customer's behalf.

    The Services are intended for business users and are not directed to children.

    3. INFORMATION WE COLLECT

    Depending on your relationship with us, we may collect:

    • identity and business-contact details, such as name, employer, role, work email, phone number and professional profile;
    • account and authentication details, workspace membership, permissions and account preferences;
    • customer, contract, purchase-order, billing, transaction and tax information;
    • content you submit, including brand details, domains, prompts, monitoring configurations, support messages, files and feedback;
    • usage, device and network information, such as IP address, browser, device, timestamps, pages or features used, referring page, logs and diagnostic events;
    • marketing preferences and interactions with our messages;
    • security, fraud-prevention and compliance information;
    • recruitment information if you apply to work with us; and
    • other information you choose to provide.

    Payment-card information is generally collected directly by our payment processor rather than stored by Chatobserver.

    4. HOW WE OBTAIN INFORMATION

    We obtain information directly from you; from your employer, colleagues or account administrator; automatically through the website and Services; from integrations you enable; from public business sources; and from service providers, resellers or event partners. Where a customer configures monitoring of public websites or AI-platform responses, the Services may collect public source excerpts, AI responses and related metadata needed to generate reports, including information that incidentally refers to individuals.

    5. PURPOSES AND LAWFUL BASES

    Provide and administer the Services, accounts, reports, support and customer relationship. Information: Contact, account, content, usage, contract and support data. Lawful basis: Contract where you are a party; otherwise legitimate interests in performing our contract with your organisation and operating the service.

    Process orders, invoices, payments, tax and accounting. Information: Contact, contract, billing, transaction and tax data. Lawful basis: Contract; legal obligation; legitimate interests in receiving payment and managing finances.

    Secure, monitor and troubleshoot our systems; prevent fraud and abuse. Information: Account, device, network, logs, content and security data. Lawful basis: Legitimate interests in protecting users, systems and business; legal obligation where applicable.

    Improve and develop products and understand usage. Information: Usage, diagnostic, feedback and appropriately aggregated data. Lawful basis: Legitimate interests in improving our products; consent where required for non-essential cookies or similar technologies.

    Respond to enquiries, demonstrations and sales requests. Information: Contact, employer, enquiry and communication data. Lawful basis: Legitimate interests in responding and developing business relationships; steps at your request before a contract where applicable.

    Send business-to-business marketing and measure engagement. Information: Contact, employer, preferences and message-interaction data. Lawful basis: Consent where required; otherwise legitimate interests in marketing relevant services, subject to your right to object.

    Comply with law, enforce agreements and establish or defend legal claims. Information: Relevant account, contract, content, communication, security and transaction data. Lawful basis: Legal obligation; legitimate interests in compliance and protecting legal rights.

    Manage suppliers and partners. Information: Contact, contract, due-diligence and payment data. Lawful basis: Contract; legal obligation; legitimate interests in managing business relationships.

    Recruitment. Information: Contact, CV, experience, interview and assessment data. Lawful basis: Steps before a contract; legitimate interests in recruitment; legal obligation; consent for optional information where appropriate.

    Where we rely on legitimate interests, we assess whether the use is necessary and balanced against your rights. You may request information about that assessment.

    6. HOW WE USE CUSTOMER CONTENT AND AI SERVICES

    The Services may send prompts, domains, brand information or other configured content to third-party AI, search or infrastructure providers to perform the customer's requested monitoring and analysis. Those providers may process information under their own terms or as our subprocessors, depending on the integration. Customers should not submit confidential or personal information to a public or third-party AI integration unless they have assessed the relevant terms and have a lawful basis. Chatobserver configures available provider controls and contractual settings to opt out of provider model training for customer content. We do not use customer content to train Chatobserver-owned foundation models.

    We may use appropriately de-identified and aggregated operational information to analyse performance and improve the Services. We do not use customer content to train foundation models.

    7. SHARING INFORMATION

    We may share personal information with:

    • hosting, database, content-delivery, authentication, communications, analytics, customer-support, payment, accounting and security providers;
    • third-party AI and search platforms selected or enabled for the Services;
    • professional advisers, auditors, insurers and financial institutions;
    • our business customers where you are their user, contact or representative;
    • regulators, courts, law enforcement or other parties where required by law or necessary to protect rights and safety;
    • a buyer, investor or successor in connection with a proposed or completed corporate transaction; and
    • other parties with your instruction or consent.

    The public subprocessor list is being verified before publication. Contact [email protected] for current processor information.

    We do not sell personal information for money. We do not intentionally share personal information for cross-context behavioural advertising. Any future advertising technology will be assessed before use and reflected in this notice and our Cookie Policy.

    8. COOKIES AND SIMILAR TECHNOLOGIES

    We use necessary technologies to operate and secure our website and Services. We use analytics, advertising or other non-essential technologies only as described in our Cookie Policy and, where required, after obtaining consent. You can change non-essential choices through the Cookie Policy once the verified consent controls are available. Browser settings may also block technologies, but parts of the Services may not work properly.

    See the Cookie Policy at https://chatobserver.com/cookie-policy for the verified list, provider, purpose and duration of each technology once the cookie audit is complete.

    9. INTERNATIONAL TRANSFERS

    We are based in the United Kingdom and may use providers in other countries. Where personal information is transferred internationally, we use a lawful mechanism such as an adequacy regulation or decision, the European Commission standard contractual clauses, the UK International Data Transfer Addendum, the UK International Data Transfer Agreement, or another permitted safeguard. We also assess supplementary measures where required.

    For transfers of EEA personal data to the United Kingdom, we may rely on the European Commission's UK adequacy decision while it remains valid. Contact us for more information about safeguards relevant to your information.

    Exact subprocessor processing locations and transfer mechanisms are being verified before publication in the public subprocessor list. Contact [email protected] for current processor information.

    10. RETENTION

    We retain personal information only as long as reasonably needed for the purposes above, including legal, accounting, security and dispute requirements. Unless deletion is requested and no overriding legal, security, accounting or dispute reason requires retention, we may retain information for as long as needed to operate the Services, maintain business records, preserve security evidence and comply with law:

    • Customer account and contract records: During the relationship and afterward for as long as needed for legal, accounting, tax, security and dispute purposes.
    • Invoices, transaction and accounting records: For as long as required by UK company, accounting and tax law, and longer where needed for disputes or enforcement.
    • Sales enquiries with no customer relationship: Until deletion is requested or the record is no longer needed for business, legal or suppression-list purposes.
    • Support tickets: Until deletion is requested or the record is no longer needed for support, security, product quality, legal or dispute purposes.
    • Security and application logs: For as long as needed for security, diagnostics, abuse prevention, legal or dispute purposes.
    • Customer Data after termination: Retained until the customer requests deletion, the data is no longer needed to provide or support the Services, or deletion is required by the applicable agreement, subject to legal, security and backup retention needs.
    • Backups: Retained until overwritten in ordinary backup cycles or until no longer needed for resilience, legal, security or dispute purposes.
    • Marketing records: Until opt-out or inactivity threshold; retain minimal suppression record to honour opt-out.
    • Recruitment records: Until deletion is requested or the record is no longer needed for recruitment, legal, equality-monitoring or dispute purposes.
    • Cookies: As listed in the verified Cookie Policy.

    We may retain information longer where law requires it or where reasonably necessary for legal claims, fraud prevention, security investigation or enforcement.

    11. YOUR RIGHTS

    Depending on the law and circumstances, you may have rights to access, correct, erase or restrict personal information; receive certain information in a portable format; object to processing based on legitimate interests or direct marketing; and withdraw consent at any time where processing relies on consent. Withdrawal does not affect earlier lawful processing.

    Rights are not absolute. We may need to verify identity and may retain information where an exemption or competing legal obligation applies. To exercise a right, contact [email protected]. Where we process information only for a customer, we may refer your request to that customer.

    You may complain to the UK Information Commissioner's Office. If EU data-protection law applies, you may also have the right to complain to the supervisory authority in your country of residence, work or the alleged infringement.

    12. MARKETING CHOICES

    You can opt out of marketing email using the unsubscribe link or by contacting us. We may still send service, security, billing and other non-marketing communications. You may object at any time to direct marketing based on legitimate interests.

    13. AUTOMATED DECISIONS

    Chatobserver does not use personal information covered by this notice to make solely automated decisions that produce legal or similarly significant effects about individuals. The Services may produce automated analytics about brands, sources or content; customers are responsible for human review and their own use of results.

    14. SECURITY

    We use technical and organisational measures designed to protect personal information, proportionate to the risk. No method of transmission or storage is completely secure. Customers should use strong unique credentials, available multi-factor authentication and appropriate user permissions. A public security summary will be published after control verification. Until then, security questions can be sent to [email protected].

    15. CHILDREN

    The website and Services are intended for business users aged 18 or over. We do not knowingly collect personal information from children through the Services. Contact us if you believe a child has provided information improperly.

    16. EU REPRESENTATIVE

    Chatobserver has not appointed an EU representative at this time. If Article 27 of the EU GDPR requires one, we will update this notice with the representative's name, address and contact details.

    17. CHANGES

    We may update this notice to reflect changes in our practices or law. We will post the revised notice with a new date and provide additional notice where a change is material and law requires it.

    18. CONTACT

    CHATOBSERVER LTD Company number SC869380 Registered in Scotland Registered office: Suite 2/3, 2nd Floor, 48 West George Street, Glasgow, Scotland G2 1BP Privacy email: [email protected]