When you sign up for Chime, we collect the information you provide during onboarding: your name, business name, email address, phone number, and industry. This is what we need to set up your account and configure your agent.

When your Chime agent handles customer conversations, those conversation logs are stored on our infrastructure. We use this data to power your dashboard analytics — things like response volume, common topics, and resolution rates — and to help your agent improve over time.

We do not collect personal data from your customers beyond what they voluntarily share in the course of a conversation with your business.

Your business information — the details you provide about your services, pricing, policies, and tone — is used to train and configure your Chime agent. The better the information you provide, the better your agent performs.

Conversation logs are used for two purposes: generating the metrics you see on your dashboard, and improving the accuracy of your agent's responses to future queries from your customers.

We may use anonymized, aggregated data across the platform to improve Chime's core models. This data is stripped of any identifying information before it is used in this way. We are not in the business of selling data — your information is never sold to third parties, full stop.

• Configure and run your Chime agent
• Generate your dashboard analytics
• Send you product updates and onboarding communications
• Improve Chime's underlying models using anonymized, aggregated data
• Fulfil our legal obligations where required

When your customers message your business through Chime, those conversations are processed by our systems to generate responses. We want to be clear about ownership: this data belongs to you, not to us. We act as a data processor on your behalf, and you are the data controller.

By default, conversation logs are retained for 90 days. After that period, they are permanently deleted from our systems. If you need data removed sooner — for example, in response to a customer request — you can email us at hello@getchime.ai and we will action it promptly.

We do not use your customers' data to train models for other businesses on the platform. What happens in your conversations stays in your account.

Chime connects to iMessage and WhatsApp through their respective platform APIs. When a customer sends a message to your business, that message is transmitted from the platform to Chime's servers, where it is processed to generate a response. The response is then sent back through the same channel.

We process message content solely for the purpose of generating accurate, context-aware responses. We do not store message content on the originating platform's infrastructure, nor do we have access to any data beyond what is explicitly passed to us through the API at the time of the conversation.

Your use of iMessage and WhatsApp is also subject to Apple's and Meta's respective privacy policies, which govern how those platforms handle data on their end.

We take security seriously. Here is what we have in place to protect your data and your customers' data:

• Encryption in transit: All data moving between your browser, our servers, and third-party APIs is encrypted using TLS 1.3.
• Encryption at rest: Stored data is encrypted using AES-256.
• Access controls: Access to production data is restricted to a small number of authorized engineering staff, and all access is logged.
• SOC 2 Type II: We maintain compliance with SOC 2 Type II standards, which are independently audited.
• Regular audits: We conduct regular security reviews and penetration tests to identify and fix vulnerabilities.

If you discover a security issue, please report it to hello@getchime.ai. We take all reports seriously and will respond quickly.

Running Chime requires a small number of trusted third-party services. Here is what we use and why:

• Amazon Web Services (AWS): Our primary cloud infrastructure provider. Your data is hosted on AWS servers.
• Stripe: Payment processing for subscriptions. We do not store your card details — Stripe handles all payment data.
• Internal analytics: We run our own analytics on aggregated product usage. We do not use third-party analytics services that would receive your data.

Each third-party provider we work with is bound by a data processing agreement that restricts how they can use your data. We do not share your data with advertising networks, data brokers, or any party whose business model depends on selling user information.

You have meaningful control over your data. At any time, you can:

• Request a copy of the data we hold about you and your business
• Request deletion of your account and all associated data
• Export your conversation history in a portable format
• Correct inaccurate information we hold about you
• Object to processing in certain circumstances under applicable data protection law

To exercise any of these rights, email us at hello@getchime.ai. We will acknowledge your request within 2 business days and aim to fulfil it within 5 business days. There is no charge for making a request.

If you have questions about this privacy policy, how we handle your data, or anything else related to privacy at Chime, we would like to hear from you.

Email us at hello@getchime.ai — a real person will read and respond to your message.