California Privacy Rights
Effective date: 2025-06-13
This addendum supplements the JustSimpleChat Privacy Policy and applies only to California residents. It explains how we collect, use, disclose and retain personal information as defined by the California Consumer Privacy Act as amended by the California Privacy Rights Act (together, CPRA).
Your California rights
Subject to certain limits, California residents can:
- Know the categories and specific pieces of personal information we collect and the purposes for which we use it.
- Request deletion of personal information we collected from you.
- Correct inaccurate personal information.
- Opt out of the sale or sharing of personal information.
- Limit the use and disclosure of sensitive personal information where it is used for additional purposes.
- Not be discriminated against for exercising these rights.
How to exercise your rights
You can:
- Use in-product controls where available to export or delete data.
- Email [email protected]. We will verify your request by confirming control of the account email address and may ask for limited additional details to validate identity.
- If you use an authorised agent, we may require proof of authorisation and verification of your identity.
We currently do not sell personal information or share personal information for cross-context behavioural advertising. If that changes we will provide a clear opt-out and honour browser-based signals such as Global Privacy Control.
We do not offer financial incentives in exchange for personal information.
Notice at collection (CPRA disclosure table)
The table below summarises the categories of personal information we collect, our purposes, whether we disclose it for business purposes, and typical retention periods. “Service providers” are vendors processing data under our instructions.
| CPRA category | Examples | Sources | Business or commercial purposes | Disclosed for a business purpose | Sold or shared for cross-context advertising | Typical retention | Categories of third parties |
|---|---|---|---|---|---|---|---|
| Identifiers | Email, account ID, cookie IDs, IP address | Directly from you, automatic collection | Account creation, authentication, security, analytics, support | Yes—hosting, authentication, analytics, security vendors | No | Account data while active. Security logs 30–180 days. | Cloud hosting, auth provider, analytics, security vendors |
| Customer records | Name (if provided), billing contact, subscription details | Directly from you, payment processor | Billing, subscription management, compliance, support | Yes—payment processor and billing tools | No | Billing records up to 6 years | Payment processor, billing and accounting tools |
| Commercial information | Transaction history, plan type, refund status | Payment processor, billing tools | Billing, fraud prevention, reporting | Yes—payment and billing vendors | No | Up to 6 years | Payment processor, billing and tax tools |
| Internet or electronic network activity | Usage metrics, pages viewed, crash logs | Automatic collection | Provide functionality, fix bugs, improve performance, security monitoring | Yes—analytics and error reporting vendors | No | Analytics event data 3–14 months. Error logs 30–180 days. | Analytics vendors, error tracking services |
| Geolocation (approximate) | Approximate location from IP address | Automatic collection | Abuse prevention, fraud detection, localisation, analytics | Yes—security and analytics vendors | No | 30–180 days in logs | Security vendors, analytics providers |
| Sensory data | Only if you upload files containing audio or images | Directly from you | Provide the feature you request, support | Yes—storage and processing vendors when necessary | No | While your account is active or until deletion | Cloud storage, model inference providers where applicable |
| Inferences | Product analytics segments (non-advertising) | Derived from usage data | Improve features and user experience | Yes—in pseudonymous form to analytics vendors | No | 3–14 months | Analytics vendors |
| Sensitive personal information | Account log-in (email + password). Payment cards handled by processor. | Directly from you, payment processor | Authentication, account security, payment processing | Yes—authentication/security vendors, payment processor | No sale or sharing for cross-context advertising | Passwords retained while account exists. Processor retains payment data per its terms. | Authentication provider, security vendors, payment processor |
We do not collect protected classification characteristics, professional or employment information, or education information as defined by CPRA.
Contact for California privacy
Email [email protected]. Postal address for privacy requests: JustSimpleChat, 53 Woodlea Avenue, Huddersfield, West Yorkshire, HD3 4EF, United Kingdom.