Last Updated April 29, 2026

Privacy Policy

Chatmount (“we”, “us”, or “our”) operates the website www.chatmount.co and the Chatmount platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and authentication credentials through our authentication provider. We do not store your password directly.

Training Data

When you train an AI agent, you may upload PDFs, provide website URLs, or enter text and Q&A content. This data is processed and stored securely to power your agent's responses.

Chat & Conversation Data

We store messages exchanged between end-users and your deployed agents, including session metadata such as visitor IP addresses (anonymised), referring URLs, page URLs, and user-agent strings. This data is used to provide conversation history and analytics.

Payment Information

Subscription payments are processed through Razorpay. We do not store your full credit card or bank details. Razorpay handles payment data in accordance with PCI-DSS standards.

Usage Data

We automatically collect information about how you interact with our platform, including pages visited, features used, credit consumption, and agent configurations.

2. How We Use Your Information

01

Provide, operate, and maintain the Chatmount platform

02

Process your training data to create and power your AI agents

03

Store and display conversation history and analytics

04

Process subscriptions and manage your account

05

Send transactional emails (account confirmations, billing receipts)

06

Improve our services, fix bugs, and develop new features

07

Detect, prevent, and address technical issues or abuse

08

Comply with legal obligations

3. Data Storage & Security

Your account data is stored in secure, managed databases. Your training data is processed and stored on our cloud infrastructure with strict access controls.

We implement industry-standard security measures including encrypted connections (HTTPS/TLS), access controls, and regular security reviews. However, no method of electronic storage is 100% secure, and we cannot guarantee absolute security.

4. Third-Party Services

We use the following third-party services that may process your data:

Google (Sign-in)

User authentication & account management via Google OAuth

Google Drive / Sheets

Appending captured leads to a Google Sheet you select (via the drive.file scope + Drive Picker)

Google Calendar

Creating booking events + reading free/busy times on a calendar you select

Meta (Instagram / Facebook)

Instagram DM integration via Meta Graph API

OpenAI

AI response generation

Resend

Transactional and lead notification emails

Razorpay

Payment processing

Each of these providers has their own privacy policy governing the use of your data. We encourage you to review them.

5. Data Shared with AI Providers

When an end-user sends a message to your deployed agent, relevant portions of your training data and the user's message are sent to our AI provider to generate a response. Our AI provider processes this data according to their API data usage policy and does not use API inputs to train their models.

Important

We do not sell, rent, or share your training data or conversation data with any other third parties for marketing or advertising purposes.

6. Data from Social Media Integrations

Chatmount allows you to connect Instagram professional (Business or Creator) accounts to your AI chatbot. When you use this feature, we access and process the following data via Meta's Instagram Graph API:

What Instagram Data We Access

  • Instagram Business account profile information (username, account ID, profile picture) via instagram_business_basic
  • Instagram Direct Messages received from your customers via webhooks via instagram_business_manage_messages

How We Use This Data

  • Profile information is displayed in your Chatmount dashboard to confirm which Instagram account is connected
  • Incoming DMs are processed through your AI chatbot to generate AI-assisted replies on your behalf
  • DM content is sent to our AI provider (OpenAI) solely to generate a response — OpenAI does not use API inputs to train its models

What We Do Not Do

  • We do not store Instagram DM content permanently — messages are processed in real-time to generate a response
  • We do not sell or share Instagram user data with any third parties
  • We do not use Instagram data for advertising or marketing purposes
  • We do not access media, stories, posts, or follower data — only Direct Messages and basic profile information

Data Retention

  • Instagram access tokens are encrypted and stored only for as long as the integration is active
  • When you disconnect Instagram, your access token is immediately and permanently deleted from our systems
  • Message content may be briefly retained in memory during an active chat session for conversation context, but is not written to long-term storage

Your Control

  • You can disconnect your Instagram account at any time from the Integrations dashboard inside Chatmount
  • Disconnecting immediately revokes all of our access to your Instagram data
  • If you delete your Chatmount account, all Instagram-related data (profile information, encrypted access tokens, and any logged conversations) is permanently deleted from our systems within 30 days

7. Google Workspace Integrations

Chatmount lets you connect your Google account so your AI agent can (a) sign you in via Google, (b) append captured leads to a Google Sheet that you select, and (c) create booking events on a Google Calendar that you select. Each connection is optional and only happens when you explicitly authorize it through Google's standard OAuth consent screen.

Google Data We Access

  • Your Google account email address and OpenID identifier (via openid and userinfo.email). Used to sign you in and to confirm which Google account is connected to an integration.
  • Specific Google Drive files you select via Google Drive Picker (via drive.file). We can only read and write the exact spreadsheet(s) you pick. We cannot see, read, or modify any other file in your Drive.
  • Permission to create calendar events on the calendar you select (via calendar.events). We only create events through this scope; we do not modify or delete events we did not create.
  • Free/busy time ranges on the calendar you select (via calendar.readonly). We only read whether a time range is busy — we do not read event titles, descriptions, attendees, or any other event details.

How We Use This Data

  • Sign-in: to authenticate you into Chatmount and create or load your account.
  • Google Sheets lead export: each new lead captured by your chatbot is appended as a new row to the spreadsheet you picked. When possible the data is mapped to your existing column headers; if the sheet is empty we write a default header row once.
  • Calendar bookings: when a visitor picks a slot in your chat widget, we create a calendar event on the calendar you chose with the visitor's name and email as an attendee plus an auto-generated Google Meet link. The event description contains only the information the visitor submitted in the lead form.
  • Free/busy lookups: we query free/busy ranges on demand to generate the list of available time slots shown to visitors. This data is used in-memory and never stored.

What We Do Not Do

  • We do not sell, rent, or share your Google data with any third party.
  • We do not use your Google data for advertising, marketing, or to train AI or machine-learning models.
  • We do not access any Google services, APIs, or data beyond the scopes listed above.
  • We do not read or store Google Drive files other than the spreadsheet you explicitly picked.
  • We do not read Google Calendar event details (titles, descriptions, attendees, locations) — only free/busy time ranges.
  • We do not allow humans to read your Google data except as required for security investigations, to comply with law, or with your explicit consent.

Data Retention & Revocation

  • Your Google OAuth refresh token is encrypted at rest and stored only while the integration is connected.
  • The IDs of the spreadsheet and calendar you selected are stored as configuration. We do not store file contents — we only write to them.
  • Disconnecting an integration from the Chatmount dashboard immediately and permanently deletes the encrypted tokens from our systems.
  • You can also revoke Chatmount's access at any time from myaccount.google.com/permissions.

Google API Services Limited Use

Chatmount's use and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy, including the Limited Use requirements.

8. Data Retention

We retain your account data for as long as your account is active. Training data is retained until you delete the associated agent or your account.

When you delete an agent, all associated training sources, training data, conversation history, and configurations are permanently removed from our systems.

If you delete your account, all your data including agents, training sources, conversations, and personal information will be permanently deleted within 30 days.

9. Your Rights

Access

You can access and download your data at any time through the platform

Correction

You can update your account information and agent configurations

Deletion

You can delete individual agents or your entire account

Portability

You can export your training sources and conversation data

Objection

You can contact us to object to specific data processing activities

To exercise any of these rights, contact us at hello@chatmount.co.

10. Cookies & Local Storage

We use cookies and local storage for authentication sessions (managed by our authentication provider), theme preferences, and essential platform functionality. We do not use third-party tracking or advertising cookies.

11. Children's Privacy

Chatmount is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the “Last updated” date. Your continued use of Chatmount after any changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Company

Chatmount

Email

hello@chatmount.co

Office

4th Floor, Regus, Andheri Kurla Road, Andheri East, Mumbai 400093, India