Privacy Policy

1.1. Account Information. When you create an account, we collect your email address, name (if provided), phone number (if provided), and company name (if provided). This information is used for account authentication, billing, and service communications.

1.2. Usage Telemetry. We collect aggregated, anonymized usage data including: pipeline execution counts, token consumption, feature usage patterns, credit consumption, and session metadata. This data is used for billing, performance optimization, and product improvement.

1.3. Database Schema Metadata. When you connect a data source, the Service reads structural metadata (such as data types and statistical profiles including cardinality, null rates, and value distributions) to power the semantic layer. This metadata is stored in your isolated tenant space. The Service also samples a limited number of representative values from categorical columns for the purpose of entity resolution and query accuracy. These sampled values may include category labels, dimension values, or entity identifiers from your source data (for example, product names, region codes, or department labels). Sampled values are stored in your tenant-isolated space, are never shared outside your tenant-isolated space, and are never shared with other users. You may delete all sampled data at any time through your account settings.

1.4. Natural Language Queries and AI Processing. Your natural language questions are processed through third-party AI providers to generate SQL and analytical outputs. Queries are transmitted to these providers as described in Section 5. We store query text and AI responses in your tenant-isolated session history for continuity and semantic layer functionality. These records are protected by row-level security and included in data deletion requests.

1.5. Payment Information. Payment card details (credit card numbers, billing addresses) are collected and processed exclusively by Stripe. We never receive, store, or have access to your full payment credentials. We retain only Stripe-issued reference identifiers for the purpose of managing your subscription and billing history.

1.6. Document Content (Google Drive Integration). When you connect Google Drive and approve documents for processing, the Service reads document content and stores extracted structure, text segments, AI-generated summaries, keywords, and temporal references in your tenant-isolated space. Document processing is opt-in — you control which documents are approved for analysis. All stored document data is protected by row-level security and accessible only to your authenticated account. You may delete all document data at any time through your account settings.

1.7. Vector Embeddings. The Service generates mathematical representations (vector embeddings) of your data source metadata, sampled values, and document content for semantic search and entity resolution. These embeddings are derived metadata, not full content reproductions — they contain only statistical representations used for retrieval and are stored in your tenant-isolated space.

1.8. Error and Diagnostic Logs. The Service records error and diagnostic logs when system failures occur. These logs may include sanitized request context and error details for the purpose of debugging and improving platform reliability. Logs are access-controlled, retained for a limited period, and do not intentionally capture personally identifiable information. Sensitive values (such as credentials or connection details) are stripped before logging.

1.9. Email Communications. We operate a transactional email system for account notifications, billing alerts, and service updates. Email delivery records (recipient address, delivery status, template used) are retained for operational and compliance purposes. You may unsubscribe from non-essential communications at any time.

Chion is designed with a privacy-first architecture. Specifically:

• We do not collect personally identifiable information from your connected databases. The data transmitted to AI providers consists of structural metadata, semantic labels, and limited representative samples — never full row exports or bulk data.
• We do not use cookies for advertising or third-party tracking.
• We do not sell, rent, or share your data with third parties for marketing purposes.
• We do not retain plaintext database credentials at any point — credentials are encrypted with AES-256-GCM and decrypted in-memory only during active pipeline operations.
• We do not support the storage or processing of protected health information (PHI) as defined by HIPAA. The Service is not HIPAA-compliant unless a separate Business Associate Agreement has been executed.
• We do not store payment card information. All payment card data is processed exclusively by Stripe.

We use the information we collect to:

• Provide, maintain, and improve the Service
• Process billing and manage subscription plans
• Generate SQL and analytical outputs in response to your queries
• Build and maintain the semantic layer for your connected data sources
• Process and analyze documents you have approved for analysis
• Monitor platform performance and enforce rate limits
• Send transactional emails including service updates, billing notices, and security alerts
• Diagnose and resolve system errors using sanitized diagnostic logs
• Comply with legal obligations

4.1. Tenant Isolation. All user data is logically isolated through row-level security (RLS) policies enforced at the database layer. Your data sources, queries, semantic attributes, document content, and outputs are accessible only to your authenticated account.

4.2. Encryption. Data in transit is protected by TLS 1.2 or higher. Database credentials are encrypted at rest using AES-256-GCM with time-limited in-memory decryption. Plaintext credentials are never logged or persisted to disk.

4.3. Access Controls. Internal access to production systems is restricted to authorized personnel and subject to audit logging. All credential resolutions and security-relevant operations are logged to our security audit system.

We use the following third-party services to operate the platform:

We enter into data processing agreements with all sub-processors and require them to maintain security standards consistent with industry best practices. Changes to sub-processors are communicated with 30 days' advance notice.

† Chion is actively negotiating dedicated data processing agreements (DPAs) with each LLM provider marked above to formalize contractual prohibitions against model training on customer content. Until these agreements are executed, the no-training guarantees described in this section are governed by each provider's standard commercial API terms.

Abuse Monitoring Retention. All LLM providers retain prompts and responses for limited periods to enforce their usage policies and comply with legal obligations. Current retention windows are: Anthropic (limited period, not publicly specified); OpenAI (up to 30 days); Google Gemini (up to 55 days). This data is used solely for safety and policy enforcement and is not used for model training.

Data Residency. Data transmitted to third-party AI providers may be processed and temporarily stored in any country in which those providers or their agents maintain facilities, including the United States. By using the Service, you consent to this transfer and processing.

Chion relies on the following sub-processors for infrastructure and services. Changes to this list are announced 30 days in advance.

For enterprise customers who deploy models on their own on-premise GPU infrastructure, the following applies:

• Chion provides only cloud-based orchestration capabilities and pipeline control plane services.
• No customer data, queries, or model inputs/outputs transit Chion-operated servers. All model inference occurs on the customer's own infrastructure.
• The customer retains full ownership and control of their data, model weights, and inference environment.
• Chion's security guarantees (read-only SQL, tenant isolation, credential encryption) apply to all orchestration components we operate.

We use only functional cookies necessary for authentication and session management. We do not use advertising cookies, tracking pixels, or third-party analytics scripts that collect personally identifiable information. We do not participate in cross-site tracking or ad networks.

You have the right to:

• Access — Request a copy of the data we hold about your account.
• Deletion — Delete all of your stored data at any time through the self-service data management controls in your account settings. This includes account information, session history, data source metadata, sampled values, document content, AI inference records, generated outputs, and vector embeddings. Exception: billing records (7 years, tax compliance) and email delivery records (24 months, operational) are retained and not user-deletable. You may also request deletion by contacting contact@chion.ai. We will process manual deletion requests within 7 business days.
• Export — Export your session history, generated queries, and semantic layer data at any time through the Service interface.
• Correction — Update or correct your account information through the Settings page.
• Objection — Object to specific uses of your data by contacting us. We will cease processing within 30 days unless legally required to continue.

Upon account cancellation, we retain your data for 30 days to allow for reactivation. After 30 days, all data is permanently deleted (except billing and email delivery records as noted above). You may request immediate deletion at any time, either through your account settings or by contacting contact@chion.ai.

Data controller: Dagnostics LLC dba Chion, Broward County, FL. Contact: contact@chion.ai.

Lawful basis: Art. 6(1)(b) contract performance for core service delivery; Art. 6(1)(f) legitimate interests for security logging and platform reliability; Art. 6(1)(a) consent for optional integrations (e.g., Google Drive).

• Right of access (Art. 15) — Request a copy of your personal data.
• Right to rectification (Art. 16) — Correct inaccurate data via Settings or by contacting us.
• Right to erasure (Art. 17) — Delete your data through Settings or by request.
• Right to data portability (Art. 20) — Export your data in a structured format.
• Right to object (Art. 21) — Object to processing based on legitimate interests.
• Right to lodge a complaint (Art. 77) — File a complaint with your local supervisory authority.

Chion does not currently have an EU Art. 27 representative. If we expand processing to EEA residents at scale, we will appoint one and update this section.

If you are a California resident, you have the following rights under the California Consumer Privacy Act and California Privacy Rights Act:

• Right to know — Request disclosure of the categories and specific pieces of personal information we collect.
• Right to delete (CPRA §1798.105) — Request deletion of your personal information.
• Right to correct (CPRA §1798.106) — Request correction of inaccurate personal information.
• Right to opt out of sale/sharing — Chion does not sell or share personal information as those terms are defined under CCPA/CPRA.
• Right to limit use of sensitive PI (CPRA §1798.121) — Request limits on use of sensitive personal information.
• Right to non-discrimination — We will not discriminate against you for exercising your privacy rights.

To exercise any of these rights, contact contact@chion.ai. We verify identity by matching the requesting email to the account on file.

Legal retention obligations may override the periods listed above. Billing records are held by Stripe per tax and financial recordkeeping requirements.

The Service is not directed to individuals under the age of 18. We do not knowingly collect information from minors. If we learn that we have collected data from a person under 18, we will delete it promptly.

We may update this Privacy Policy from time to time. Material changes will be communicated via email at least 30 days before taking effect. The "Last Updated" date at the top of this page reflects the most recent revision. Your continued use of the Service after changes take effect constitutes acceptance.

For questions about this Privacy Policy or to exercise your data rights, contact us at: