Back to Home

Privacy Policy

Last updated: May 12, 2025

1. Introduction and Scope

We are committed to protecting your privacy and handling your personal data in an open and transparent manner.

This Privacy Policy ("Policy") explains how Dmitry Dugarev ("we", "us", or "our") collects, uses, processes, shares, and protects your personal data when you:

  • Visit our website https://rechatra.com (the "Website");
  • Use our Google Chrome extension designed to manage and save ChatGPT chats (the "Extension");
  • Purchase our products or services;
  • Subscribe to our newsletters or other marketing communications;
  • Interact with us in any other way (e.g., by contacting customer support).

(Collectively referred to as the "Services").

This Policy also informs you about your privacy rights and how the law protects you. We encourage you to read this Policy carefully, along with any other privacy notices we may provide on specific occasions when we are collecting or processing personal data about you, so that you are fully aware of how and why we are using your data. This Policy supplements other notices and privacy policies and is not intended to override them.

2. Data Controller

The data controller responsible for your personal data is:

Dmitry Dugarev
Welserstraße 3#218
87463 Dietmannsried
Germany

Email: privacy@rechatra.com
Website: https://rechatra.com
Link to Imprint/Legal Notice: https://rechatra.com/imprint

If you have any questions about this Privacy Policy or our privacy practices, including any requests to exercise your legal rights, please contact us using the details above.

We are not currently required to appoint a statutory Data Protection Officer (DPO) under the GDPR. However, all privacy-related inquiries can be directed to the contact details above.

3. Overview of Data Processing Activities

This section provides a summary of the types of personal data we process, the categories of individuals affected (data subjects), and the main purposes of our data processing.

3.1. Types of Data We Process:

  • Identity Data: Includes first name, last name, username or similar identifier.
  • Contact Data: Includes billing address, email address, and telephone numbers.
  • Financial Data: Includes payment card details (processed by our payment processor, Stripe) and bank account information for payments.
  • Transaction Data: Includes details about payments to and from you and other details of products and services you have purchased from us.
  • Technical Data: Includes Internet Protocol (IP) address, browser type and version, time zone setting and location (country/city level from IP), browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our Website or Extension. This includes server log files.
  • Extension Usage Data:
    • Data related to the installation and activation of the Extension.
    • Interaction data within the Extension (e.g., features used, settings configured).
    • ChatGPT Content Data: If you use our Extension to convert or save your ChatGPT chats, the content of those chats is processed by the Extension. This data is primarily processed locally within your browser. We do not transmit this chat content to our servers unless you explicitly use a feature that requires such transmission (e.g., cloud sync, which will be clearly indicated).
  • Profile Data: Includes your username, purchases or orders made by you, your interests, preferences, feedback, and survey responses.
  • Usage Data: Includes information about how you use our Website, Extension, products, and services. This includes data collected via cookies and similar technologies (see our Cookie Policy for details).
  • Marketing and Communications Data: Includes your preferences in receiving marketing from us and our third parties and your communication preferences.
  • Content Data: Includes any content you generate or share through our Services, such as feedback, comments, or information provided to customer support.

3.2. Categories of Data Subjects:

  • Website Visitors: Individuals who browse our Website.
  • Extension Users: Individuals who install and use our Chrome Extension.
  • Customers: Individuals who purchase our products or services.
  • Prospective Customers: Individuals who show interest in our Services.
  • Communication Partners: Individuals who contact us or with whom we communicate.
  • Newsletter Subscribers: Individuals who subscribe to our email marketing.

3.3. Purposes of Processing:

  • Providing and managing our Website and Extension.
  • Processing and fulfilling orders for our products and services.
  • Managing payments, fees, and charges (via Stripe).
  • Managing our relationship with you (e.g., notifications, support).
  • Sending marketing communications (e.g., newsletters via Mautic), where legally permitted.
  • Improving our Website, Extension, products/services, marketing, customer relationships, and experiences (e.g., through analytics like Openpanel, Hotjar).
  • Ensuring the security and integrity of our Services and IT infrastructure (e.g., server logs by Hetzner).
  • Complying with legal obligations (e.g., tax, accounting).
  • Enabling targeted advertising and measuring its effectiveness (e.g., via Google Ads, Bing Ads, Facebook Pixel, etc. – see Cookie Policy).

4. Legal Bases for Processing Personal Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances (as per GDPR):

  • Consent (Art. 6(1)(a) GDPR): Where you have given us explicit consent to process your personal data for one or more specific purposes (e.g., for sending marketing newsletters, or for using non-essential cookies).
  • Performance of a Contract (Art. 6(1)(b) GDPR): Where processing is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract (e.g., to provide you with the services of the Chrome Extension, to process your orders and payments).
  • Legal Obligation (Art. 6(1)(c) GDPR): Where processing is necessary for compliance with a legal obligation to which we are subject (e.g., for tax purposes, financial reporting).
  • Legitimate Interests (Art. 6(1)(f) GDPR): Where processing is necessary for the purposes of our legitimate interests (or those of a third party), and your interests and fundamental rights do not override those interests.

National Data Protection Regulations in Germany: In addition to the GDPR, national data protection regulations in Germany, such as the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG) and the Digital Services Act (Digitale-Dienste-Gesetz - DDG), may apply.

Where we rely on legitimate interests, we have carried out a balancing test to ensure that our legitimate interests are not overridden by your interests or fundamental rights and freedoms. You can obtain more information about this balancing test by contacting us.

5. Security Measures

We have implemented appropriate technical and organizational security measures (TOMs) to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include:

  • Encryption (SSL/TLS for data in transit).
  • Access Controls.
  • Regular Security Assessments.
  • Data Minimization.
  • Incident Response Plan.
  • Secure Hosting (Hetzner, Germany).

While we strive to protect your personal data, please note that no method of transmission over the Internet or method of electronic storage is 100% secure.

6. Data Recipients and Disclosure of Personal Data

We do not sell your personal data. We may share your personal data with parties set out below for the purposes described in Sections 3 and 4:

  • Service Providers (Data Processors):
    • Hetzner Online GmbH (Hosting in Germany).
    • Stripe, Inc. (Payment processing).
    • Google LLC (Google SMTP, Google Analytics, Google Ads).
    • Openpanel (Self-hosted analytics).
    • Hotjar Ltd. (Analytics, with consent).
    • Mautic (Self-hosted email marketing).
    • Microsoft Advertising, Meta Platforms (Facebook), LinkedIn Corporation, X Corp. (Advertising, with consent).
  • Professional Advisors (lawyers, bankers, auditors, insurers).
  • Legal Authorities (if required by law).
  • Business Transfers (in case of merger, acquisition, etc.).

We require all third parties to respect the security of your personal data and treat it lawfully. We enter into data processing agreements (DPAs) with processors as required.

7. International Data Transfers

Your personal data is primarily processed and stored in Germany (Hetzner). However, some third-party providers (Stripe, Google, Microsoft, Meta, LinkedIn, X Corp., Hotjar) are based outside the EU/EEA or process data internationally. For such transfers, we ensure protection through mechanisms like Adequacy Decisions, Standard Contractual Clauses (SCCs), or the EU-U.S. Data Privacy Framework (DPF) where applicable and providers are certified. Contact us for more details.

8. Data Retention and Deletion

We retain personal data only as long as necessary for the purposes it was collected, including legal, tax, or reporting requirements. General guidelines:

  • Customer Account Data: Duration of account + legal retention (e.g., up to 10 years for tax/commercial law in Germany).
  • Server Log Files: Short periods (e.g., 7 days), then anonymized/deleted.
  • Marketing Data: As long as subscribed/consented + e.g., 3 years for proof. Opt-out lists kept indefinitely.
  • Data from Chrome Extension: [User Note: CRITICAL - Specify retention for data handled by your extension, especially if stored on your servers, consistent with Section 3.1.] For example: "Locally stored data is under your control. Any data synced to our servers is retained as long as your account is active or until you delete it, unless longer retention is legally required."
  • Inquiries: Until resolved + legal retention.

Data is securely deleted or anonymized thereafter.

9. Your Legal Rights as a Data Subject (GDPR)

Under the GDPR, you have the following rights:

  • Right to be Informed (Art. 13, 14).
  • Right of Access (Art. 15).
  • Right to Rectification (Art. 16).
  • Right to Erasure ('Right to be Forgotten') (Art. 17).
  • Right to Restrict Processing (Art. 18).
  • Right to Data Portability (Art. 20).
  • Right to Object (Art. 21) (especially to direct marketing).
  • Right to Withdraw Consent (Art. 7(3)).
  • Rights related to Automated Decision-Making including Profiling (Art. 22). (We do not currently engage in such).
  • Right to Lodge a Complaint (Art. 77) with a supervisory authority. For Germany, you can find authorities via the BfDI website (https://www.bfdi.bund.de/). The authority for Dmitry Dugarev if based in Hesse, Germany would be the Hessian Commissioner for Data Protection and Freedom of Information.

To exercise rights, contact us at privacy@rechatra.com. We may request identity verification. We aim to respond within one month.

10. Specific Data Processing Activities in Detail

10.1. Provision of Our Website and Web Hosting (Hetzner)

Data: Technical Data (IP, logs). Purpose: Deliver, secure, optimize Website. Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR). Recipients: Hetzner GmbH. Retention: Short log retention.

10.2. Use of Cookies and Similar Technologies

Data: Usage, Technical, Profile Data. Purpose: Functionality, analytics, personalization, ads. Legal Basis: Consent (Art. 6(1)(a) GDPR) for non-essential; Legitimate interest/necessity for essential. Details: See our Cookie Policy.

10.3. Registration, User Accounts, and Provision of the Chrome Extension

Data: Identity, Contact, Profile, Technical, Extension Usage, potentially ChatGPT Content Data. Purpose: Manage account, provide Extension services. Legal Basis: Performance of contract (Art. 6(1)(b) GDPR). ChatGPT Content Data: [User Note: Reiterate your specific handling here, consistent with Section 3.1 and 8. E.g., "As stated in Section 3.1, chat content is processed [locally/on our servers] to [provide X feature]."] Recipients: Hetzner GmbH. Retention: As per Section 8.

10.4. Payment Processing (Stripe)

Data: Identity, Contact, Financial, Transaction Data. Purpose: Process payments, fraud prevention. Legal Basis: Performance of contract (Art. 6(1)(b) GDPR); Legal obligation (Art. 6(1)(c) GDPR). Recipients: Stripe, Inc. International Transfer: Yes (USA). We do not store full card details.

10.5. Contact and Communication Management

Data: Identity, Contact, Content Data. Purpose: Respond to inquiries, support. Legal Basis: Contract/pre-contractual (Art. 6(1)(b) GDPR); Legitimate interests (Art. 6(1)(f) GDPR). Recipients: Internally, Google SMTP. Retention: Until resolved + legal requirements.

10.6. Email Marketing and Newsletters (Self-hosted Mautic, Google SMTP)

Data: Identity, Contact, Marketing/Communications Data. Purpose: Send marketing, measure effectiveness (with consent). Legal Basis: Consent (Art. 6(1)(a) GDPR); Legitimate interests (Art. 6(1)(f) GDPR) for existing customers where permitted (with opt-out). Recipients: Mautic (self-hosted), Google SMTP. International Transfer (Google SMTP): Yes (USA). Opt-out: Via unsubscribe link or contact us.

10.7. Web Analytics and Optimization (Self-hosted Openpanel; Hotjar, Google Analytics with consent)

Data: Technical, Usage, Profile Data. Purpose: Improve services, user experience. Legal Basis: Openpanel: Legitimate interests (Art. 6(1)(f) GDPR). Hotjar: Consent (Art. 6(1)(a) GDPR). Recipients: Hotjar Ltd. International Transfer: Yes. Details: See Cookie Policy.

10.8. Online Marketing and Advertising (Google Ads, Bing Ads, Facebook Pixel, LinkedIn Tag, X Pixel)

Data: Technical, Usage, Profile Data via cookies/pixels. Purpose: Targeted ads, measure campaign effectiveness, remarketing. Legal Basis: Consent (Art. 6(1)(a) GDPR). Recipients: Google, Microsoft, Meta, LinkedIn, X Corp. International Transfer: Yes (mostly USA). Details: See Cookie Policy.

11. Children's Privacy

Our Services are not intended for children under 16 (or applicable local age). We do not knowingly collect data from children under this age. If you believe we have, please contact us to delete it.

12. Changes to This Privacy Policy

We may update this Policy. Changes will be posted here with an updated "Last Updated" date. Material changes will be communicated as required by law. Please review periodically.

13. Contact Information

For questions, concerns, complaints, or to exercise your rights, please contact us:

Dmitry Dugarev
Welserstraße 3#218
87463 Dietmannsried
Germany
Email: privacy@rechatra.com

Return to Homepage

Cookie Settings

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies. Read our Cookie Policy and Privacy Policy for more information.