Privacy Policy

Last updated: June 2, 2026

Your privacy is central to how EHS Chat is built. This policy explains what data we collect, how we use it, and the protections we put in place.

1. Data We Collect

We collect only what is necessary to provide the service:

• Account information — your name, email address, and hashed password when you register.
• Conversation history — messages you send and receive within the chat, stored so you can access past conversations.
• Uploaded documents — files you choose to upload for private document analysis. These are stored on our servers and associated with your account only.
• Usage data — query counts used to enforce your plan limits. We do not build behavioral profiles or track you across other websites.

2. How We Use Your Data

Your data is used exclusively to provide and improve the EHS Chat service:

• To authenticate your account and maintain your session.
• To process your queries and return AI-generated responses.
• To store your conversation history for your own reference.
• To send transactional emails — account verification, password reset, and plan notifications.

We do not use your data for advertising, sell it to third parties, or share it with any external AI providers.

3. AI Inference and Third Parties

EHS Chat processes AI queries on our own infrastructure. Inference runs either on our servers or on dedicated GPU infrastructure rented exclusively for EHS Chat. Your prompts and documents are never sent to third-party AI companies such as OpenAI, Anthropic, or Google, and are never used to train external models.

The only third-party services we use are:

• Postmark — for transactional email delivery. Only your email address is shared, and only to send emails you have requested.
• Cloudflare Turnstile — for bot protection on registration. This is a privacy-respecting CAPTCHA that does not track users or set persistent cookies.
• Google OAuth — if you choose to sign in with Google, we receive your name, email, and profile picture from Google. We do not receive your Google password.

4. Data Storage and Security

All data is stored in a PostgreSQL database on our server. Passwords are hashed and never stored in plain text. Sessions are protected with HMAC-signed cookies. Uploaded documents are stored in an isolated directory accessible only through authenticated API requests.

We apply reasonable technical measures to protect your data, but no system is completely secure. We encourage you to use a strong, unique password for your account.

5. Data Retention

Your data is retained for as long as your account is active. If you delete your account, your personal information, conversation history, and uploaded documents will be removed from our systems. Residual copies in backups may persist for a short period before being overwritten.

6. Your Rights

Depending on your jurisdiction, you may have rights including:

• The right to access the personal data we hold about you.
• The right to correct inaccurate data.
• The right to delete your account and associated data.
• The right to data portability.

To exercise any of these rights, contact us at info@ehschat.com.

7. Cookies

EHS Chat uses a single session cookie (auth-session) to keep you logged in. This cookie is strictly necessary for the service to function and does not track you for advertising purposes. We do not use analytics cookies or third-party tracking scripts.

8. Changes to This Policy

We may update this Privacy Policy from time to time. Where changes are material, we will notify registered users by email. The date at the top of this page reflects when the policy was last updated.

Questions about this policy? Contact us at info@ehschat.com.