EU Lock Emblemtjata.eu

Privacy Policy

Last Updated: October 10, 2025

Tjata.eu ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how your personal information is collected, used, and disclosed by Tjata.eu. We comply with the General Data Protection Regulation (GDPR) and other applicable European data protection laws.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Email address - For account identification and communication
  • Name - Optional, for personalization
  • Authentication credentials - Password hash (for email/password accounts) or OAuth provider ID (for GitHub, Google, Apple login)
  • Account creation date - For service provision and analytics

1.2 Marketing Attribution Data

When you sign up through a marketing campaign link, we may collect:

  • UTM parameters - Campaign source, medium, campaign name, content identifier, and keywords from your signup URL
  • Referrer URL - The website you came from (e.g., Reddit, Product Hunt)
  • Landing page - The first page you visited on our site

Purpose: This data helps us measure the effectiveness of our marketing campaigns and understand which channels bring users to our service. We use this information solely for internal analytics and do not share it with third parties.

Example: If you click a link from our Reddit post ( https://tjata.eu/?utm_source=reddit&utm_medium=social&utm_campaign=launch_week ), we store "reddit" as the source, "social" as the medium, and "launch_week" as the campaign.

1.3 Usage Information

We collect information about your use of our services:

  • Chat conversations - Messages you send and AI-generated responses
  • Generated images - Images created using our AI image generation features
  • Projects and organization - How you organize your chats and projects
  • AI model preferences - Your selected AI provider (Mistral, OpenAI, etc.)

1.4 Analytics and Technical Information

We use privacy-friendly analytics (Plausible Analytics, GDPR-compliant) to collect:

  • Pageviews - Which pages you visit (anonymous, no cookies)
  • Usage events - Anonymous counts of signups, messages sent, images generated
  • Browser and device type - Aggregated statistics only
  • Geographic location - Country level only (from IP address, not stored)

Important: Our analytics do not use cookies, do not track you across websites, and do not collect personal identifiers. We use Plausible Analytics, a privacy-focused, EU-hosted analytics service that complies with GDPR, CCPA, and PECR.

2. How We Use Your Information

2.1 Service Provision

We use your information to:

  • Create and manage your account
  • Process your AI chat requests and image generation
  • Save and organize your conversations and projects
  • Communicate with you about service updates or issues
  • Provide customer support

2.2 Marketing and Analytics

We use marketing attribution data to:

  • Measure the effectiveness of our marketing campaigns
  • Understand which channels (Reddit, Product Hunt, etc.) bring users to our service
  • Calculate conversion rates and return on marketing investment
  • Optimize our marketing strategy and budget allocation

Legal basis (GDPR Art. 6(1)): Legitimate interests - We have a legitimate interest in understanding how users find our service to improve our marketing efforts. This data is collected only after you create an account (implicit consent) and can be deleted at any time by deleting your account.

2.3 Service Improvement

We use anonymous, aggregated analytics to:

  • Identify and fix bugs or technical issues
  • Understand which features are most popular
  • Improve the user experience and interface
  • Plan new features based on usage patterns

3. Data Storage and Security

3.1 EU Data Residency

All your data is stored on secure servers located within the European Union. We do not transfer your personal data outside the EU/EEA. Our infrastructure complies with GDPR requirements for data protection and security.

3.2 Security Measures

We implement industry-standard security measures:

  • Encryption in transit - All data transmitted over HTTPS/TLS
  • Encryption at rest - Database and file storage encrypted
  • Password hashing - Passwords stored using bcrypt (irreversible)
  • Session security - Secure, HttpOnly cookies with 24-hour expiration
  • Content Security Policy - Protection against XSS attacks
  • CSRF protection - Token-based validation for all actions
  • Regular security audits - Automated dependency scanning and manual reviews

3.3 Access Control

Only you can access your account data. We do not share your conversations, images, or personal information with third parties, except as required by law.

4. Data Retention and Deletion

4.1 Active Accounts

We retain your account data for as long as your account is active and you continue to use our service. This includes:

  • Account information (email, name, authentication)
  • Chat history and generated images
  • Marketing attribution data (UTM parameters, referrer)
  • Usage preferences and settings

4.2 Account Deletion - Your Right to be Forgotten

When you delete your account, all personal data is permanently deleted within 24 hours. This includes:

  • ✓ Account information (email, name, password)
  • ✓ All chat conversations and messages
  • ✓ All generated images and attachments
  • ✓ All projects and organizational data
  • ✓ Marketing attribution data (UTM parameters, referrer, landing page)
  • ✓ Authentication tokens and session data

What is NOT deleted:

  • Anonymous usage statistics (e.g., "100 signups this month") - These aggregate counts cannot be linked back to you after deletion and are kept for business analytics
  • Anonymized pageview data collected before account creation - Our analytics (Plausible) does not store user IDs, so this data cannot be attributed to you

How to delete your account:

  1. Log in to your account
  2. Go to Settings → Account
  3. Click "Delete Account"
  4. Confirm deletion

⚠️ Important: Account deletion is permanent and cannot be undone. All your data will be irrecoverably deleted. We recommend exporting your data before deletion if you want to keep a copy.

4.3 Data Export

You can export all your personal data at any time:

  • Settings → Account → Export My Data
  • Exports include: account info, chat history, attribution data, usage preferences
  • Format: JSON (machine-readable)

5. Third-Party Services

5.1 AI Providers

We use third-party AI services to process your chat requests and generate images:

  • Mistral AI (EU-based, GDPR-compliant) - Default AI provider
  • OpenAI (US-based) - Optional, user-selected
  • Replicate (US-based) - For image generation

When you send a message or generate an image, your prompt is sent to the selected AI provider. These providers may process your data in their own data centers. We recommend reviewing their privacy policies:

5.2 Analytics

We use Plausible Analytics , a privacy-focused, GDPR-compliant analytics service:

  • Self-hosted on our EU servers
  • No cookies or persistent identifiers
  • No cross-site or cross-device tracking
  • No personal data collection
  • 100% GDPR, CCPA, and PECR compliant

Learn more: plausible.io/privacy-focused-web-analytics

5.3 Authentication Providers

If you sign up using GitHub, Google, or Apple, we receive basic profile information from these providers (email, name, profile picture). We do not have access to your password or other account details. Review their privacy policies:

6. Your Rights Under GDPR

As a European user, you have the following rights:

6.1 Right to Access (Art. 15)

You can access all your personal data at any time through your account settings or by requesting a data export.

6.2 Right to Rectification (Art. 16)

You can update your account information (name, email, preferences) in Settings.

6.3 Right to Erasure / "Right to be Forgotten" (Art. 17)

You can delete your account at any time. All personal data will be permanently deleted within 24 hours (see Section 4.2 above).

6.4 Right to Data Portability (Art. 20)

You can export your data in JSON format from Settings → Export My Data.

6.5 Right to Object (Art. 21)

You can object to processing of your data for marketing purposes. We only use marketing attribution data for internal analytics, but you can delete your account to remove this data.

6.6 Right to Withdraw Consent (Art. 7(3))

You can withdraw consent at any time by deleting your account or contacting us.

6.7 Right to Lodge a Complaint

If you believe we are not complying with GDPR, you can lodge a complaint with your local data protection authority. For EU users, find your authority here: EDPB Member Authorities

7. Cookies and Tracking

7.1 Essential Cookies Only

We use only one essential cookie for authentication:

  • nuxt-session - Secure, HttpOnly session cookie (expires after 24 hours)
  • Purpose: Keep you logged in and maintain your session
  • GDPR basis: Necessary for service provision (Art. 6(1)(b))

7.2 No Tracking Cookies

We do NOT use:

  • ❌ Advertising cookies
  • ❌ Third-party tracking cookies
  • ❌ Social media tracking pixels
  • ❌ Cross-site tracking
  • ❌ Fingerprinting

8. Children's Privacy

Our service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us and we will delete it immediately.

9. International Data Transfers

We do not transfer your personal data outside the EU/EEA. All data is stored on servers within the European Union. If you access our service from outside the EU, your data will still be processed and stored within the EU.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Updating the "Last Updated" date at the top of this policy
  • Sending an email to your registered email address
  • Displaying a notice on our website

Your continued use of our service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or want to exercise your GDPR rights, please contact us:

Data Controller:
Tjata.eu
Medevigatan 5
S-113 61 Stockholm. Sweden
[Company Registration Number]
European Union

Summary (TL;DR)

Your privacy in simple terms:

  • ✓ All data stored in the EU (GDPR-compliant)
  • ✓ No cookies except for login (no tracking)
  • ✓ Privacy-friendly analytics (no personal data)
  • ✓ Delete your account anytime - all data deleted within 24 hours
  • ✓ Export your data anytime (JSON format)
  • ✓ We don't sell or share your data with advertisers
  • ✓ We track marketing campaigns (UTM parameters) to improve our service
  • ✓ All security best practices: encryption, HTTPS, CSRF protection, CSP
EU Lock Emblemtjata.eu

EU-Compliant AI Chat Platform
Private, secure, and built for Europeans.

Legal & Privacy

Platform

EU Compliance

🇪🇺GDPR Compliant
🔒EU Data Protection
🇸🇪Sweden AI Available

© 2024-2025 tjata.eu. All rights reserved.

Built with privacy and European values in mind.

🍪

Cookie Preferences

We use essential cookies to make our site work and analytics cookies to understand how you interact with our website. We respect your privacy and comply with EU data protection regulations.

Essential Cookies: Required for authentication, session management, and core functionality.
Analytics: Help us improve your experience (optional).
Privacy PolicyCookie Policy