Demos
Purchase Theme $19
Ready to use Demos

Here are example of predefined demo sites
that can be imported within one click.

Demo 1
Demo 2
Demo 3
Demo 4
Demo 5
Demo 1
Demo 2
Demo 3
Demo 4
Demo 5

Built for Trust

Privacy-first. Ethically governed. Sustainably powered.

ChatBar AI Trust Centre

Last Updated: January 2026

Privacy-First by Design

ChatBar AI is built on a foundation of privacy protection. Unlike traditional chatbot platforms, we process only anonymous conversation data with zero personal identifiable information (PII). Your end users’ privacy is protected by default, not by policy.

“At ChatBar AI, we believe that earning trust is a key part of business. That’s why we’ve built privacy, ethics, and sustainability into our core – not as compliance obligations, but as differentiators. We want our business clients to be able to offer their customers an AI experience that adds tremendous value to what their people already do, while being transparent and ethical.”

– C. Mistry, CCO, ChatBar AI

What This Means for You

When you deploy ChatBar AI on your website, the conversations are processed anonymously. We do not collect names, email addresses, IP addresses, or any other personal identifiers from end users interacting with your chatbot. This privacy-first architecture means:

  • Simplified compliance – Reduced GDPR obligations for anonymous data
  • Enhanced privacy – Your users’ conversations remain truly private
  • Faster deployment – Less legal review required
  • Lower risk – Minimal personal data exposure

Our Service Providers

To deliver ChatBar AI’s services, we engage a carefully selected group of trusted service providers. Because we process only anonymous conversation data, our list of subprocessors is significantly smaller than typical chatbot platforms.

Infrastructure & Hosting

ChatBar AI operates multi-region infrastructure to provide optimal performance, data residency options, and redundancy:

European Union

Locations: Helsinki (Finland), Strasbourg (France), Frankfurt (Germany)
Data Processed: Anonymous conversation data, customer account information
Security: ISO 27001, SOC 2 Type II, TÜV Rheinland audits (Helsinki), GDPR compliant
Sustainability: Up to 68% carbon-free energy (Frankfurt region)

Asia-Pacific

Location: Singapore
Data Processed: Customer account information, anonymous conversation data
Security: ISO 27001, ISO 27017, ISO 27018, SOC 2 Type II, GDPR-compliant

United States

Location: United States
Data Processed: Anonymous conversation data
Security: SSAE 18 certified facilities, Standard Contractual Clauses for EU data transfers

For detailed provider information, see our Subprocessors page.

Payment Processing

Stripe, Inc.
Service: Payment processing and subscription management
Location: United States (with EU data residency options)
Data Processed: Customer billing information (names, email addresses, payment card details – tokenized)
Security & Compliance:

  • PCI DSS Level 1 Service Provider – The highest level of certification in the payments industry
  • SOC 1, SOC 2, and SOC 3 Type II – Independently audited controls over security, availability, and confidentiality
  • ISO 27001 certified – International standard for information security management
  • GDPR compliant – Standard Contractual Clauses and EU-U.S. Data Privacy Framework certified
  • TLS 1.2+ encryption – All data encrypted in transit using industry-leading protocols
  • Tokenization – Payment card data is tokenized; ChatBar never stores raw card numbers
  • Multi-factor authentication – Advanced security features including hardware security keys and passkeys

Why Stripe?
Stripe is trusted by millions of businesses worldwide, from startups to Fortune 500 companies. As a PCI-certified Level 1 Service Provider, Stripe maintains the most stringent security standards in the payments industry. Their infrastructure is continuously monitored, regularly penetration-tested by third-party security firms, and designed to meet the rigorous requirements of global financial institutions.

ChatBar AI customers benefit from Stripe’s enterprise-grade security without needing to build or maintain payment infrastructure themselves. All payment data is encrypted, tokenized, and processed through Stripe’s certified systems, ensuring your billing information remains secure.

Data Processing Standards

All service providers are contractually required to maintain:

  • Industry-leading security certifications (SOC 2, ISO 27001, TÜV Rheinland, or equivalent)
  • GDPR compliance for processing EU customer data
  • Data Processing Agreements with ChatBar AI
  • Encryption of data in transit (TLS 1.2/1.3) and application-level encryption for sensitive data at rest
  • Regular security audits by independent third parties
  • Incident response procedures with defined notification timelines

What We Don’t Collect

ChatBar AI’s privacy-first architecture means we do not collect or process:

  • End user names or email addresses (unless you explicitly configure collection)
  • IP addresses of chatbot users
  • Device fingerprints or tracking identifiers
  • Location data or geolocation information
  • Browsing history or cross-site tracking data

Anonymous conversation data only. This means the conversations processed through ChatBar AI cannot be linked back to identifiable individuals, providing genuine privacy protection for your end users.

Customer Account Data

While conversation data is anonymous, ChatBar AI does process personal data for customer accounts (the businesses using ChatBar AI):

What we collect from customers:

  • Account registration information (business name, contact email)
  • Login credentials (encrypted)
  • Billing information (processed securely through Stripe)
  • Support communications (if you contact our support team)

How we protect it:

  • Encrypted storage (AES-256)
  • Secure transmission (TLS 1.2/1.3)
  • Access controls and authentication
  • Regular security audits
  • GDPR-compliant processing

Data Residency & International Transfers

European Union Customers

Customer account data for EU-based accounts can be stored and processed in EU regions (Frankfurt, Germany or other EU locations). Anonymous conversation data may be processed on dedicated servers in Helsinki (Finland), Strasbourg (France), or Frankfurt (Germany) for optimal performance.

EU Data Sovereignty: All our EU infrastructure providers operate within the European Union, ensuring full GDPR compliance and eliminating the complexities of international data transfers for EU customers.

Data Transfer Safeguards

When customer account data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards:

  • Standard Contractual Clauses (SCCs) – European Commission approved 2021 SCCs with all non-EU service providers
  • Encryption – All data encrypted in transit (TLS 1.2/1.3) and at rest
  • EU-U.S. Data Privacy Framework – Stripe is certified under the EU-U.S. DPF
  • Access controls – Strict limitations on who can access customer data

Security Measures

Infrastructure Security

  • Encryption in transit – TLS 1.2/1.3 for all network communications
  • Encryption at rest – Application-level encryption for sensitive customer data; AES-256 for cloud-hosted data
  • Network security – Firewalls, intrusion detection, and DDoS protection
  • Access controls – Multi-factor authentication and role-based access
  • Monitoring – 24/7 security monitoring and logging
  • Backups – Regular encrypted backups with geographic redundancy
  • Independent audits – Annual security audits by TÜV Rheinland (Helsinki) and other certification bodies

Application Security

  • Secure development – Security-focused development lifecycle
  • Code reviews – Regular security code reviews
  • Vulnerability scanning – Automated and manual security testing
  • Penetration testing – Regular third-party security assessments
  • Dependency management – Continuous monitoring of third-party libraries
  • Incident response – Documented procedures for security incidents

Operational Security

  • Employee training – Regular security awareness training
  • Background checks – Verification for employees with data access
  • Least privilege – Minimal access rights based on job function
  • Audit logging – Comprehensive logs of system access and changes
  • Change management – Controlled deployment processes
  • Disaster recovery – Tested backup and recovery procedures

Compliance & Certifications

GDPR Compliance

ChatBar AI complies with the General Data Protection Regulation (GDPR) for customer account data processing. Our privacy-first architecture means that anonymous conversation data falls outside GDPR scope, as it does not relate to identified or identifiable individuals (GDPR Recital 26).

For customer account data, we provide:

  • Lawful basis for processing (contract performance, legitimate interests)
  • Data Processing Agreement (DPA) available upon request
  • Data subject rights support (access, rectification, erasure, portability)
  • Breach notification procedures (within 72 hours when required)
  • Privacy by design and by default

Service Provider Certifications

Our infrastructure and payment providers maintain industry-leading certifications:

  • PCI DSS Level 1 – Highest payment security standard
  • SOC 2 Type II – Security, availability, and confidentiality controls
  • ISO 27001 – Information security management systems
  • ISO 27017 – Cloud security controls
  • ISO 27018 – Cloud privacy controls
  • TÜV Rheinland Security Audits – Annual independent assessments (Helsinki infrastructure)
  • ISO 50001 – Energy management systems (Frankfurt region)

Updates & Notifications

We review our service provider list quarterly and notify customers of material changes at least 30 days in advance via email to account administrators.

Material changes include:

  • Adding a new service provider category
  • Changing primary infrastructure providers
  • Removing data protection safeguards

Minor updates (contact information changes, redundant providers in same category) are updated on this page within 5 business days.

Subscribe to updates: You can request email notifications for any changes to this Trust Centre by contacting privacy@chatbar-ai.com

Your Rights & Controls

Customer Control

As a ChatBar AI customer, you can:

  • Access your data – Request copies of your account information
  • Correct your data – Update inaccurate account details via Dashboard
  • Delete your data – Request account deletion (processed within 30 days)
  • Export your data – Download your anonymous conversation logs
  • Object to processing – Opt out of certain data processing activities
  • Data portability – Receive your data in machine-readable format

End User Privacy

Because ChatBar AI processes only anonymous conversation data by default, end users interacting with your chatbot benefit from privacy protection without needing to exercise data subject rights. There is no personal data to access, correct, or delete.

If you configure ChatBar AI to collect personal information (such as email addresses for lead generation), you are responsible for:

  • Obtaining appropriate consent from end users
  • Providing privacy notices
  • Honoring data subject rights requests
  • Complying with applicable privacy laws

Security Incidents

Our Commitment

In the unlikely event of a security incident affecting customer data, ChatBar AI will:

  1. Investigate immediately – Security team responds within 1 hour of detection
  2. Contain the incident – Take immediate action to prevent further exposure
  3. Notify affected customers – Within 72 hours if required by law, sooner when possible
  4. Provide details – Nature of incident, affected data, remediation steps
  5. Prevent recurrence – Implement measures to prevent similar incidents

Reporting Security Issues

If you discover a security vulnerability in ChatBar AI, please report it responsibly:

Email: security@chatbar-ai.com
Response time: We aim to acknowledge security reports within 24 hours

We appreciate responsible disclosure and will work with security researchers to address verified vulnerabilities promptly.

Transparency & Audits

Customer Audit Rights

Enterprise customers may request:

  • Service provider certifications – SOC 2, ISO 27001, TÜV Rheinland reports (under NDA)
  • Security questionnaires – Detailed responses to security assessments
  • DPA execution – Signed Data Processing Agreement
  • Subprocessor details – See our Subprocessors page

To request: Contact privacy@chatbar-ai.com with at least 30 days notice.

Independent Audits

Our service providers undergo regular independent audits:

  • Annual SOC 2 Type II audits – Security, availability, and confidentiality controls
  • Annual ISO 27001 certification audits – Information security management systems
  • Annual TÜV Rheinland security audits – Independent assessments (Helsinki infrastructure)
  • Quarterly PCI DSS assessments – Payment security compliance

Contact & Support

Data Protection Officer

For privacy questions, data subject rights requests, or compliance inquiries:

Email: privacy@chatbar-ai.com
Response time: 5 business days for general inquiries, 30 days for complex requests

Security Team

For security incidents, vulnerability reports, or urgent security matters:

Email: security@chatbar-ai.com
Response time: 24 hours for security reports, 1 hour for critical incidents

General Support

For product support, billing questions, or general assistance:

Email: support@chatbar-ai.com
Dashboard: Submit tickets via ChatBar AI Dashboard
Response time: 24 hours for standard support, 4 hours for priority customers

Additional Resources

Document Version: 2.0
Last Updated: January 2026
Next Review: April 2026

This Trust Centre provides transparency about ChatBar AI’s data processing practices and service providers. For binding contractual terms, please refer to your executed agreement with ChatBar AI Pte Ltd.