PRIVACY POLICY

1. Introduction

This Privacy Policy describes how Armchats Inc., a Delaware corporation ("Armchats," "we," "us," or "our"), and its affiliated entities, including Armchats Armenia LLC, collect, use, disclose, and protect your personal information when you use the Armchats platform (the "Platform").

We process your personal data in accordance with applicable data protection laws, including the European Union General Data Protection Regulation ("GDPR"), the Law of the Republic of Armenia on Protection of Personal Data (2015), the California Consumer Privacy Act ("CCPA"), the California Privacy Rights Act ("CPRA"), the Virginia Consumer Data Protection Act ("VCDPA"), the Colorado Privacy Act ("CPA"), and other applicable privacy laws.

2. Data Controller Information

2.1 Data Controllers

For Platform operations, intellectual property, and general data processing: Armchats Inc. 131 Continental Dr, Suite 305, Newark, DE 19713 US Email: support@armchats.com

For local operations in Armenia: Armchats Armenia LLC Buzand 87, 82, Yerevan, Armenia

2.2 Data Protection Officer

For GDPR-related inquiries and inquiries under the Armenian Law on Protection of Personal Data, you may contact our Data Protection Officer at: Email: support@armchats.com

3. Information We Collect

3.1 Information You Provide

Account Information:

• Email address
• Name (if provided)
• Date of birth (required for age verification)
• Account credentials

Chat and Interaction Data:

• Chat messages and queries
• Selected paths and interactions
• Clicks, saves, and discovery actions

Location Data:

• Explicitly provided location
• Inferred location (when permitted)
• Used only for discovery relevance

For Business Users (additional):

• Business owner identity and contact details
• Legal and verification documents (licenses, IDs, registration numbers)
• Public business content (logos, photos, descriptions)
• Operational data (branches, services, specialists)
• Subscription and billing metadata

3.2 Information Collected Automatically

Technical Data:

• IP address
• Device and browser metadata
• Session identifiers

Usage Data:

• Pages visited and features used
• Time spent on the Platform
• Referring URLs
• Error logs

Cookies and Similar Technologies:

• Session cookies
• Analytics cookies
• Functionality cookies

3.3 Information We Do NOT Collect

Armchats does not directly collect or store:

• Payment card numbers, CVVs, or bank account details (payment information is processed exclusively by Stripe; see Section 6.2)
• Sensitive health records
• Support chat message content (customer support is handled via Telegram; only ticket metadata is stored by Armchats)

We do collect and transmit to Stripe certain Business User data (email, name, metadata) for the purpose of payment processing, as described in Section 6.2.

4. How We Use Your Information

We use your information for the following purposes:

4.1 Service Provision

• Operating and maintaining the Platform
• Providing service discovery and matching
• Processing and responding to your queries
• Maintaining conversation continuity
• Delivering transactional emails (verification, password reset, account management)

4.2 Platform Improvement

• Improving relevance of search results
• Developing new features
• Analyzing usage patterns

4.3 Business Operations

• Verifying Business Users
• Moderating and publishing content
• Enforcing subscription rules and limits
• Processing payments and managing subscriptions (via Stripe)
• Providing analytics to Business Users

4.4 Safety, Security, and Age Verification

• Detecting fraud or abuse
• Protecting against unauthorized access
• Enforcing our Terms of Use
• Verifying user age eligibility
• Implementing age-restriction safeguards

4.5 Legal Compliance

• Complying with legal obligations, including Armenian data protection law and GDPR
• Responding to lawful requests from authorities
• Establishing, exercising, or defending legal claims

4.6 Communications

• Sending service-related notifications
• Responding to inquiries
• Providing customer support

5. Legal Bases for Processing (GDPR and Armenian Law)

• If you are located in the European Economic Area, United Kingdom, Switzerland, or the Republic of Armenia, we process your personal data based on the following legal grounds:

• Legitimate Interests: Our legitimate interests include operating and improving the Platform, ensuring security, preventing fraud, and enforcing age restrictions. We balance these interests against your rights and freedoms.

• Minor Users (under 16): In accordance with Article 9(9) of the Armenian Law on Protection of Personal Data and Article 8 of the GDPR, processing of personal data of users under 16 is based on consent provided by the user's parent or legal guardian.

6. Data Sharing and Disclosure

6.1 We Do Not Sell Personal Data

Armchats does not sell personal data and does not use business data for unrelated purposes.

6.2 Third-Party Service Providers

We share data with the following third-party service providers who assist in operating the Platform:

Each third-party service provider processes data only for the purposes described above and is subject to contractual obligations regarding data protection.

6.3 Business Users

When you interact with a Business User's listing or initiate contact, relevant information may be shared with that Business User to facilitate the connection.

6.4 Legal Requirements

We may disclose your information:

• To comply with applicable laws or legal processes
• To respond to lawful requests from public authorities
• To protect our rights, privacy, safety, or property
• In connection with a merger, acquisition, or sale of assets

6.5 With Your Consent

We may share your information for other purposes with your explicit consent.

7. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States and Armenia.

7.1 Transfer Mechanisms

For transfers from the EEA, UK, or Switzerland, we rely on:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions where applicable
• Other lawful transfer mechanisms

7.2 Safeguards

We implement appropriate safeguards to protect your data during international transfers, including encryption and contractual protections with all third-party service providers listed in Section 6.2.

8. Data Retention

8.1 General Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.

8.2 Account Deletion

Consumer Users:

• Upon deletion request, data is retained for one (1) month
• Reactivation is possible during this period
• After one month, data is permanently deleted

Business Users:

• Upon deletion request, data is retained for three (3) months
• Reactivation is possible during this period
• After three months, data is permanently deleted or anonymized

8.3 Chat Data

Chat messages are stored to preserve user context and maintain conversation continuity. Messages are immutable and append-only. Chat data shared with Google Gemini for AI processing is governed by Google's data processing terms.

8.4 Extended Retention

We may retain certain data for longer periods:

• To comply with legal obligations
• To resolve disputes
• To enforce our agreements
• For legitimate business purposes (in anonymized form)

9. Your Privacy Rights

• 9.1 Rights Under GDPR (EEA, UK, Switzerland)
• If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights:
• Right of Access: You may request a copy of the personal data we hold about you.
• Right to Rectification: You may request correction of inaccurate or incomplete data.
• Right to Erasure: You may request deletion of your personal data in certain circumstances.
• Right to Restriction: You may request restriction of processing in certain circumstances.
• Right to Data Portability: You may request your data in a structured, machine-readable format.
• Right to Object: You may object to processing based on legitimate interests or for direct marketing.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time.
• Right to Lodge a Complaint: You may lodge a complaint with a supervisory authority.

9.2 Rights Under Armenian Data Protection Law

If you are located in the Republic of Armenia, you have the right to:

• Receive information about the processing of your personal data
• Request access to your personal data
• Request correction or deletion of your personal data
• Object to the processing of your personal data
• Withdraw consent at any time
• Lodge a complaint with the Personal Data Protection Agency of the Republic of Armenia

Parents and legal guardians of Minor Users under 16 may exercise these rights on behalf of their child.

9.3 Rights Under US State Privacy Laws

California Residents (CCPA/CPRA):

• Right to know what personal information is collected
• Right to know whether personal information is sold or disclosed
• Right to say no to the sale of personal information
• Right to delete personal information
• Right to correct inaccurate personal information
• Right to limit use of sensitive personal information
• Right to non-discrimination for exercising rights

Virginia, Colorado, Connecticut, Utah Residents:

• Right to access personal data
• Right to correct inaccuracies
• Right to delete personal data
• Right to data portability
• Right to opt out of targeted advertising, sale of data, and profiling

9.4 Exercising Your Rights

To exercise any of these rights, please contact us at: Email: support@armchats.com

We will respond to your request within the timeframes required by applicable law (generally 30 days under GDPR and Armenian law, 45 days under CCPA/CPRA).

9.5 Verification

We may need to verify your identity before processing your request. We will not discriminate against you for exercising your privacy rights.

10. Children's and Minor Users' Privacy

10.1 Minimum Age

The Platform does not knowingly collect personal data from anyone under the age of fourteen (14). If we learn that we have collected personal data from a child under 14, we will delete that data promptly.

10.2 Minor Users (Ages 14 to 17)

For Minor Users aged 14 to 17:

• We collect only the data necessary to provide the Platform services available to their age tier
• Date of birth is collected at registration to determine age tier eligibility
• Age-Restricted Service data is not collected from or presented to Minor Users
• AI interactions by Minor Users are filtered to exclude age-restricted content

10.3 Parental Consent (Ages 14 to 15)

For users between 14 and 15 years of age, we require verifiable parental or legal guardian consent before collecting and processing personal information, in accordance with Article 9(9) of the Armenian Law on Protection of Personal Data and COPPA (for US users). Parents or guardians may:

• Review their child's personal information
• Request deletion of their child's information
• Refuse further collection or use of their child's information
• Withdraw consent, resulting in account suspension

10.4 Users Age 16 to 17

Users aged 16 and 17 may consent to the processing of their personal data without separate parental consent, in accordance with the Armenian Law on Protection of Personal Data. Their accounts remain subject to Age-Restricted Services restrictions as described in the Terms of Use.

10.5 COPPA Compliance (United States)

We comply with the Children's Online Privacy Protection Act (COPPA). We do not knowingly collect personal information from children under 13. For users aged 13 to 15 in the United States, we obtain verifiable parental consent.

10.6 GDPR Age of Consent (European Union)

In EU member states where the digital age of consent is 16, we require parental consent for users under 16. In member states that have set a lower age (minimum 13 under GDPR Article 8(1)), we comply with that jurisdiction's requirements.

10.7 Contact for Parents

Parents or guardians with questions about our children's and minors' privacy practices may contact us at: Email: support@armchats.com

11. Cookies and Tracking Technologies

11.1 Types of Cookies We Use

Strictly Necessary Cookies: Required for the Platform to function. Cannot be disabled.

Analytics Cookies: Help us understand how users interact with the Platform (Google Analytics, Logrocket).

Functionality Cookies: Remember your preferences and settings.

11.2 Managing Cookies

You can manage cookie preferences through:

• Your browser settings
• Our cookie consent mechanism (where applicable)
• Opt-out tools provided by analytics providers

11.3 Do Not Track

We currently do not respond to "Do Not Track" browser signals. However, you may opt out of certain tracking as described above.

12. Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit and at rest

• Access controls and authentication

• Regular security assessments

• Employee training on data protection

• Secure credential management (1Password)

• CDN and proxy-level security (Cloudflare)

No method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

13. Third-Party Links

The Platform may contain links to third-party websites or services. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party sites you visit.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on the Platform
• Updating the "Last Updated" date
• Sending email notification for significant changes

Your continued use of the Platform after changes constitutes acceptance of the updated Privacy Policy. For Minor Users under 16, material changes may require renewed parental consent.

15. Contact Us

For questions, concerns, or requests regarding this Privacy Policy:

General Privacy Inquiries: Armchats Inc.131 Continental Dr, Suite 305, Newark, DE 19713 US Email:support@armchats.com

Local Privacy Inquiries (Armenia): Armchats Armenia LLC Buzand 87, 82, Yerevan, Armenia

Data Protection Officer (GDPR and Armenian Data Protection Law): Email: support@armchats.com

California Privacy Requests: Email: support@armchats.com