Privacy Policy

Last updated: April 14, 2026

Data Controller

The data controller is Nafis SRL, Belgium (BCE 0656.477.588). For any privacy-related inquiry, contact [email protected].

Data We Collect

Account data: email address, hashed password.
OAuth tokens: Microsoft and Google access/refresh tokens, stored encrypted (AES-256 via Fernet). Used solely to create and join meetings on your behalf.
Bot tokens: Discord and Telegram bot tokens you provide, stored encrypted. Used to connect your bot to meetings.
API keys: hashed and stored. The plaintext is shown once at creation and never stored.
Call metadata: call ID, platform, meeting URL, timestamps, state. Retained for billing and debugging.
Voice data: during a call, meeting audio is streamed in real-time through the meeting bridge and forwarded to your agent (raw PCM) and, if you have enabled hosted STT/TTS, to the third-party speech provider you selected (see Sub-processors). Audio is processed in-memory and not stored by Chamade after the call ends. The audio that reaches a speech provider is governed by that provider's own privacy policy and your own account/agreement with them (BYOK model).
Provider API keys (BYOK): speech-provider API keys you paste in the dashboard (e.g. ElevenLabs, Deepgram) are stored encrypted (AES-256 via Fernet) and used solely to run the STT/TTS pipeline on your behalf. Keys are never returned by the API and are deleted when you delete the preset or your account.
Transcriptions: kept in-memory during the call for real-time delivery to your agent. Not persisted to disk after the call ends.
Payment data: processed entirely by Stripe. We store your Stripe customer ID and subscription status, but never your card details.
SIP data: phone numbers (DID), caller IDs, call metadata for SIP calls.

Legal Basis

Contract performance (Art. 6(1)(b) GDPR): processing your account data, OAuth tokens, and call data is necessary to provide the service.
Legitimate interest (Art. 6(1)(f) GDPR): call metadata for debugging, usage tracking for billing.

Sub-processors

Chamade relies on the following third-party services to operate the gateway itself:

Hetzner Online GmbH (Germany) — server hosting. Data processed within the EU.
Postmark (ActiveCampaign LLC, USA) — transactional email (email verification, password reset, account notifications). Transfer to the US is covered by Standard Contractual Clauses (SCCs).
Stripe Payments Europe, Ltd. (Ireland, with affiliates in the USA) — payment processing. Currently unused during Early Access; will apply once paid plans are introduced. Subject to Stripe's own privacy policy and SCCs.

Third-party speech providers (BYOK). Hosted STT/TTS, when you enable it, runs on a speech provider that you choose and to whom you directly subscribe by pasting their API key in the dashboard — for example ElevenLabs, Deepgram, OpenAI, Cartesia. In this configuration Chamade acts as a technical conduit: audio is forwarded from the meeting to the provider's endpoint using your key, and transcripts/synthesized audio flow back. The provider is engaged under your agreement with them and is not a Chamade sub-processor. If you do not enable hosted STT/TTS (BYO-audio mode), no audio is sent to any speech provider from Chamade's side.

Third-party AI providers (inline agents, BYOK). You can optionally have Chamade run your agent for you: when you attach an LLM provider to an agent in the dashboard, Chamade forwards the content that agent needs to act on — incoming chat and DM messages, and, on voice calls with hosted STT, the transcript — to that provider's API, using the credentials or connection you supplied, in order to obtain the agent's replies. The provider is one you choose and contract with directly — for example OpenAI, Anthropic, Google (Gemini/Vertex), AWS (Bedrock), Microsoft (Azure/Foundry), or Mistral; it is engaged under your own account and agreement and is not a Chamade sub-processor. Content sent is governed by that provider's privacy policy. If instead you drive the agent from your own runtime (REST API or MCP), Chamade sends no content to any LLM provider — it relays messages to your endpoint only.

Destination platforms. When you connect a platform (Microsoft Teams, Google Meet, Zoom, Discord, Slack, Nextcloud Talk, Telegram, WhatsApp, SIP) Chamade transmits meeting audio and chat to that platform on your behalf. Those platforms are controlled by you (through your own account and their terms) and are not Chamade sub-processors.

Data Retention

Account data: retained as long as your account is active. Deleted within 30 days of account deletion.
OAuth tokens: deleted when you disconnect the platform or delete your account.
Call data: metadata retained for up to 12 months for billing purposes, then deleted.
Audio and transcriptions: not persisted. Processed in real-time only.

Your Rights

Under GDPR, you have the right to:

Access your personal data.
Rectify inaccurate data.
Delete your account and associated data.
Port your data in a machine-readable format.
Object to processing based on legitimate interest.
Lodge a complaint with the Belgian Data Protection Authority (APD/GBA): www.dataprotectionauthority.be.

How to Delete Your Data

You can delete your account and all associated data at any time:

Log in to your Chamade dashboard → Account.
Click Delete account, confirm, and re-enter your password.

This permanently removes your account, OAuth tokens, bot tokens, API keys, call history, conversations, and any SIP numbers. The deletion is immediate and irreversible.

If you cannot access your account, you can request deletion by emailing [email protected] from the email address associated with your account. We will process the request within 30 days.

Security

We implement appropriate technical measures: encrypted token storage (Fernet/AES-256), hashed passwords (PBKDF2), HTTPS everywhere, and regular security reviews. Sensitive data (OAuth tokens, bot tokens) is encrypted at rest with a server-side key.

Cookies

Chamade uses two strictly necessary first-party cookies, both set only after you log in:

chamade_session — an HttpOnly, Secure, SameSite=Lax cookie containing a random session identifier. Used to authenticate you on the dashboard and API.
chamade_logged_in — a non-HttpOnly companion flag (value "1") that lets the front-end render the correct header navigation (logged-in vs. logged-out) without having to make an authenticated API call on every page load. It carries no personal data and no session identifier.

Both cookies are set when you log in and deleted when you log out. They are not used for analytics, advertising, or cross-site tracking.

We do not use any third-party cookies, analytics scripts, or tracking pixels.

This privacy policy is governed by Belgian law. For questions, contact [email protected]. See also our Terms of Service.