DentroChat
← Back to home

Privacy Policy

Last updated: 6 March 2026

1. Data Controller

The data controller responsible for your personal data is:

DentroInnovation OÜ
Lõõtsa tn 2a
Harju maakond 11415 Tallinn
Estonia
Registration number: 16799548

Contact for data protection matters:
Email: hello@dentro.chat

We have not appointed a Data Protection Officer. Under GDPR Article 37, a DPO is only required for public authorities or organisations whose core activities involve large-scale monitoring of individuals or processing of sensitive data. As an AI chat service, we do not fall into these categories. For any data protection inquiries, please contact us at the email address above.

2. Data We Collect

We collect the following categories of personal data:

Account information:

  • Name (required for registration)
  • Email address (required for registration)
  • Password (stored hashed, never in plain text)
  • Account creation date
  • Your settings, such as dark mode or selected AI mode

Usage data:

  • Chat messages you send and AI responses you receive
  • Files you upload for AI processing (including images, documents, and other attachments)
  • Images you generate
  • Web search queries performed through the AI
  • Voice input when you use the speech feature (processed by our AI provider for transcription, not stored by us)
  • Timestamps of your interactions
  • Feature usage, such as which AI mode you select

Technical data:

  • Browser type and version
  • Device type

Payment data:

  • We do not store your payment card details or bank account numbers on our servers. Payments are handled by our payment provider (Mollie), who processes your payment data securely according to PCI-DSS standards. We only receive confirmation of payment status, your billing address, and a transaction reference.

3. Legal Basis for Processing

We process your personal data on the following legal bases under Article 6 GDPR:

Contractual necessity (Art. 6(1)(b)):

  • Account creation and management
  • Processing your chat messages to provide AI responses
  • Processing file uploads and image generation requests
  • Providing web search functionality
  • Storing your chat history for your access
  • Processing payments and managing your subscription

Legitimate interests (Art. 6(1)(f)):

  • Sending you emails about product updates, tips, and related services (our interest: keeping you informed about our service). You can opt out at any time via the unsubscribe link in every email.
  • Anonymous analytics to improve our service (our interest: product improvement)
  • Technical logging for debugging and reliability (our interest: service stability)

Legal obligation (Art. 6(1)(c)):

  • Retaining invoices and financial records as required by tax law
  • Sending legally required communications about your account or service changes

4. How We Use Your Data

We use your data to:

  • Provide the DentroChat AI service (text chat, image generation, web search, file processing)
  • Maintain and improve our service
  • Communicate with you about your account, service updates, and product news
  • Process payments and manage subscriptions
  • Comply with legal obligations

We do not sell your data. We do not use your chat conversations to train AI models. We do not share your data with third parties for their own marketing purposes.

5. Data Sharing and Subprocessors

To provide our service, we share data with carefully selected subprocessors. All our subprocessors are located within the European Union or in countries with an EU adequacy decision. We do not use any US-based subprocessors.

When you send a chat message, your input is sent to our AI providers for processing. All AI providers are located within the EU. These providers process your data solely to generate a response and do not retain your data for training purposes. For a complete list, see our Subprocessors page.

For a complete list of our subprocessors, including their purposes and locations, see our Subprocessors page.

6. International Data Transfers

All data processing takes place within the European Union. For details on where your data is stored, see our Subprocessors page.

Our business email provider (Migadu) is based in Switzerland, which has an EU adequacy decision, meaning transfers to Switzerland are treated as equivalent to transfers within the EU.

Your data never leaves the EU/EEA or countries with adequacy decisions.

7. Data Security

We implement the following security measures:

  • All data encrypted in transit using TLS 1.3
  • Data encrypted at rest on our servers
  • Encrypted backups stored separately from primary data
  • Passwords hashed using industry-standard algorithms
  • Access controls limiting who can access production systems
  • Regular security updates and monitoring

8. Data Retention

We retain your data for the following periods:

  • Chat history: Retained until you delete it or close your account
  • Account data: Retained while your account is active, deleted within 30 days of account closure
  • Uploaded files: Retained until you delete them or close your account
  • Generated images: Retained until you delete them or close your account
  • Invoices and payment records: 7 years (Estonian legal requirement)
  • Server logs: Retained temporarily for debugging purposes
  • Analytics data: Aggregated and anonymised, no personal data retained

9. Your Rights

Under GDPR, you have the following rights:

  • Access (Art. 15): Request a copy of your personal data
  • Rectification (Art. 16): Correct inaccurate data
  • Erasure (Art. 17): Request deletion of your data
  • Restriction (Art. 18): Limit how we process your data
  • Portability (Art. 20): Receive your data in a machine-readable format
  • Object (Art. 21): Object to processing based on legitimate interests, including marketing emails
  • Withdraw consent: Where processing is based on consent, withdraw at any time

You can delete your chats and cancel your subscription directly in the app. To close your account, export your data, or exercise other rights, contact us at hello@dentro.chat.

Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority. For Estonia, this is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon), Tatari 39, 10134 Tallinn, Estonia, info@aki.ee. You may also contact the supervisory authority in your country of residence.

10. Automated Decision-Making

DentroChat uses AI to generate responses to your messages. This is the core function of our service and is necessary to perform our contract with you. The AI processing does not produce decisions with legal or similarly significant effects on you. It simply generates text, images, or search results based on your input.

We do not use automated decision-making for profiling, credit scoring, or any decisions that would have legal effects on you.

11. Cookies and Local Storage

Website and application: We use self-hosted Plausible Analytics on both dentro.chat and app.dentro.chat. Plausible does not use cookies and does not collect personal data. No cookie consent banner is required.

Application (app.dentro.chat): We use essential cookies and local storage for:

  • Authentication (keeping you logged in)
  • Session management
  • Your preferences, such as dark mode or selected AI mode

These are strictly necessary for the service to function and do not require consent under the ePrivacy Directive. We do not use any tracking cookies or third-party advertising cookies.

12. Children's Privacy

DentroChat is not intended for users under the age of 16. We do not knowingly collect personal data from children under 16. If you believe a child under 16 has provided us with personal data, please contact us and we will delete it.

13. Social Media

We maintain a presence on LinkedIn. When you visit our LinkedIn page, LinkedIn processes your data as described in their privacy policy. LinkedIn Ireland Unlimited Company is the data controller for this processing. We may receive anonymised statistics about page visitors from LinkedIn.

14. Changes to This Policy

We may update this privacy policy from time to time. If we make material changes that affect how we process your personal data, we will notify you via email or through the app at least 30 days before the changes take effect. The "Last updated" date at the top of this page indicates when the policy was last revised.

15. Contact Us

For any questions about this Privacy Policy or our data practices, please contact us at hello@dentro.chat.