Privacy Policy
Last Updated: January 19, 2026
Effective Date: January 19, 2026
Chorvia (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services at chorvia.com (the “Service”).
This policy complies with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and other applicable US federal and state privacy laws.
By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.
Table of Contents
- Information We Collect
- How We Use Your Information
- Legal Basis for Processing (GDPR)
- Information Sharing and Disclosure
- Third-Party Service Providers
- Cookies and Tracking Technologies
- Data Retention
- Data Security
- International Data Transfers
- Your Privacy Rights
- California Privacy Rights (CCPA/CPRA)
- European Privacy Rights (GDPR)
- Children's Privacy
- Do Not Track Signals
- Changes to This Privacy Policy
- Contact Us
1. Information We Collect
Personal Information You Provide
When you create an account or use our Service, we may collect:
- Account Information: Name, email address, password (stored in hashed form), profile image
- Demographic Information: Gender, date of birth (for age verification and matching purposes)
- Preference Information: Topics of interest, availability schedule, timezone, who you prefer to talk to, meeting frequency preferences
- Organization Information: If you are an organization administrator, information about your organization and team members
- Payment Information: When you subscribe to paid features, payment information is collected and processed by our payment processor, Stripe. We store only your Stripe customer ID and subscription status.
- Feedback and Ratings: Ratings and comments you provide about group conversations
- Communications: Information you provide when you contact us for support
Information from Third-Party Authentication
If you sign in using Google, we receive:
- Your Google account email address
- Your name and profile picture (if available)
- Authentication tokens to maintain your session
Information Collected Automatically
When you use our Service, we automatically collect:
- Device Information: Browser type, operating system, device type
- Log Data: IP address, access times, pages viewed, referring URL
- Session Information: Authentication session data necessary to keep you logged in
2. How We Use Your Information
We use the information we collect to:
- Provide the Service: Create and manage your account, facilitate group matching and conversations
- AI-Powered Matching: Use artificial intelligence to match you with compatible conversation groups based on your interests, availability, demographics, and preferences
- Communication: Send you emails about your account, group matches, meeting reminders, and important service updates
- Process Payments: Handle subscription payments and billing
- Improve the Service: Analyze usage patterns to improve our matching algorithms and user experience
- Maintain Safety: Detect and prevent fraud, abuse, or violations of our terms
- Legal Compliance: Comply with legal obligations and respond to lawful requests
3. Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA), UK, and Switzerland, we process your personal data under the following legal bases:
- Contract Performance: Processing necessary to provide the Service you requested when creating an account
- Legitimate Interests: Processing for our legitimate business interests, such as improving our Service, preventing fraud, and marketing (where permitted)
- Consent: Where you have given explicit consent for specific processing activities
- Legal Obligation: Processing necessary to comply with legal requirements
4. Information Sharing and Disclosure
With Other Users
When you join a conversation group, other group members can see:
- Your first name
- The conversation topic
- Scheduled meeting times
Your email address, full date of birth, and detailed preferences are not shared with other users.
With Organization Administrators
If you are a member of an organization, your organization administrator can see:
- Your name and email address
- Your account creation date
- Group participation (but not conversation content)
We Do Not Sell Your Personal Information
We do not sell, rent, or trade your personal information to third parties for their marketing purposes.
5. Third-Party Service Providers
We share your information with the following third-party service providers who assist us in operating our Service:
Anthropic (Claude AI)
Purpose: AI-powered group matching
Data Shared: User preferences, interests, availability, age, gender, and reputation scores (anonymized where possible)
Privacy Policy: anthropic.com/privacy
Stripe
Purpose: Payment processing
Data Shared: Email address, payment method details (processed directly by Stripe)
Privacy Policy: stripe.com/privacy
Resend
Purpose: Email delivery
Data Shared: Email address, name, email content
Privacy Policy: resend.com/legal/privacy-policy
Purpose: OAuth authentication and calendar integration
Data Shared: Authentication tokens, calendar event data (when calendar integration is enabled)
Privacy Policy: policies.google.com/privacy
Vercel
Purpose: Website hosting and infrastructure
Data Shared: Server logs, IP addresses
Privacy Policy: vercel.com/legal/privacy-policy
7. Data Retention
We retain your information for as long as your account is active or as needed to provide you with our Service. Specific retention periods:
| Data Type | Retention Period |
|---|---|
| Account information | Until account deletion requested |
| Authentication sessions | 30 days from last activity |
| Password reset tokens | 24 hours |
| Invitation tokens | 7 days |
| Feedback tokens | 7 days after group completion |
| Group history and ratings | Until account deletion requested |
| Payment records | As required by tax and financial regulations (typically 7 years) |
When you request account deletion, we will delete or anonymize your personal information within 30 days, except where we are required to retain certain information for legal, regulatory, or legitimate business purposes.
8. Data Security
We implement appropriate technical and organizational measures to protect your personal information:
- Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS/HTTPS
- Password Security: Passwords are hashed using bcrypt with salt, never stored in plain text
- Secure Sessions: Authentication tokens are cryptographically signed and use HttpOnly, Secure, and SameSite cookie attributes
- Access Controls: Employee access to personal data is restricted based on job function and need-to-know basis
- Database Security: Our database is hosted with industry-standard security measures and regular backups
- Regular Updates: We keep our software dependencies updated to address security vulnerabilities
While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. If you have reason to believe your interaction with us is no longer secure, please contact us immediately.
9. International Data Transfers
Chorvia is based in the United States. If you are accessing our Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate.
For users in the European Economic Area (EEA), UK, or Switzerland, we ensure that any international transfers of personal data are protected by:
- Standard Contractual Clauses approved by the European Commission
- Data processing agreements with our service providers
- Adequacy decisions where applicable
10. Your Privacy Rights
Depending on your location, you may have the following rights regarding your personal information:
- Access: Request a copy of the personal information we hold about you
- Correction: Request correction of inaccurate or incomplete information
- Deletion: Request deletion of your personal information
- Data Portability: Request a copy of your data in a machine-readable format
- Opt-Out: Opt out of certain data processing activities
- Withdraw Consent: Withdraw consent where processing is based on consent
To exercise any of these rights, please contact us at privacy@chorvia.com. We will respond to your request within 30 days (or sooner as required by applicable law).
11. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
Right to Know
You have the right to request that we disclose:
- The categories of personal information we have collected about you
- The categories of sources from which we collected your personal information
- The business or commercial purpose for collecting your personal information
- The categories of third parties with whom we share your personal information
- The specific pieces of personal information we have collected about you
Right to Delete
You have the right to request deletion of your personal information, subject to certain exceptions.
Right to Correct
You have the right to request correction of inaccurate personal information.
Right to Opt-Out of Sale/Sharing
We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising purposes.
Right to Limit Use of Sensitive Personal Information
We only use sensitive personal information (such as date of birth and gender) for the purposes of providing and improving our matching Service.
Non-Discrimination
We will not discriminate against you for exercising any of your CCPA/CPRA rights.
Categories of Personal Information Collected
In the past 12 months, we have collected the following categories of personal information:
- Identifiers: Name, email address, IP address, account ID
- Personal Information (Cal. Civ. Code § 1798.80(e)): Name, email address
- Protected Classification Characteristics: Age, gender
- Commercial Information: Subscription and payment history
- Internet Activity: Browser type, pages viewed, session information
- Inferences: Matching preferences and compatibility scores
How to Submit a Request
California residents may submit requests by:
- Emailing us at privacy@chorvia.com
- Using the contact form on our website
We will verify your identity before processing your request by confirming your email address and account ownership.
Authorized Agents
You may designate an authorized agent to make a request on your behalf. The agent must provide proof of authorization.
Financial Incentives
We do not offer financial incentives for the collection or sale of personal information.
12. European Privacy Rights (GDPR)
If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following additional rights under the General Data Protection Regulation (GDPR):
- Right of Access (Article 15): Obtain confirmation of whether we process your personal data and access to that data
- Right to Rectification (Article 16): Have inaccurate personal data corrected
- Right to Erasure (Article 17): Have your personal data deleted (“right to be forgotten”)
- Right to Restriction (Article 18): Restrict the processing of your personal data in certain circumstances
- Right to Data Portability (Article 20): Receive your personal data in a structured, commonly used, machine-readable format
- Right to Object (Article 21): Object to processing based on legitimate interests or for direct marketing
- Rights Related to Automated Decision-Making (Article 22): Not be subject to decisions based solely on automated processing that significantly affects you
Data Controller
Chorvia is the data controller responsible for your personal data.
Supervisory Authority
You have the right to lodge a complaint with a supervisory authority in the EU Member State of your habitual residence, place of work, or place of alleged infringement if you believe our processing of your personal data violates the GDPR.
Contact for GDPR Inquiries
For GDPR-related inquiries, please contact us at privacy@chorvia.com.
13. Children's Privacy
Our Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@chorvia.com.
If we discover that we have collected personal information from a child under 13, we will promptly delete that information from our servers.
For users between 13 and 18 years of age, parental consent may be required in some jurisdictions. We recommend that minors ask their parents or guardians for permission before providing personal information online.
14. Do Not Track Signals
Some browsers have a “Do Not Track” (DNT) feature that signals to websites that you do not want to have your online activity tracked. Since we do not use third-party tracking or advertising cookies, our Service functions the same whether or not DNT is enabled.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by:
- Posting the new Privacy Policy on this page
- Updating the “Last Updated” date at the top of this policy
- Sending you an email notification for material changes (if you have an account)
We encourage you to review this Privacy Policy periodically for any changes. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.
16. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
For privacy-related requests, we will respond within 30 days (or sooner as required by applicable law). For California residents, we will respond to verifiable consumer requests within 45 days.