Privacy Policy
Effective Date: June 5, 2026 · Last Updated: June 5, 2026
KJB LLC ("Company," "we," "us," or "our"), a limited liability company organized under the laws of the State of New Mexico, operates the ChatPEP platform at chatpep.com (the "Service"). This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you visit, use, or interact with the Service.
By using the Service, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with this Policy, you must not use the Service.
This Privacy Policy should be read in conjunction with our Terms of Service.
1. Information We Collect
We collect information in the following categories:
1.1 Information you provide directly
- Account information: When you create an account, we collect your name, email address, username, and authentication credentials (including tokens from third-party OAuth providers such as Google).
- Profile information: Optional profile data you provide, including but not limited to biological sex, age, height, weight, fitness goals, research interests, and health-related preferences used to personalize your experience.
- Chat & query data: The text of conversations, queries, and prompts you submit to the Service, as well as the AI-generated responses.
- Payment information: If you subscribe to a paid plan, payment processing is handled by our third-party payment processor (Stripe). We do not store your full credit card number, CVV, or bank account details on our servers. We may receive and store limited payment information such as the last four digits of your card, card brand, billing address, and transaction identifiers.
- Communications: Information you provide when contacting us for support, feedback, or inquiries.
1.2 Information collected automatically
- Device & browser data: IP address, browser type and version, operating system, device identifiers, screen resolution, and language preferences.
- Usage data: Pages visited, features used, timestamps, click patterns, session duration, referring URLs, and interaction logs.
- Cookies & similar technologies: We use cookies, web beacons, pixels, and similar tracking technologies to maintain sessions, remember preferences, and analyze usage patterns. See Section 7 for details.
1.3 Information from third-party sources
- OAuth providers: If you sign in using a third-party service (e.g., Google), we receive your name, email address, and profile picture as permitted by your OAuth provider settings.
- Analytics providers: We may receive aggregated or de-identified analytics data from third-party services that help us understand how the Service is used.
2. How We Use Your Information
We use the information we collect for the following purposes:
- Provide & operate the Service: To create and manage your account, process your queries, generate AI responses, and deliver the core functionality of the Service.
- Personalization: To customize your experience based on your profile, preferences, and usage history.
- Service improvement: To analyze usage patterns, identify trends, debug issues, and improve the quality, safety, and accuracy of our AI models and Service features.
- AI model training: We may use de-identified and aggregated conversation data to improve our AI models. We do not use individually identifiable conversation data for model training unless you explicitly consent.
- Billing & payments: To process subscription payments, manage billing, and prevent fraud.
- Communications: To send transactional emails (e.g., account verification, password resets, billing receipts), respond to support requests, and, with your consent, send marketing or promotional communications.
- Security & fraud prevention: To detect, investigate, and prevent security incidents, unauthorized access, fraudulent activity, and Terms violations.
- Legal compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
3. Legal Bases for Processing
Where applicable data protection laws require a legal basis for processing personal data, we rely on the following:
- Contract performance: Processing necessary to fulfill our contractual obligations to you under the Terms of Service.
- Legitimate interests: Processing necessary for our legitimate business interests, including service improvement, security, and analytics, where not overridden by your data protection rights.
- Consent: Where you have given explicit consent, such as for optional marketing communications or enhanced personalization features.
- Legal obligation: Processing necessary to comply with applicable legal requirements.
5. Data Retention
We retain your personal information for as long as your account is active or as needed to provide the Service to you. We may also retain and use your information as necessary to comply with our legal obligations, resolve disputes, enforce our agreements, and for legitimate business purposes such as analytics and service improvement.
When you delete your account, we will delete or de-identify your personal information within thirty (30) days, unless retention is required by law or for legitimate business purposes. Aggregated, de-identified data that cannot reasonably be used to identify you may be retained indefinitely.
Conversation and chat data associated with your account will be deleted upon account deletion. Shared content (e.g., publicly shared chat links) may be retained or may remain accessible after account deletion, as described in our Terms of Service.
6. Data Security
We implement commercially reasonable technical, administrative, and organizational security measures designed to protect your personal information from unauthorized access, alteration, disclosure, or destruction. These measures include, but are not limited to:
- Encryption of data in transit using TLS/SSL protocols
- Encryption of sensitive data at rest
- Regular security assessments and monitoring
- Access controls and authentication mechanisms
- Secure session management
However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. You are responsible for maintaining the confidentiality of your account credentials.
8. Your Rights & Choices
Depending on your jurisdiction, you may have the following rights regarding your personal information:
- Access: Request a copy of the personal information we hold about you.
- Correction: Request that we correct inaccurate or incomplete personal information.
- Deletion: Request that we delete your personal information, subject to certain legal exceptions.
- Data portability: Request a copy of your data in a structured, machine-readable format.
- Objection: Object to the processing of your personal information for certain purposes.
- Restriction: Request that we restrict the processing of your personal information under certain circumstances.
- Withdraw consent: Where processing is based on consent, withdraw your consent at any time without affecting the lawfulness of prior processing.
- Opt-out of marketing: Unsubscribe from marketing communications at any time by using the unsubscribe link in emails or by contacting us.
To exercise any of these rights, please contact us at legal@chatpep.com. We will respond to your request within the timeframe required by applicable law (typically 30–45 days).
9. Nevada Privacy Rights
Under Nevada Revised Statutes Chapter 603A, Nevada residents may submit a request directing us not to sell their personal information. We do not sell personal information as defined under Nevada law. If you are a Nevada resident and wish to submit such a request, please contact us at legal@chatpep.com.
10. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
- Right to know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of collection, the business purposes for collection, and the categories of third parties with whom we share information.
- Right to delete: You may request deletion of your personal information, subject to applicable exceptions.
- Right to correct: You may request correction of inaccurate personal information.
- Right to opt-out of sale/sharing: We do not sell or share your personal information for cross-context behavioral advertising as defined by the CCPA/CPRA.
- Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.
- Right to limit use of sensitive personal information: To the extent we collect sensitive personal information, you may request that we limit its use to purposes necessary for providing the Service.
To submit a verifiable consumer request, please contact us at legal@chatpep.com. We will verify your identity before responding to any request.
11. International Users
The Service is operated from the United States. If you are accessing the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those of your jurisdiction.
By using the Service, you consent to the transfer of your information to the United States and the processing of your information in accordance with this Privacy Policy. If you are a resident of the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on appropriate legal mechanisms (such as Standard Contractual Clauses) for cross-border data transfers where required.
12. Children's Privacy
The Service is not directed at and is not intended for use by children under the age of eighteen (18). We do not knowingly collect personal information from children under 18. If we become aware that we have inadvertently collected personal information from a child under 18, we will take steps to delete such information promptly. If you believe a child under 18 has provided us with personal information, please contact us at legal@chatpep.com.
13. Do Not Track Signals
Some web browsers transmit "Do Not Track" (DNT) signals. Because there is no uniform standard for interpreting DNT signals, the Service does not currently respond to DNT browser signals or headers. We will continue to monitor developments in DNT technology and may adopt a DNT standard if one is established.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will: (a) update the "Effective Date" at the top of this page; (b) post the revised Policy on the Service; and (c) where required by law, provide additional notice such as an in-app notification or email.
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of the Service after changes to this Policy constitutes acceptance of the updated Policy.
15. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at legal@chatpep.com.
KJB LLC · State of organization: New Mexico
If you are not satisfied with our response, you may have the right to lodge a complaint with the relevant data protection authority in your jurisdiction.