Privacy Policy

Effective Date: June 5, 2026 · Last Updated: June 5, 2026

KJB LLC ("Company," "we," "us," or "our"), a limited liability company organized under the laws of the State of New Mexico, operates the ChatPEP platform at chatpep.com (the "Service"). This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you visit, use, or interact with the Service.

By using the Service, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with this Policy, you must not use the Service.

This Privacy Policy should be read in conjunction with our Terms of Service.

1. Information We Collect

We collect information in the following categories:

1.1 Information you provide directly

  • Account information: When you create an account, we collect your name, email address, username, and authentication credentials (including tokens from third-party OAuth providers such as Google).
  • Profile information: Optional profile data you provide, including but not limited to biological sex, age, height, weight, fitness goals, research interests, and health-related preferences used to personalize your experience.
  • Chat & query data: The text of conversations, queries, and prompts you submit to the Service, as well as the AI-generated responses.
  • Payment information: If you subscribe to a paid plan, payment processing is handled by our third-party payment processor (Stripe). We do not store your full credit card number, CVV, or bank account details on our servers. We may receive and store limited payment information such as the last four digits of your card, card brand, billing address, and transaction identifiers.
  • Communications: Information you provide when contacting us for support, feedback, or inquiries.

1.2 Information collected automatically

  • Device & browser data: IP address, browser type and version, operating system, device identifiers, screen resolution, and language preferences.
  • Usage data: Pages visited, features used, timestamps, click patterns, session duration, referring URLs, and interaction logs.
  • Cookies & similar technologies: We use cookies, web beacons, pixels, and similar tracking technologies to maintain sessions, remember preferences, and analyze usage patterns. See Section 7 for details.

1.3 Information from third-party sources

  • OAuth providers: If you sign in using a third-party service (e.g., Google), we receive your name, email address, and profile picture as permitted by your OAuth provider settings.
  • Analytics providers: We may receive aggregated or de-identified analytics data from third-party services that help us understand how the Service is used.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide & operate the Service: To create and manage your account, process your queries, generate AI responses, and deliver the core functionality of the Service.
  • Personalization: To customize your experience based on your profile, preferences, and usage history.
  • Service improvement: To analyze usage patterns, identify trends, debug issues, and improve the quality, safety, and accuracy of our AI models and Service features.
  • AI model training: We may use de-identified and aggregated conversation data to improve our AI models. We do not use individually identifiable conversation data for model training unless you explicitly consent.
  • Billing & payments: To process subscription payments, manage billing, and prevent fraud.
  • Communications: To send transactional emails (e.g., account verification, password resets, billing receipts), respond to support requests, and, with your consent, send marketing or promotional communications.
  • Security & fraud prevention: To detect, investigate, and prevent security incidents, unauthorized access, fraudulent activity, and Terms violations.
  • Legal compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

  • Service providers: We share information with trusted third-party vendors who perform services on our behalf, including cloud hosting (Vercel), payment processing (Stripe), email delivery (Resend), AI model providers (OpenAI), and analytics services. These providers are contractually obligated to use your information only as necessary to perform their services and in accordance with this Policy.
  • AI model providers: Your queries and conversation content are transmitted to third-party AI model providers (e.g., OpenAI) to generate responses. These providers have their own privacy policies governing data handling. We encourage you to review their policies.
  • Legal requirements: We may disclose your information if required by law, subpoena, court order, or governmental regulation, or if we believe in good faith that disclosure is necessary to: (a) comply with legal process; (b) protect our rights, property, or safety, or that of our users or the public; (c) detect, prevent, or address fraud, security, or technical issues.
  • Business transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on the Service of any change in ownership or uses of your personal information.
  • With your consent: We may share your information for other purposes with your explicit consent.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service to you. We may also retain and use your information as necessary to comply with our legal obligations, resolve disputes, enforce our agreements, and for legitimate business purposes such as analytics and service improvement.

When you delete your account, we will delete or de-identify your personal information within thirty (30) days, unless retention is required by law or for legitimate business purposes. Aggregated, de-identified data that cannot reasonably be used to identify you may be retained indefinitely.

Conversation and chat data associated with your account will be deleted upon account deletion. Shared content (e.g., publicly shared chat links) may be retained or may remain accessible after account deletion, as described in our Terms of Service.

6. Data Security

We implement commercially reasonable technical, administrative, and organizational security measures designed to protect your personal information from unauthorized access, alteration, disclosure, or destruction. These measures include, but are not limited to:

  • Encryption of data in transit using TLS/SSL protocols
  • Encryption of sensitive data at rest
  • Regular security assessments and monitoring
  • Access controls and authentication mechanisms
  • Secure session management

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. You are responsible for maintaining the confidentiality of your account credentials.

7. Cookies & Tracking Technologies

We use the following types of cookies and similar technologies:

  • Strictly necessary cookies: Essential for the Service to function, including session cookies, authentication tokens, and CSRF protection. These cannot be disabled.
  • Functional cookies: Remember your preferences (e.g., theme, language) to enhance your experience.
  • Analytics cookies: Help us understand how users interact with the Service, which pages are visited, and how features are used. We use this data to improve the Service.

You can control cookie settings through your browser preferences. Disabling certain cookies may affect the functionality of the Service.

8. Your Rights & Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request that we correct inaccurate or incomplete personal information.
  • Deletion: Request that we delete your personal information, subject to certain legal exceptions.
  • Data portability: Request a copy of your data in a structured, machine-readable format.
  • Objection: Object to the processing of your personal information for certain purposes.
  • Restriction: Request that we restrict the processing of your personal information under certain circumstances.
  • Withdraw consent: Where processing is based on consent, withdraw your consent at any time without affecting the lawfulness of prior processing.
  • Opt-out of marketing: Unsubscribe from marketing communications at any time by using the unsubscribe link in emails or by contacting us.

To exercise any of these rights, please contact us at legal@chatpep.com. We will respond to your request within the timeframe required by applicable law (typically 30–45 days).

9. Nevada Privacy Rights

Under Nevada Revised Statutes Chapter 603A, Nevada residents may submit a request directing us not to sell their personal information. We do not sell personal information as defined under Nevada law. If you are a Nevada resident and wish to submit such a request, please contact us at legal@chatpep.com.

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

  • Right to know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of collection, the business purposes for collection, and the categories of third parties with whom we share information.
  • Right to delete: You may request deletion of your personal information, subject to applicable exceptions.
  • Right to correct: You may request correction of inaccurate personal information.
  • Right to opt-out of sale/sharing: We do not sell or share your personal information for cross-context behavioral advertising as defined by the CCPA/CPRA.
  • Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.
  • Right to limit use of sensitive personal information: To the extent we collect sensitive personal information, you may request that we limit its use to purposes necessary for providing the Service.

To submit a verifiable consumer request, please contact us at legal@chatpep.com. We will verify your identity before responding to any request.

11. International Users

The Service is operated from the United States. If you are accessing the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those of your jurisdiction.

By using the Service, you consent to the transfer of your information to the United States and the processing of your information in accordance with this Privacy Policy. If you are a resident of the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on appropriate legal mechanisms (such as Standard Contractual Clauses) for cross-border data transfers where required.

12. Children's Privacy

The Service is not directed at and is not intended for use by children under the age of eighteen (18). We do not knowingly collect personal information from children under 18. If we become aware that we have inadvertently collected personal information from a child under 18, we will take steps to delete such information promptly. If you believe a child under 18 has provided us with personal information, please contact us at legal@chatpep.com.

13. Do Not Track Signals

Some web browsers transmit "Do Not Track" (DNT) signals. Because there is no uniform standard for interpreting DNT signals, the Service does not currently respond to DNT browser signals or headers. We will continue to monitor developments in DNT technology and may adopt a DNT standard if one is established.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will: (a) update the "Effective Date" at the top of this page; (b) post the revised Policy on the Service; and (c) where required by law, provide additional notice such as an in-app notification or email.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of the Service after changes to this Policy constitutes acceptance of the updated Policy.

15. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at legal@chatpep.com.

KJB LLC · State of organization: New Mexico

If you are not satisfied with our response, you may have the right to lodge a complaint with the relevant data protection authority in your jurisdiction.