1. Who we are
Chatmend (“Chatmend”, “we”, “us”, “our”) is a language-learning chat application operated by:
Cashless.Space Ltd, a company registered in England and Wales.
- Company number: 10485349
- Registered office: 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom
- ICO (Information Commissioner’s Office) registration reference: ZC186310
- Privacy contact: privacy@cashless.space
We are the data controller for the personal data described in this policy.
This policy explains what personal data we collect when you use the Chatmend app and website, why we process it, who we share it with, how long we keep it, and the rights you have over it.
2. Who can use Chatmend
Chatmend is intended for users aged 16 and over. We do not knowingly collect personal data from anyone under 16. If you believe a child under 16 has provided us with personal data, contact us at privacy@cashless.space and we will delete it.
3. The data we collect
We do not collect your location, contacts, photos, or financial information. We show no advertising and we do not track you across other apps or websites.
3.1 Information you give us
| Data | Examples | Where it comes from |
|---|---|---|
| Account details | Email address, password | When you sign up (handled by our authentication provider; passwords are stored only as a salted hash) |
| Profile | Display name, native language, target (learning) language, explanation language | When you create or edit your profile |
| Conversation content | The messages you send, conversation titles, and who is in each conversation | When you chat in the app |
3.2 Information we generate about your use
| Data | Purpose |
|---|---|
| Corrections | The corrected version of your messages, highlighted error spans, and short explanations |
| Vocabulary | Words drawn from your chats, to support the learning features |
| Usage & diagnostics | In-app events and basic analytics used to operate and improve the service |
3.3 Information we collect automatically
| Data | Purpose |
|---|---|
| IP address | Used transiently to rate-limit requests and protect the service from abuse |
| Push notification token | A device identifier issued by Apple or Google so we can deliver notifications you have enabled |
3.4 Payments
If you buy a subscription, the purchase is processed by Apple (App Store) or Google (Google Play) acting as the merchant of record. We do not receive or store your card or payment-account details — we receive only confirmation of your subscription status.
3.5 Sensitive information
Chatmend does not ask for special-category data (such as health, religious, or political information). Because messages are free text, please do not include sensitive personal information in your messages — they are processed by our AI providers as described in section 5.
3.6 Stored on your device
A copy of your chat history is kept locally on your device so you retain your conversations even after we clear older messages from our servers. See section 8 for how long it is kept and section 10 for how it is protected.
4. Why we process your data, and our legal bases
| Purpose | Legal basis (UK/EU GDPR Art. 6) |
|---|---|
| Create and manage your account; deliver chat and corrections | Performance of a contract with you |
| Detect and prevent abuse; rate-limit and secure the service; monitor cost | Legitimate interests (running a safe, sustainable service) |
| Send push notifications you have enabled | Consent (you can turn them off at any time) |
| Optional analytics, where applicable | Consent |
| Comply with legal obligations (e.g. responding to lawful requests) | Legal obligation |
Where we rely on legitimate interests, we have weighed those interests against your rights. You can object to that processing — see section 9.
5. How Chatmend uses AI to correct your messages
Correcting your messages requires sending text to a third-party AI provider. We have designed this to share as little as possible:
What we send to the AI provider:
- the message text to be corrected;
- a small amount of recent conversation context (recent prior messages in the same conversation), so the correction makes sense in context;
- your target language, native language, and chosen explanation language, plus any clarification you provide.
What we do not send:
- your name, email address, or account identifiers. The request is pseudonymous — the provider receives message content, not who you are.
Please note: because recent conversation context is included, a correction request for one member can include recent messages written by other members of the same conversation.
Our AI providers and how long they keep it:
| Provider | Role | Location | Retention & training |
|---|---|---|---|
| Anthropic (Claude) | Primary correction model | Global routing (may include the United States) | Inputs/outputs deleted within 30 days; not used to train their models |
| Google Gemini (on Google Cloud Vertex AI) | Premium correction, used if the primary is unavailable | European Union | Handled under Google Cloud’s data-processing terms; not used to train the models |
| Mistral AI | Standard correction, used if the premium models are unavailable | European Union (France) | Inputs/outputs retained up to 30 days for abuse monitoring; not used to train their models on our paid tier |
None of these providers uses your content to train their models. Because Mistral and the Google Cloud (Vertex) correction path both run in the EU, that processing does not involve a transfer outside the EU/UK. Anthropic’s first-party API uses global routing, so that correction may be processed outside the EU/UK (see section 7).
Because messages are corrected on our servers, Chatmend is not end-to-end encrypted — our systems and our AI providers must be able to read message text in order to coach it.
6. Who we share your data with
Within a conversation. The other members of a conversation can see the messages you send in it and the corrections attached to them, including any clarification questions and answers. That is how Chatmend works as a shared practice space.
We do not sell your personal data. Beyond the members of your conversations, we share your data only with the service providers (“sub-processors”) that we rely on to run Chatmend, each under a data-processing agreement:
| Sub-processor | Purpose | Location |
|---|---|---|
| Supabase | Database, authentication, and app hosting | European Union (Frankfurt) |
| Anthropic | AI message correction (primary) | Global routing (may include the United States) |
| Google Cloud (Vertex AI) | AI message correction (premium failover) | European Union |
| Mistral AI | AI message correction (standard failover) | European Union |
| Apple | App distribution, payments, push notifications (APNs) | United States |
| App distribution, payments, push notifications (FCM) (Android) | United States |
We may also disclose data where required by law, to enforce our terms, or to protect the rights, safety, or property of Chatmend or others.
7. Where your data is stored and international transfers
Your account and conversation data are stored in the European Union (Frankfurt).
Some processing involves transfers outside the EU/UK — specifically AI correction by Anthropic (whose first-party API uses global routing and may process data in the United States or other regions) and app-store, payment, and notification services provided by Apple and Google in the United States. Our other AI correction providers — Mistral and Google Gemini on Google Cloud (Vertex AI) — run in the EU, so those paths do not involve a transfer outside the EU/UK. Where we transfer personal data to a country without a UK/EU adequacy decision, we rely on appropriate safeguards, such as the EU Standard Contractual Clauses and the UK International Data Transfer Addendum, and/or the providers’ certification under the EU–US Data Privacy Framework.
You can request a copy of the relevant safeguards by contacting us.
8. How long we keep your data
We keep your personal data for as long as your account is active. Specifically:
- Message bodies are automatically cleared 30 days after a message has been corrected — the message record remains (it anchors your learning history) but its text is removed.
- Corrections, vocabulary, profile, and account data are retained until you delete them or close your account. When you request account deletion (see section 9), your account enters a 14-day recovery period during which you can restore it by signing back in; after that window your data is permanently erased. Messages you sent in a conversation shared with someone else are anonymised rather than removed (the content is deleted and the message is re-labelled “Deleted account”) so the other member’s conversation history stays intact. Note that corrections include the corrected text and explanations that form your learning history, so some content derived from a message persists after that message’s body is cleared, until your account is erased.
- On your device: the app also keeps a copy of your chat history locally on your device, so you keep your conversations even after the server has cleared the 30-day-old bodies. This local copy stays on your device until you delete the app, delete your account, or clear your history; it is protected by your device’s built-in encryption (iOS Data Protection; Android file-based encryption).
- IP addresses used for rate-limiting are short-lived and cleared on a rolling basis.
- AI providers delete the content we send them within 30 days (section 5).
We may retain limited information for longer where we are legally required to, or to resolve disputes and enforce our agreements.
9. Your rights
Under UK and EU data protection law, you have the right to:
- access the personal data we hold about you;
- rectify inaccurate data;
- erase your data (“right to be forgotten”);
- restrict or object to certain processing;
- data portability — receive your data in a portable format;
- withdraw consent at any time, where we rely on consent.
You can edit your profile and delete your account and associated data directly in the app (Profile → Delete account). Deletion takes effect after a 14-day recovery period — sign back in during that window to cancel it. You can also request deletion via our account-deletion page or by contacting privacy@cashless.space. For any other request, contact us at the same address. We will respond within one month.
If you are unhappy with how we handle your data, you can complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk, or to your local EU supervisory authority.
10. How we protect your data
- Your data is encrypted in transit between your device and our servers.
- Access to conversations is restricted, so you can only see the conversations you are a member of.
- Data stored by our hosting provider is encrypted at rest.
- Chat history cached on your device is protected by your device’s built-in encryption (iOS Data Protection; Android file-based encryption of app-private storage), readable only while your device is unlocked.
- Access to production systems is restricted and authenticated.
No service can guarantee absolute security, but we work to protect your data using appropriate technical and organisational measures.
11. Changes to this policy
We may update this policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify you in the app.
12. Contact us
Questions about this policy or your data:
Cashless.Space Ltd (trading as Chatmend)
71–75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom
Email: privacy@cashless.space