← Back to home

Privacy Policy

1. What We Collect

When you use groupchat, we collect and store the following categories of personal data:

  • iMessage content— message text, sender and recipient handles, timestamps, and service type (iMessage/SMS/RCS), from your uploaded chat.db.
  • Contact handles— phone numbers and email addresses associated with chat participants.
  • OAuth identity— your Google account email, display name, and OAuth subject identifier.
  • Billing data— Stripe customer ID, subscription status, and plan tier.
  • Usage metadata— ingest timestamps, message counts, and LLM call logs (provider, model, token counts, latency — no message content).

What We Do Not Collect

We do not collect images, videos, or media attachments (v1 is text-only). We do not store passwords (authentication is OAuth-only). We do not collect location data or device/advertising identifiers.

2. How We Use Your Data

  • Core service: storing, indexing, and analyzing your iMessage history to provide leaderboards, search, word frequencies, and activity charts.
  • LLM features (opt-in only):if you enable AI insights or natural language Q&A, message text is sent to the LLM provider you configure. This only happens with your explicit, per-feature consent.
  • Billing: processing payments and managing your subscription via Stripe.
  • Security: detecting abuse, enforcing acceptable use, and responding to legal process.

We Do Not Use Your Messages for LLM Training

Your message content is never used to train, fine-tune, or improve any large language model — ours or any third party's. When messages are sent to an LLM provider for insights or Q&A, they are sent under API terms that prohibit training on input data. If you use your own API key (BYOK), the provider's API terms of service apply to your key.

3. Where Your Data Lives

Your data is processed and stored by the following services:

  • Railway— application hosting and PostgreSQL database (United States).
  • AWS S3 — ephemeral storage of uploaded chat.db files during ingest (deleted after parsing; United States).
  • Stripe— payment processing and subscription management (United States).
  • Cloudflare— DNS, DDoS protection, and CDN (global edge network).

Google— OAuth sign-in (your account email, display name, and OAuth subject identifier; United States).

LLM Providers (BYOK Only)

The following providers are used only when you explicitly enable AI features and provide your own API key or use a tunneled local model: Anthropic (Claude), OpenAI (GPT), Google (Gemini), and Ollama (local — data does not leave your network).

4. How Long We Keep Your Data

Your messages are retained until you delete them. Ingests are append-only: re-uploading chat.db adds new messages but does not modify existing ones. Messages deleted in Apple Messages.app remain in the groupchat database until you explicitly delete them via the service.

Uploaded chat.db files are deleted from S3 once parsing finishes. Files from ingests that fail mid-way, or uploads a user abandons before processing starts, are swept and deleted within 24 hours.

Deleting your account immediately suspends access and marks your record for erasure. Automated hard-delete of the parsed message data from our database is on the roadmap; until it ships, if you want the underlying rows removed before that sweep lands, use per-message deletion in Settings or contact groupchatdata@gmail.com.

5. Who We Share Your Data With

We share your personal data only with the subprocessors listed above, and only to the extent necessary to provide the service. We do not sell, rent, or trade your personal data.

We may disclose your data if required by law, subpoena, court order, or government request.

6. Your Rights

  • Access & export: you can export all of your data at any time via the account settings.
  • Erasure: you can delete your account and all associated data, or delete individual messages.
  • Portability: data export is provided in a structured, machine-readable format (JSON).
  • Correction: contact groupchatdata@gmail.com to request corrections to your account information.

7. EU/EEA Availability

The service is not available in the EU/EEA in v1. Access from EU/EEA countries is geo-blocked. If we expand to the EU/EEA in a future version, we will update this policy accordingly.

8. Children

groupchat is not directed at children under 13. We do not knowingly collect personal data from children. If we learn that we have collected data from a child under 13, we will delete the account and associated data promptly.

9. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated via email. Continued use of the service after notification constitutes acceptance of the updated policy.

10. Contact

For privacy-related inquiries, security disclosures, or any other contact: groupchatdata@gmail.com.

We read this inbox daily and aim to respond within 72 hours. For urgent security issues, write SECURITY in the subject line.