PalaChat
Sign inGet started free

Privacy Policy

Last updated: March 2025

1. Introduction and Overview

Palazon Cloud Pte. Ltd. (trading as “PalaCloud”) is a company incorporated in Singapore. We operate PalaChat, an AI-powered chat platform accessible at palachat.com. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our services.

We are committed to complying with the Personal Data Protection Act 2012 (PDPA) of Singapore and any subsidiary legislation enacted thereunder. By accessing or using PalaChat, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy. If you do not agree with this policy, please do not use our services.

In this policy, “we”, “us”, and “our” refer to Palazon Cloud Pte. Ltd. “You” and “your” refer to the individual accessing or using PalaChat. “Personal data” means data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which the organisation has or is likely to have access.

2. What Personal Data We Collect

We collect personal data that is necessary to provide, maintain, and improve PalaChat. The categories of data we collect include the following:

Account Data

When you register for a PalaChat account, we collect your name, email address, and authentication credentials. If you sign in using Google, we receive your name, email address, and profile picture from Google.

Usage Data

We automatically collect information about how you interact with PalaChat. This includes your IP address, browser type and version, device information, operating system, pages visited, features used, timestamps of interactions, and referring URLs. This data helps us understand how our service is used and identify areas for improvement.

Chat Conversation Data

When you use PalaChat, we store the messages you send and the responses generated by AI models. This includes text content, any files or images you upload during conversations, conversation metadata such as timestamps and model selections, and your conversation history. We store this data to provide you with continuity of service and the ability to review past conversations.

Payment Data

If you subscribe to a paid plan, payment processing is handled entirely by Stripe. We do not store your full credit card number, bank account details, or other sensitive financial information on our servers. We receive and retain only limited billing information from Stripe, such as your billing name, the last four digits of your card, card expiration date, billing address, and transaction history.

Cookies and Similar Technologies

We use cookies and similar tracking technologies to maintain your session, remember your preferences, and understand how you use our platform. For more details, please refer to Section 8 of this policy.

3. How We Use Your Data

We use the personal data we collect for the following purposes:

  • Providing and maintaining the service: To operate PalaChat, process your conversations with AI models, store your chat history, and deliver core product functionality.
  • Billing and subscription management: To process payments, manage your subscription plan, track usage against plan limits, and issue invoices or receipts.
  • Communications and notifications: To send you important service updates, security alerts, billing notifications, and account-related communications. We may also send product announcements, but you can opt out of non-essential communications at any time.
  • Service improvement and analytics: To analyse usage patterns, diagnose technical issues, monitor system performance, and improve our platform.
  • Security and fraud prevention: To detect and prevent abuse, unauthorised access, and other malicious activities on our platform.
  • Legal compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

We do not sell your personal data to third parties under any circumstances. We do not share your data with advertisers or data brokers.

We do not use your conversation data to train AI models. Your chat conversations are processed by third-party AI providers solely to generate responses in real time. We do not aggregate, mine, or otherwise use your conversations for the purpose of building or improving machine learning models.

4. Third-Party Services

PalaChat relies on a number of trusted third-party service providers to deliver its functionality. Each provider receives only the minimum data necessary to perform their function. These providers include:

  • Google (OAuth sign-in): If you choose to sign in with Google, we use Google's OAuth 2.0 service to authenticate your identity. Google shares your name, email address, and profile picture with us during the sign-in process. Google's use of your data is governed by their own privacy policy.
  • Stripe: We use Stripe to process all payments and manage subscriptions. When you provide payment information, it is transmitted directly to Stripe. We share your email address and account identifier with Stripe to associate payments with your account. Stripe is a PCI DSS Level 1 certified payment processor.
  • Amazon Web Services (AWS): We use AWS to host our application infrastructure, databases, and file storage. Your data is stored on AWS servers located in the Singapore region. AWS provides the underlying compute, storage, and networking infrastructure that powers PalaChat. AWS does not access your data except as necessary to maintain the infrastructure, and their handling of data is governed by the AWS Data Processing Addendum.

Each third-party provider maintains their own privacy policy and data handling practices. We encourage you to review their respective policies. We select providers who maintain strong security standards and contractual commitments to data protection.

5. Data Storage and Security

Your personal data is stored on servers hosted by Amazon Web Services (AWS) in the Singapore region. We have chosen Singapore-based infrastructure to ensure that your data remains within a jurisdiction governed by the PDPA and to minimise latency for users in Southeast Asia.

We implement industry-standard security measures to protect your data, including:

  • Encryption of data in transit using TLS 1.2 or higher for all communications between your browser and our servers.
  • Encryption of data at rest using AES-256 encryption for stored data.
  • Strict access controls with role-based permissions to ensure that only authorised personnel can access personal data.
  • Regular security assessments and monitoring of our infrastructure for vulnerabilities and threats.
  • Secure authentication mechanisms including support for multi-factor authentication.

While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to taking all reasonable steps to safeguard your information.

6. Data Retention

We retain your personal data only for as long as it is necessary to fulfil the purposes for which it was collected, or as required by applicable law. Our retention practices are as follows:

  • Active accounts: Your account data, preferences, and subscription information are retained for as long as your account remains active and you continue to use PalaChat.
  • Account deletion: When you request deletion of your account, we will delete or anonymise your personal data within 30 days of the request. Certain data may be retained for a limited additional period where required for legitimate business purposes such as resolving disputes, enforcing agreements, or complying with legal obligations.
  • Conversation logs: Chat conversation data is retained for up to 12 months from the date of creation. After this period, conversation data is automatically purged from our systems. You may also delete individual conversations at any time from within the application.
  • Billing records: Transaction and billing records are retained for the period required by applicable tax and accounting regulations in Singapore, which is generally up to five years.

7. Your Rights Under the PDPA

Under the Personal Data Protection Act 2012 of Singapore, you have several rights regarding your personal data. We are committed to facilitating the exercise of these rights:

  • Right of access: You may request information about the personal data we hold about you and how it has been used or disclosed within the past year.
  • Right of correction: You may request that we correct any personal data about you that is inaccurate, incomplete, or out of date.
  • Right to withdraw consent: You may withdraw your consent for the collection, use, or disclosure of your personal data at any time by contacting us. Please note that withdrawing consent may affect our ability to provide certain services to you.
  • Right to data portability: Where technically feasible, you may request a copy of your personal data in a commonly used, machine-readable format so that it can be transferred to another organisation.

To exercise any of these rights, please contact our Data Protection Officer at privacy@palachat.com. We will respond to your request within 30 days, as required by the PDPA. We may need to verify your identity before processing your request to ensure the security of your data. If we are unable to fully comply with your request, we will provide you with a written explanation of the reasons.

8. Cookies Policy

PalaChat uses cookies and similar technologies to enhance your experience. Cookies are small text files stored on your device that help us recognise your browser and remember certain information.

Essential Cookies

These cookies are strictly necessary for PalaChat to function. They include session cookies for maintaining your authenticated state, security tokens for preventing cross-site request forgery, and preference cookies for remembering your selected settings such as theme and language. You cannot opt out of essential cookies, as they are required for the basic operation of the service.

Analytics Cookies (Optional)

We may use analytics cookies to understand how visitors interact with PalaChat. These cookies collect information in an aggregated and anonymised form, including the number of visitors, the pages they visit, and the features they use. Analytics cookies are optional, and we will seek your consent before placing them.

How to Manage Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling essential cookies may prevent you from using certain features of PalaChat. You can also opt out of analytics cookies at any time through the cookie preferences available in your account settings.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make material changes to this policy, we will notify you by posting the updated policy on our website with a revised “Last updated” date at the top of this page.

For significant changes that materially affect your rights or how we use your personal data, we will make reasonable efforts to provide additional notice, such as sending an email notification to the address associated with your account or displaying a prominent notification within the PalaChat application.

We encourage you to review this policy periodically. Your continued use of PalaChat after any changes to this Privacy Policy constitutes your acceptance of the updated terms.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Palazon Cloud Pte. Ltd.

Trading as PalaCloud

Privacy Contact: privacy@palachat.com

Website: palachat.com

We aim to respond to all enquiries within 30 business days. If you are not satisfied with our response, you may lodge a complaint with the Personal Data Protection Commission (PDPC) of Singapore.