SapioChat

Privacy Policy

Last updated: April 2, 2026

1. Overview

SapioChat ("we," "us," or "our") provides an AI-powered chat platform designed for young people, managed by their parents or guardians. This Privacy Policy explains how we collect, use, and protect information when you use our service at sapiochat.com.

2. Information We Collect

Account information: When a parent creates an account, we collect an email address, display name, and a hashed password. For child profiles, we collect a username, display name, date of birth, and optionally an email address or phone number provided by the parent.

Conversation data: Messages exchanged between children and the AI assistant are stored to provide conversation history and enable safety monitoring. Parents can view shared conversations and safety event summaries.

Usage data: We track token usage (message counts) per child profile for billing and usage limits. We do not use third-party analytics or tracking cookies.

3. How We Use Your Information

  • To provide and improve the AI chat service
  • To apply family guidance settings and safety policies configured by parents
  • To classify message safety and generate safety event summaries for parents
  • To send transactional emails (account invitations, password resets, safety alerts)
  • To process payments and manage subscriptions

4. AI Processing

Messages are processed by OpenAI's API to generate AI responses. We send conversation context and family guidance settings to OpenAI for each interaction. OpenAI's API data usage policy applies to this processing. We do not use conversations to train AI models.

5. Children's Privacy (COPPA)

SapioChat is designed to be set up and managed by a parent or guardian. We do not knowingly collect personal information directly from children under 13 without parental consent. All child accounts are created by a parent, and parents maintain full control over their children's profiles, safety settings, and data.

Parents can review, modify, or delete their child's account and associated data at any time through the parent dashboard.

6. Data Sharing

We do not sell or rent personal information. We share data only with:

  • OpenAI — for AI response generation
  • Stripe — for payment processing
  • Resend — for transactional email delivery
  • Supabase — for database hosting
  • Vercel — for application hosting

7. Data Retention

Conversation data is retained for up to 90 days by default (configurable per child profile). Account data is retained for as long as the account is active. Parents can delete child profiles and their associated data at any time. When a parent deletes their account, all household data is permanently removed.

8. Security

We use industry-standard security measures including encrypted connections (TLS), hashed passwords (bcrypt), and secure authentication tokens. Database access is restricted and credentials are stored as environment variables, never in source code.

9. Your Rights

You have the right to:

  • Access your personal data and your children's data
  • Correct inaccurate information
  • Delete your account and all associated data
  • Export your data upon request

10. Contact

For privacy-related questions or requests, contact us at admin@sapiochat.com.