ChatEnable — Privacy Policy

Effective date: October 2, 2025

Mikołaj Bońkowski d/b/a ChatEnable ("Company," "we," "our") provides implementation and support services for OpenAI’s Instant Checkout and related integrations (the "Services"). This Privacy Policy explains how we collect, use, disclose, and safeguard information about visitors to our website, prospective customers, customers, and their personnel. This Policy applies to information we process as a controller. When we process personal information solely on behalf of a customer to provide the Services, we do so as a processor and our processing is governed by the Data Processing Addendum (Appendix A of our Terms).

1. Information We Collect

1.1 Information you provide to us

Business contact data: name, work email, company, role, phone.

Account & billing data: authentication credentials, billing point of contact, tax/ invoicing details.

Support communications: content of emails, tickets, and calls.

Implementation inputs: configuration preferences, webhooks, sandbox credentials (we recommend using least privilege and test environments).

1.2 Information collected automatically

Log data: IP address, device and browser type, pages or features used, timestamps, and referring/exit pages.

Analytics data: usage metrics from our site and dashboards (we use privacy-respecting analytics where feasible).

1.3 Information from third parties

From service providers (e.g., payment processors, identity verification vendors) and from publicly available sources for due diligence and fraud prevention.

We do not intentionally collect sensitive personal information or information from children.

2. How We Use Information

We use personal information to:

Provide, maintain, and improve the Services and Deliverables;

Configure and support integrations with OpenAI and payment processors;

Communicate with you (including security, transactional, and marketing communications);

Process orders, invoicing, and payments;

Detect, prevent, and investigate fraud, abuse, and security incidents;

Comply with legal obligations and enforce our agreements.

We may create aggregated or de-identified data for analytics and service improvement. We do not attempt to re-identify such data.

3. How We Share Information

We share personal information with:

Service providers and subprocessors who perform services for us (hosting, support, analytics, communications, billing, security);

Third-Party Services you direct us to enable (e.g., OpenAI integrations, payment processors such as OpenAI’s designated processors). Your use of those services is governed by their own terms and privacy policies;

Professional advisors (lawyers, auditors) under confidentiality;

Authorities when required by law or to protect rights, safety, or security;

Business transfers in connection with a merger, acquisition, financing, or sale of assets (with appropriate protections).

We do not sell or share personal information for cross-context behavioral advertising as defined by the California Consumer Privacy Act (CCPA/CPRA).

4. Cookies and Similar Technologies

We use necessary cookies for site functionality, and (optionally) analytics cookies to understand usage. You can manage cookie preferences via your browser settings and, where applicable, our cookie banner or preferences center.

5. Data Security

We implement reasonable administrative, technical, and physical security measures appropriate to the nature of the information we process. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

6. Data Retention

We retain personal information for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Criteria include account status, legal requirements, and business needs. Aggregated/de-identified data may be retained without time limit.

7. International Transfers

We are based in the United States and may process information in the U.S. and other countries. Where required, we use appropriate safeguards (e.g., Standard Contractual Clauses) for cross-border transfers.

8. Your Privacy Rights

Depending on your location, you may have rights to access, correct, delete, or port your personal information, and to restrict or object to certain processing. You may also have the right to appeal a denial of your request.

California (CPRA) disclosures: We provide the following:

Categories of personal information collected in the last 12 months: identifiers (e.g., name, email), commercial information (transactions with us), internet activity (logs), professional information.

Sources: directly from you; automatically from your device; service providers; publicly available sources.

Business purposes: as described in Section 2.

No sale or sharing of personal information as defined by CPRA.

Sensitive personal information: not used to infer characteristics.

Non-discrimination: we will not discriminate against you for exercising your rights.

To exercise rights, contact us at [email protected] . We will verify requests as required by law. Authorized agents may submit requests with proof of authorization.

9. Children’s Privacy

Our Services are not directed to children under 13, and we do not knowingly collect personal information from children.

10. Third-Party Links and Services

Our site and Services may link to or enable Third-Party Services. We are not responsible for their privacy practices. Review their policies before use.

11. Changes to This Policy

We may update this Policy from time to time. The "Effective date" indicates when changes took effect. Material changes will be announced via our website or direct notice where appropriate.

12. Contact Us

ChatEnable (operated by Mikołaj Bońkowski)
Warsaw, Poland
Email: [email protected]

If you have unresolved concerns, you may have the right to complain to your state Attorney General or relevant authority.

U.S. State-Specific Notices (Summary)

California (CPRA): See Section 8. Right to know, delete, correct; opt-out of sharing (we do not share); limit use of sensitive PI (not applicable).

Colorado, Connecticut, Virginia, Utah: Rights to access, delete, correct (where applicable), portability, and opt-out of targeted advertising/sale (we do not engage in these practices).
Requests: [email protected] .

Optional: Data Protection Addendum (Customer-Facing)

If you require a separate stand-alone DPA for signature, contact [email protected] and we will provide our standard form aligned with the above Appendix A.