Privacy Policy

Last updated:

1. Scope and Controller

This policy explains how Sagi Hammer (sole proprietor), doing business as Chapeta ("Chapeta," "we," "us"), handles personal data when you use the Chapeta macOS app and the website at chapeta.net.

Chapeta is a local-first app. Conversation history, usage history, and custom skills are stored on your Mac. AI requests are routed through Chapeta's proxy server to OpenRouter and then to the model provider you choose.

2. Data We Process

Depending on your usage, we process the following categories:

  • App content you create: prompts, messages, attachments, conversation titles, local skills, and local settings.
  • App and subscription identifiers: local app token, opaque internal user ID, plan flags (Free/Pro/BYOK), allowance counters, and related entitlement metadata.
  • AI request metadata: model ID, token usage, cost, timestamps, and request IDs.
  • Error and abuse-prevention data: in limited cases, logs may include provider error bodies and short content excerpts needed to diagnose failures or investigate abuse.
  • Billing data for paid plans: transaction, invoice, and tax records handled by Paddle as merchant of record.
  • Website analytics data: page and interaction events on chapeta.net (for example, navigation and click events) through PostHog.
  • Email address: when you sign in to Chapeta, your email address is stored on Chapeta servers to identify your account and manage entitlements.
  • Network data: IP addresses are processed transiently for rate limiting and abuse prevention. They are not stored persistently.

3. Data Stored on Your Device

Conversations, custom skills, and usage history are stored locally on your Mac, generally under ~/Library/Application Support/Chapeta/. Chapeta does not provide cloud sync for this local content.

Uninstalling an app on macOS does not always guarantee deletion of all local app support files or keychain items. If you want complete local removal, delete local Chapeta files and relevant keychain entries manually.

4. AI Request Routing

When you send a request, data flows from the app to api.chapeta.net, then to OpenRouter, then to your selected model provider (for example, OpenAI, Anthropic, Google), and returns through the same route.

Chapeta does not host AI models. OpenRouter and downstream providers may store or process prompts and responses under their own terms and privacy policies.

5. API Keys and Authentication

BYOK API keys are stored in macOS Keychain in production builds. When you send AI requests, your selected key is transmitted through the Chapeta proxy as an authentication header for OpenRouter. Keys are processed for routing and authentication and are not stored as part of normal server operation.

All tiers require email sign-in (a verification code, no password). The service also uses technical identifiers (for example, app token and opaque internal IDs) to provide entitlement and billing flows.

6. Logging and Retention

Chapeta does not store full prompt/response content as part of normal server operation. We store operational metadata used for service reliability, abuse prevention, and billing (model, token counts, cost, timestamps, request IDs, and entitlement events).

In limited cases (for example, provider failures, security review, or abuse handling), logs may include provider error responses needed for diagnosis. Access is restricted to authorized personnel and contractors acting on our behalf under confidentiality obligations.

Retention varies by data type and legal need:

  • Infrastructure logs: console and server logs are typically short-lived (commonly up to 30 days), unless longer retention is required for legal obligations, fraud/dispute handling, or active investigations.
  • Usage and entitlement records: per-request metadata (model, token counts, cost) and subscription lifecycle events are stored in a persistent audit log and retained as long as needed for billing accuracy, dispute resolution, and fraud prevention.
  • Subscription, billing, and tax records: retained as needed for accounting, tax, contractual, and legal compliance.
  • Local app content: retained on your device until you remove it.
  • Email addresses and account identifiers: retained while your account is active and for a reasonable period after deletion or inactivity, as needed for abuse prevention and legal compliance.

7. Billing (Paddle)

Paid plans (Pro and BYOK unlock) are sold by Paddle, our merchant of record. Paddle processes checkout, payment method handling, invoicing, and tax collection. Chapeta does not store your full payment card details.

Purchases are also subject to Paddle's Terms of Service and Paddle's Privacy Policy.

To maintain subscription accuracy (for example, after failed webhooks or app reinstallation), Chapeta may query the Paddle API using internal subscription identifiers to reconcile your entitlement state.

8. Abuse Prevention

Chapeta uses safeguards such as rate limits, authentication checks, and billing reconciliation to protect the service from abuse and keep account state accurate. These controls rely on request and account metadata, not your Apple ID.

9. Website Analytics and Cookies

The macOS app does not include ad SDKs. The website uses PostHog analytics to measure traffic and behavior (including page views and selected UI interactions). This website analytics layer is separate from app conversation content.

By default, PostHog runs without cookies, without storing IP addresses, and without creating person profiles. Unique visitors are counted via a privacy-preserving server-side hash (team ID + daily-rotating salt + IP + user agent) that cannot be reversed to identify individuals. If you sign in with your email, we create a person profile in PostHog linked to that email for account management and analytics. If you accept cookies, we upgrade to persistent tracking for richer analytics. If you decline or ignore the banner, cookieless tracking continues. You can reset your preference by clearing the cookie_consent key in your browser's local storage.

If GDPR/UK GDPR applies, our legal bases typically include:

  • Contract: to provide and operate the service you request.
  • Legitimate interests: security, abuse prevention, reliability, service improvement, and cookieless website analytics for reach measurement.
  • Legal obligation: tax, accounting, and compliance duties.
  • Consent: for cookie-based persistent analytics tracking.

11. International Data Transfers

Chapeta's server infrastructure is hosted on Amazon Web Services (AWS). OpenRouter, Paddle, model providers, and analytics services may process data in countries other than your own. Where required, we use appropriate safeguards for cross-border transfers and limit data sharing to what is needed to operate the service.

Key service providers involved in processing:

  • OpenRouter and AI model providers - AI request routing and model inference. Downstream providers (such as OpenAI, Anthropic, and Google) process prompts and responses under their own terms.
  • Paddle - Payment processing, invoicing, and tax collection (merchant of record).
  • Amazon Web Services (AWS) - Server hosting, database, and log storage.
  • PostHog - Website analytics on chapeta.net (not in the macOS app).
  • Account and request metadata - Abuse prevention, rate limiting, and billing integrity.

Each provider operates under its own terms and privacy policy. We share only the minimum data required for each provider's function.

12. Your Privacy Rights

Depending on your location, you may have rights to access, correct, delete, export, or restrict the processing of personal data, and to object to certain processing.

For U.S. state privacy laws (including California), you may also have rights to know, delete, correct, and opt out of certain uses. Chapeta does not sell personal information or share personal information for cross-context behavioral advertising.

To exercise rights, email privacy@chapeta.net. We may request additional information to verify your request and will respond within the time required by applicable law.

13. Children

Chapeta is not directed to children under 16. If you believe a child provided personal data in violation of this policy, contact us and we will take appropriate steps.

14. Security

We use safeguards including TLS in transit, access controls, and scoped operational access. No system is perfectly secure, and you should avoid sending highly sensitive secrets to any cloud AI service unless necessary.

15. Updates to This Policy

We may update this policy from time to time. When we make material changes, we will update the "Last updated" date and notify you through the app or website.

16. Contact

Questions about this policy? Reach us at privacy@chapeta.net. See also our Terms of Service.