ChatStack

TL;DR Summary — How Your Confidential Information is Handled and Protected

Before you read the full legal text, here is a summary of our core promises:

  1. You Own Your Ideas: We do not claim ownership of the business concepts or prompts you enter. You own the output the AI generates for you.
  2. No Training on Your Data: We have configured our systems so that your inputs are NOT used to train the artificial intelligence models (like OpenAI's GPT). Your ideas will not help your competitors.
  3. Strict Confidentiality: We treat your “Ideation” and “Submission” data as Confidential Information. We will not share it with third parties unless it is strictly necessary to make the tool work (e.g., sending the text to the AI engine to get an answer).
  4. Security First: Your data is stored on secure servers in the United Kingdom. We use industry-standard encryption to protect it.
  5. Your Responsibility: AI can make mistakes. Please verify any facts, figures, or code generated by the tool before you build your business on them.

By using our service, you agree to these Terms of Service and Privacy Policy.

Master User Agreement (Terms, Privacy & NDA)

Last Updated: January 24, 2026 · Jurisdiction: England & Wales

Preamble

This Master User Agreement ("Agreement") creates a binding legal contract between APP DEVELOPER STUDIO LIMITED (company number 13590871), a company incorporated under the laws of England and Wales ("Provider," "we," "us"), and the individual or entity accessing the Service ("User," "you").

Part 1: Terms of Service & Acceptable Use

1.1 Service Description

The Service consists of a web-based artificial intelligence platform comprising:

  • Phase 1 (Ideation): An interactive interface utilizing third-party Large Language Models (LLMs) to generate text, strategies, and concepts based on User inputs.
  • Phase 2 (Submission): A secure database facility allowing Users to format, finalize, and store their concepts on the Provider’s infrastructure.

1.2 The Nature of AI & Disclaimer of Warranties

The User acknowledges that the Service utilizes experimental Generative Artificial Intelligence technologies.

  1. Accuracy Warning: The AI Output is generated based on probabilistic patterns and may contain factual errors, "hallucinations," or misleading information. The Provider does not warrant that the Output is accurate, complete, or current.
  2. No Professional Advice: The Service does not provide legal, financial, medical, or other professional advice. The User uses the Output at their own risk and should verify all information independently.
  3. Limitation of Liability: To the maximum extent permitted by law, the Provider shall not be liable for any direct, indirect, incidental, or consequential damages (including loss of profits or business opportunities) arising from the User's reliance on the AI Output.

1.3 Prohibited Uses and Anti-Reverse Engineering

To protect the integrity of the Service and the underlying AI models, the User agrees NOT to:

  1. Reverse Engineer: Decompile, disassemble, decode, reproduce, or attempt to derive the source code, underlying algorithms, or trade secrets of the Service or the AI models.
  2. Prompt Injection: Engage in "jailbreaking," "prompt injection," or any adversarial attacks designed to manipulate the AI into ignoring its safety guidelines or revealing its system instructions.
  3. Automated Scraping: Use bots, scrapers, or automated tools to access the Service without express permission.

Part 2: Non-Disclosure Agreement (NDA) & Intellectual Property

2.1 Definition of Confidential Information

"Confidential Information" means all proprietary data disclosed by the User to the Provider through the Service, including:

  1. User Inputs: The text prompts, business ideas, and context data entered during Phase 1.
  2. User Outputs: The AI-generated strategies resulting from User Inputs.
  3. Submission Data: The finalized concepts stored during Phase 2.

2.2 Obligations of the Provider

The Provider agrees:

  1. Strict Confidence: To hold Confidential Information in strict confidence and not to disclose it to third parties, except to Authorized Sub-Processors (defined in Part 3) strictly required to operate the Service.
  2. No Training Warranty: The Provider warrants that User Inputs processed via the OpenAI API are configured to opt-out of model training. Your data will not be used to improve OpenAI’s foundational models.
  3. Security: To maintain industry-standard technical safeguards (encryption at rest and in transit) to protect Confidential Information.

2.3 Intellectual Property Rights

  • Assignment to User: The Provider assigns to the User all right, title, and interest in the User Outputs generated by the Service.
  • Ownership of Input: The User retains full ownership of all User Inputs.

Part 3: Privacy Policy (GDPR & International)

3.1 Scope and Controller

This policy applies to "Personal Data" as defined by the UK General Data Protection Regulation (UK GDPR).

  • Data Controller: APP DEVELOPER STUDIO LIMITED (company number 13590871).
  • Contact: [Email Address].

3.2 Sub-Processors and International Transfers

Your data is processed in the UK and transferred to the following trusted sub-processors. We ensure all transfers are legally safeguarded.

Sub-ProcessorRoleLocationSafeguard Mechanism
OpenAI OpCo, LLCAI Model ProviderUSAUK-US Data Bridge (DPF Certified)
Twilio Inc. (SendGrid)Email DeliveryUSAUK-US Data Bridge (DPF Certified)
Supabase, Inc.Database HostingUSA/SingaporeStandard Contractual Clauses (SCCs)
Google LLCAnalyticsUSAUK-US Data Bridge (DPF Certified)

Note on Supabase: While your data is physically stored on servers located in the United Kingdom, the legal entity controlling the infrastructure is Supabase, Inc. As they are not currently on the Data Privacy Framework list, we protect this transfer using the UK Addendum to EU Standard Contractual Clauses (SCCs).

3.3 Data Retention

  • Ideation Data: Retained by OpenAI as per their standard policies for enterprise use, then deleted. It is not used for model training.
  • Submission Data: Retained in our secure database until you delete your account or request erasure.
  • Analytics: Aggregated and anonymized data is retained as per Google Analytics policies.

3.4 Cookies and Analytics

We use Google Analytics to monitor traffic.

  • Consent Mode: We employ Google Consent Mode v2. No analytics cookies are written to your device unless you explicitly click "Accept" on our banner.
  • Opt-Out: You may opt out at any time via the "Cookie Settings" link in the footer.

Part 4: General Provisions

4.1 Governing Law

This Agreement is governed by the laws of England and Wales. Any dispute shall be subject to the exclusive jurisdiction of the courts of London, UK.

4.2 Entire Agreement

This document constitutes the entire agreement between the parties and supersedes all prior understandings.

Footnotes

  1. Legal considerations of generative AI - ICAEW.com, accessed January 24, 2026, https://www.icaew.com/technical/technology/artificial-intelligence/generative-ai-guide/legal-considerations
  2. Data controls in the OpenAI platform, accessed January 24, 2026, https://platform.openai.com/docs/guides/your-data
  3. Data Privacy with OpenAI API, accessed January 24, 2026, https://community.openai.com/t/data-privacy-with-openai-api/929399
  4. Twilio Inc. - Data Privacy Framework, accessed January 24, 2026, https://www.dataprivacyframework.gov/participant/5394
  5. Is supabase GDPR compliant? #2341 - GitHub, accessed January 24, 2026, https://github.com/orgs/supabase/discussions/2341
  6. Privacy Policy | Supabase, accessed January 24, 2026, https://supabase.com/privacy
  7. Data Privacy Framework List, accessed January 24, 2026, https://www.dataprivacyframework.gov/list
  8. Simplified Guide to Google Consent Mode v2 - Complianz, accessed January 24, 2026, https://complianz.io/simplified-guide-to-google-consent-mode-v2/