Privacy Policy
Last modified: September 5, 2025
This Privacy Policy (the “
Policy”) applies to your access and use of our websites (including but not limited to
https://charto.ai), the mobile application “Charto AI” (collectively, the “
App”), and related services, including all information, text, graphics, software, and email communications (the “
Content”) provided by Brane Pte. Ltd. (also “
Company”, “
we”, or “
us”). To make this Policy easier to read, the App, the Content, and our services are collectively referred to as the “
Services”.
This Policy explains how we collect, use, store, and protect your personal data when you use the Services. It also describes your rights in relation to your personal information and how you can exercise them.
By using the Services, you confirm that: (i) you have read, understood, and agreed to this Privacy Policy and the data practices described herein; and (ii) you are at least 18 years old.
If you do not agree, or are unable to make this promise, you must not use the Services. In such case, you must (a) delete your account using the functionality found in “Settings” in App or the Website, or contact us and request deletion of your data; (b) cancel any subscriptions depending on how you subscribed (using the functionality provided by Apple or Google if you subscribed via an app store; or the functionality of our Website if you purchased subscription via the Website); and (c) delete App from your device(s).
Any translation of this Privacy Policy is provided for convenience only. In the event of any discrepancy between the English version and any translation, the English version shall prevail.
We collect data you give us voluntarily (for example, when you enter your age, gender, financial status, or email). We also collect data automatically (for example, your IP address) and use third-party service providers for such collection.
You provide information about yourself when you register for or use the Service. This may include:
age, gender, email address, data on financial status (including answers about your financial mindset), and any other information you share while using the Service, including in conversations with our AI Assistants.
We collect data you give us voluntarily (for example, when you enter your age, gender, financial status, or email). We also collect data automatically (for example, your IP address) and use third-party service providers for such collection.
We collect data from your device, such as IP address, language, time zone, device model, operating system version, and settings.
We track your interactions with the Service — such as taps, clicks, screens viewed, time spent, subscription status, and engagement with content or ads.
When you make payments, our payment providers process your financial details. We do not collect or store full credit card numbers, but may receive limited information like transaction amount, date, and payment method.
We use cookies and pixels to recognize you, remember your preferences, deliver relevant content, and analyze how the Service is used. Some cookies are essential; others are used for analytics or advertising and may be stored temporarily on your device.
We process your personal data to provide, maintain, and improve the Service, ensure its security, and personalize your experience. In particular, we use your data for the following purposes:
We use your data to register your account, authenticate logins, deliver content, and ensure the Service functions correctly across devices and platforms. This includes troubleshooting and preventing technical issues.
We may use your responses, preferences, and behavior within the Service to tailor content (e.g. learning materials) and recommendations, including through interaction with our AI Assistants.
We may send you technical notifications, service updates, reminders, or messages about your account. You can opt out of non-essential emails or push notifications at any time.
We use your data to respond to your requests, answer questions, resolve issues, and track support history.
We use aggregated and anonymized data to understand how users interact with the Service, which features are used most, and where improvements are needed. This helps us test and develop new features.
With your consent (where required), we may use your data to send you offers or product updates, as well as to measure the effectiveness of our marketing campaigns. We also use cookies and analytics tools to better understand user behavior.
We and our partners (such as Meta and Google) may use limited data to show you more relevant ads. You can manage your ad preferences via your device or browser settings, or by visiting opt-out pages such as:
optout.aboutads.infoyouronlinechoices.comWhen you make purchases, we process the necessary data to complete the transaction or handle refund requests. Payment information is processed securely by our third-party providers — we do not store full credit card numbers.
If you are located in the European Economic Area (EEA), we process your personal data only when we have a valid legal basis under the General Data Protection Regulation (GDPR). The legal bases we rely on include:
Performance of a contract: when the processing is necessary to provide the Service or fulfill our obligations under the Terms of Use.
Your consent: when you have given us clear permission to process your personal data for a specific purpose (e.g., receiving marketing emails or personalized ads). You can withdraw your consent at any time.
Compliance with legal obligations: when we are required to process your data to comply with applicable laws or regulations.
Legitimate interests: when the processing is necessary for our legitimate business interests — for example, to improve the Service, prevent fraud, or ensure security — and does not override your fundamental rights and freedoms.
If you have any questions about the legal basis on which we process your data, please contact us using the contact details provided at the end of this Policy.
We share your personal data with third parties who help us operate, provide, improve, support, and promote our Services. This includes sharing certain categories of data for the purposes outlined in Section 1 of this Privacy Policy.
We engage trusted third-party service providers to perform functions on our behalf and in accordance with our instructions. These providers help us with:
App distribution: Apple App Store, Google Play
Cloud infrastructure and hosting: Google Cloud, Digital Ocean, Vercel, Cloudflare
Analytics and attribution: Google Analytics, Firebase, Adjust, Branch, Amplitude
Performance monitoring and debugging: Sentry, Microsoft Clarity, Firebase Performance
Cookie and consent management: CookieYes, Termly
Marketing and advertising: Meta (Facebook, Instagram), Google Ads, TikTok, Twitter, LinkedIn, and agencies we may collaborate with
Payment processing: Stripe, PayPal
Communication and support: Crisp, Firebase
These providers are contractually obligated to handle your data securely and only for the specified purposes.
We may disclose your personal data to public authorities, law enforcement, or regulators if we are legally required to do so, or if such disclosure is necessary to:
Comply with a legal obligation
Enforce our Terms of Use or protect our rights, users, or property
Investigate fraud, abuse, or other illegal activity.
In the event of a corporate transaction (such as a merger, acquisition, restructuring, or sale of assets), your personal data may be transferred as part of the transaction. We may also share your data with our affiliates (such as a parent or subsidiary company) where necessary to operate the Service.
Prohibited uses include prompting the assistant to generate content that is discriminatory, deceptive, threatening, harassing, unlawful, or that violates these Terms. We reserve the right to moderate interactions with the assistant and restrict access if misuse is detected.
You have the right to control your personal data. In particular, you may:
Access and update your data – You can review, edit, or correct the personal data you provided.
Request deletion – You can ask us to delete your personal data, and we will do so unless we are legally required to retain it.
Object or restrict processing – You can request that we stop or limit how we use your personal data.
If you are located in the EEA, you may also have the following rights under the GDPR:
The right to lodge a complaint with a data protection authority in your country.
The right to data portability, allowing you to request a copy of your data in a machine-readable format.
To exercise any of these rights, please contact us using the contact details provided at the end of this Policy.
We use cookies and similar technologies to collect technical and usage data when you interact with our Services. This includes:
Cookies and local storage – used on our Website to remember preferences and improve performance
Tracking pixels and beacons – used in emails and pages to measure engagement
SDKs (Software Development Kits) – used in our mobile app to monitor performance, fix bugs, and understand user behavior.
Third-party SDKs we use include Adjust, Branch, Firebase, and Amplitude, among others. These tools may collect information such as your device type, session length, interactions with features, and technical diagnostics. Where legally required, these technologies are subject to your prior consent.
Your Choices
You can control or limit the use of these technologies by:
Adjusting your browser settings to block or delete cookies
Managing tracking and ad preferences in your device settings:
Using opt-out tools for interest-based ads:
Please note that disabling certain cookies or SDKs may limit the functionality of the Services.
For any questions or requests related to tracking technologies, contact us using the contact details provided at the end of this Policy.
We retain your personal data for as long as your account is active or as needed to provide the Services and fulfill the purposes outlined in this Privacy Policy (such as compliance, security, and support).
If you deactivate your account, we may retain your data for up to 90 days in case you decide to restore access. Certain information — such as purchase history, support interactions, and consent records — may be kept longer where required by law or for legitimate business needs (e.g., to resolve disputes or enforce our agreements).
We may also anonymize your personal data for research, analytics, or service improvement purposes. Once anonymized, this data is no longer considered personal and may be stored and used indefinitely.
You have certain rights regarding your personal data. These may vary depending on your country of residence, but typically include the ability to:
Access and update your data – You can review and edit the personal information you’ve provided.ed on our Website to remember preferences and improve performance
Request deletion – You can ask us to delete your personal data, subject to any legal obligations we may have to retain it.
Object or restrict processing – You may request that we stop using your data for certain purposes.
Withdraw consent – Where you’ve given consent (e.g., for marketing), you may withdraw it at any time.
If you are located in the European Economic Area (EEA) or the United Kingdom, you may also have the right to:
To exercise any of these rights, please contact us using the contact details provided at the end of this Policy.
Please note that we may ask you to verify your identity before processing your request.
We take reasonable technical and organizational measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction.
These measures include encryption, access controls, secure data storage, and regular monitoring of our systems. We also limit access to personal data to employees, contractors, and service providers who need it to perform their duties and are subject to confidentiality obligations.
However, no system or method of transmission over the Internet is 100% secure. While we do our best to protect your data, we cannot guarantee its absolute security.
If you believe your data has been compromised, please contact us immediately using the contact details provided at the end of this Policy.
We are a company based in Singapore, and our service providers may operate in various countries around the world. This means that your personal data may be transferred to — and processed in — countries outside of your place of residence, including countries that may not provide the same level of data protection as your jurisdiction.
Where we transfer personal data outside the European Economic Area (EEA), the United Kingdom, or other regions with data protection laws, we ensure that appropriate safeguards are in place. These may include:
Standard Contractual Clauses approved by the European Commission or UK authorities
Data Processing Agreements with service providers that ensure adequate protection
Hosting in jurisdictions recognized as providing adequate protection (where applicable)
By using the Services, you acknowledge that your data may be transferred and processed internationally as described in this Policy.
If you have questions about cross-border data transfers or would like to request a copy of applicable safeguards, contact us using the contact details provided at the end of this Policy.
The Services are not intended for individuals under the age of 18. We do not knowingly collect or process personal data from children. If we become aware that we have collected personal data from someone under the age of 18, we will take steps to delete such information promptly.
If you believe that a child has provided us with personal data, please contact us using the contact details provided at the end of this Policy.
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or features of the Services. If we make material changes, we will notify you by updating the “Last modified” date at the top of this Policy and, where appropriate, by other means.
We encourage you to review this Privacy Policy periodically to stay informed about how we process your data.
Except as otherwise stipulated in this Privacy Policy, we do not support “Do Not Track” requests. To determine whether any of the third-party services it uses honor the “Do Not Track” requests, please read their privacy policies.
The controller of your personal data is Brane Pte. Ltd., a company registered and acting under the laws of Singapore, having its registered address at 68 Circular Road, #02-01, Singapore 049422.
If you have any questions, concerns, or requests regarding this Privacy Policy or the way we process your personal data, you can contact us at
support-charto@adhack.io