ChatRando

ChatRando

Privacy Policy

Last updated: May 11, 2026

1. Introduction

This Privacy Policy explains how ChatRando ("we", "us", or "the Platform") collects, uses, discloses, and protects information about users ("you") of our random chat services accessible at chatrando.site and any associated subdomains, applications, or features.

We've written this policy to be readable rather than impressive. If something is unclear, contact us at our contact pageand we'll explain it. Material changes to this policy will be announced in advance to registered users via email and on the Platform itself.

ChatRando is operated as a privacy-conscious random chat service. We collect only what we need to operate the service, keep retention short, and design features so that as much chat content as possible flows directly between users without passing through our servers.

2. Definitions

  • Personal Data: any information relating to an identified or identifiable individual.
  • Processing: any operation performed on personal data (collection, storage, use, disclosure, deletion).
  • Guest User: any user accessing the Platform without creating an account.
  • Registered User: any user who has created an account with an email address.
  • Premium User: any user who has purchased credits or other paid features.
  • Chat Session: a single matched interaction between two users on the Platform.

3. Information We Collect

3.1 Information You Provide Directly

  • Account information (optional): email address, nickname, password (hashed and salted), and any profile preferences you choose to set.
  • Interest tags and language preferences used for matching.
  • Chat mode preferences (text or video, filter selections).
  • Payment information for premium services. Payment data is processed by Stripe; we never store full card details on our servers — only a tokenized reference and the last four digits for receipts.
  • Reports you file against other users, including any context you provide.
  • Communications you send us through support channels.

3.2 Information Collected Automatically

  • Device and browser information: browser type, version, operating system, screen resolution, and approximate device fingerprint used for abuse prevention.
  • IP address and approximate geolocation derived from it.
  • Session metadata: session start and end times, chat duration statistics, skip patterns, and other engagement metrics in anonymized aggregate form.
  • Cookies and local storage for session continuity, preferences, and security.
  • Performance data such as page load times, errors, and connection quality metrics.

3.3 Information from Third Parties

  • Payment processors share transaction status and tokenized payment references.
  • Identity verification services (only when used for the optional age-verified pool) confirm age verification status without sharing full ID details.
  • Advertising partners may share aggregate ad performance data for the rewarded video and ad-supported features. See our Cookie Policy for specifics.

4. How We Use Your Information

  • Service provision: running the chat service, authenticating users, processing payments.
  • Matching: using interest tags, language, reputation, and filter selections to pair compatible users.
  • Safety and moderation: running real-time AI moderation on text and video, investigating reports, enforcing community guidelines, and preventing abuse.
  • Reputation system: calculating and updating reputation scores based on partner ratings and behavior signals.
  • Security: detecting fraud, abuse, account takeovers, and other unauthorized activity.
  • Communication: sending account-related emails (registration, password reset, security alerts). We do not send marketing email without your explicit opt-in.
  • Service improvement: analyzing aggregate usage patterns to improve features, fix bugs, and inform product decisions.
  • Legal compliance: meeting our obligations under applicable laws including child safety, content moderation, and tax regulations.

5. Legal Basis for Processing (EU/UK Users)

If you are in the European Economic Area or the United Kingdom, we process your personal data on the following legal bases under the GDPR:

  • Performance of a contract — to provide the services you've requested.
  • Legitimate interests — to operate, maintain, secure, and improve the Platform; to prevent abuse and fraud; to enforce our terms.
  • Legal obligation — to comply with applicable laws and regulatory requirements.
  • Consent — for specific processing such as optional account creation, optional age verification, marketing emails (where applicable), and certain non-essential cookies.
  • Vital interests — to protect users from immediate harm (e.g., reporting credible threats to authorities).

6. Chat Data and Video Streams

6.1 Text Messages

We do not store the content of text chat messages between users. Messages exist only during the active chat session and are not persisted to any database after the session ends. The single exception is messages flagged by our automated moderation system, which are temporarily stored for human review. Such flagged messages are deleted within 90 days unless retained for an active investigation.

6.2 Video Chat Streams

Video chats use WebRTC peer-to-peer technology where possible. This means video and audio streams flow directly between users without passing through our servers. Our infrastructure facilitates the initial connection (signaling) but does not relay the actual media stream in standard cases.

For real-time AI moderation, we sample individual video frames at low frequency (typically 2-5 frames per second) on the user's device or via a thin server-side relay where peer-to-peer is not possible. Sampled frames are analyzed by AI classifiers and immediately discarded after analysis. We do not record, store, or retain video content from chat sessions.

6.3 No Recording

ChatRando does not record video chats. We do not provide functionality for users to officially record sessions either. We recognize that nothing technically prevents a user from screen-recording on their own device; we explicitly prohibit such recording without consent in our Terms of Service and treat it as grounds for permanent ban when reported.

7. Sharing and Disclosure

We do not sell personal information. We may share information in the following limited circumstances:

7.1 Service Providers

We use third-party providers to operate the Platform. These providers are bound by data processing agreements that require them to handle data only for the purposes we direct:

  • Stripe — payment processing
  • Cloud infrastructure providers — hosting and content delivery
  • Email service providers — transactional email delivery
  • Analytics providers — aggregated usage analytics
  • AI moderation providers — content classification
  • Advertising partners — for the rewarded video and ad-supported features (see Cookie Policy)

7.2 Legal Requirements

We may disclose information when required to do so by law, including:

  • To respond to subpoenas, court orders, or legal process
  • To establish or exercise our legal rights or defend against legal claims
  • To investigate, prevent, or take action regarding illegal activities, suspected fraud, or violations of our Terms of Service
  • To protect the rights, property, or safety of ChatRando, our users, or the public
  • To comply with mandatory reporting obligations regarding child safety

7.3 Business Transfers

If ChatRando is involved in a merger, acquisition, or sale of all or a portion of its assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information via email and a prominent notice on the Platform.

8. International Data Transfers

ChatRando operates globally. Your information may be transferred to and processed in countries other than the one in which you reside. These countries may have data protection laws that differ from those in your country.

For transfers of personal data from the EEA, UK, or Switzerland to countries that have not received an adequacy decision from the relevant authority, we rely on appropriate safeguards including the European Commission's Standard Contractual Clauses or equivalent mechanisms.

9. Data Retention

We retain personal data only as long as necessary for the purposes described in this policy:

  • Guest session data: deleted within 30 days of the session ending
  • Server logs (IP addresses, user agents): rotated and deleted within 30 days
  • Registered account data: retained until you delete your account, then deleted within 30 days (some derived aggregate analytics may be retained in non-identifiable form)
  • Reports and moderation logs: retained for 90 days, longer if part of an active investigation
  • Payment records: retained as required by financial and tax regulations (typically 7 years)
  • Banned account identifiers: retained indefinitely to prevent ban evasion
  • Backups: rotated within 90 days; deletion of personal data may take up to 90 days to propagate through backup systems

10. Data Security

We implement technical and organizational measures designed to protect personal data against unauthorized access, disclosure, alteration, and destruction. These measures include encryption in transit (HTTPS/TLS), encryption at rest for sensitive data, access controls, regular security audits, and a security incident response process.

No security system is impenetrable. While we work to protect your information, we cannot guarantee absolute security. You can help by using a strong unique password (if you create an account), keeping your devices and browsers updated, and reporting any suspected security issues to our team.

11. Your Rights and Choices

You have the following rights regarding your personal data, subject to applicable law:

  • Access: request a copy of the personal data we hold about you
  • Rectification: request correction of inaccurate or incomplete data
  • Erasure: request deletion of your data, subject to legal retention requirements
  • Restriction: request that we limit how we use your data
  • Objection: object to certain types of processing, including processing based on legitimate interests
  • Portability: receive a copy of your data in a structured, machine-readable format
  • Withdraw consent: withdraw any consent you previously provided, without affecting the lawfulness of prior processing
  • Lodge a complaint: file a complaint with your local data protection authority

To exercise any of these rights, contact us at our contact page. We will respond within 30 days (or as required by your local law).

12. California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with additional rights regarding your personal information:

  • Right to know: request disclosure of the categories and specific pieces of personal information we've collected, used, disclosed, or sold about you
  • Right to delete: request deletion of personal information we've collected, subject to exceptions
  • Right to correct: request correction of inaccurate personal information
  • Right to opt-out of sale or sharing: we do not sell personal information; we share limited data with advertising partners which you can opt out of via cookie controls
  • Right to limit use of sensitive personal information: request limitation on how we use sensitive categories of data
  • Right to non-discrimination: we will not discriminate against you for exercising your privacy rights

To exercise California-specific rights, submit a request via our contact page or email us at the address listed there. We may need to verify your identity before processing your request.

13. EU/UK Privacy Rights (GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, you have the rights described in Section 11 above under the General Data Protection Regulation (GDPR) and analogous UK and Swiss laws. You also have the right to lodge a complaint with your local data protection supervisory authority.

Our representative for GDPR purposes can be contacted via our contact page.

14. Cookies and Similar Technologies

We use cookies, local storage, and similar technologies for essential service functionality (authentication, session management, security), preference remembering, and limited analytics. Some advertising partners may use their own tracking technologies on the rewarded video and ad-supported portions of the Platform.

For details on the specific cookies we use, their purposes, expiration periods, and how to control them, see our Cookie Policy.

15. Children's Privacy

ChatRando is not intended for users under 18 years of age. We do not knowingly collect personal information from anyone under 18. If you are a parent or guardian and you believe your child has provided personal information to us, please contact us at our contact page. If we learn that we have collected personal information from a child under 18 without verification of parental consent, we will delete that information from our servers and terminate any associated account.

Where applicable under the U.S. Children's Online Privacy Protection Act (COPPA), the EU GDPR, the UK Age Appropriate Design Code, or other child-protection laws, we apply the protections required by those laws.

16. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of affected individuals, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach where required by law. We will also notify affected users without undue delay where the breach is likely to result in a high risk to their rights and freedoms.

17. Third-Party Links and Services

The Platform may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party services you visit through the Platform.

18. Automated Decision-Making and Profiling

We use automated systems for matching, AI moderation, reputation scoring, and fraud prevention. These automated systems may have significant effects on your use of the Platform (for example, terminating a chat that violates community guidelines or temporarily restricting an account flagged for abuse). You have the right to request human review of significant automated decisions that affect you.

19. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page indicates when the policy was most recently revised. Material changes will be communicated to registered users via email and posted prominently on the Platform at least 30 days before they take effect.

Your continued use of the Platform after the effective date of the updated policy constitutes acceptance of the changes.

20. Contact Information

For privacy-related inquiries, requests to exercise your rights, or questions about this Privacy Policy, please contact us through our contact page.

If you are in the European Economic Area or the United Kingdom and feel we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority. A list of EU supervisory authorities is available at the European Data Protection Board website.