Web Portal Privacy and Security
Protect your privacy with Chatter Labs. Review security features and read tips to safeguard your account.
How does Chatter Labs protect user data?
We use bank-grade security measures to protect all data handled by Chatter Labs.
- Encryption in transit: TLS 1.3
- Encryption at rest: AES-256
- Access control: Role-based access (RLS in Supabase)
- No unnecessary tracking: No fingerprinting or cross-site advertising cookies
- Automatic data deletion: 24 h for IPs, 90 days for analytics and logs
- Vendor compliance: All subprocessors (Supabase, Microsoft, Cloudflare, HubSpot) have signed Data Processing Agreements (DPAs) and use Standard Contractual Clauses (SCCs) or the EU–US Data Privacy Framework (DPF).
Is Chatter Labs Member’s portal compliant with GDPR / UK GDPR?
Yes. Chatter Labs follows the requirements of both the EU General Data Protection Regulation (GDPR) and the UK GDPR, including:
- Data minimization: We collect only what’s needed to deliver the service.
- Legal bases: Primarily “legitimate interest” for core operations and “consent” for analytics or marketing.
- Data subject rights: Access, deletion, portability, and objection rights are available in your profile settings.
- Retention: Personal data auto-deletes after 90 days unless an account remains active.
- International transfers: Protected by Standard Contractual Clauses (SCCs) and the EU–US Data Privacy Framework (DPF) for US vendors.
If you’re an EU or UK resident, you can contact our Data Protection Office (DPO) for any GDPR-related requests.
How does Chatter Labs Member’s portal comply with COPPA?
The Children’s Online Privacy Protection Act (COPPA) is a US law that protects children under 13. Chatter Labs complies with COPPA by:
- Requiring verified adult accounts (parents, teachers, SLPs) before children use any features,
- Processing only the minimum information necessary to deliver real-time pronunciation feedback,
- Not storing, sharing, or selling any child data,
- Providing parents with the right to review or delete any data processed.
We work with licensed professionals who must obtain parental consent before using the product with children.
What about Chatter Labs Member’s portal FERPA compliance for US schools?
Yes - Chatter Labs supports FERPA (Family Educational Rights and Privacy Act) compliance.
When used in educational settings:
- Schools act as the data controller.
- Chatter Labs acts as a school official / data processor under a written Data Processing Agreement (DPA).
- Student data is used solely for educational purposes and never for advertising or profiling.
- Access controls ensure that only authorized educators and therapists can view identifiable data.
Schools can request a signed FERPA Data Processing Addendum (DPA).
What about Chatter Labs Member’s portal HIPAA compliance for clinics?
Health Insurance Portability and Accountability Act of 1996 (HIPAA) applies when individually identifiable information is created or used as part of providing or paying for healthcare. Our platform is designed for educational use and does not collect or store protected health information (PHI). We allow only limited, non-medical identifiers (e.g., first name and gameplay results).
As such, use of the platform does not constitute a Business Associate relationship under HIPAA. Clinics remain responsible for ensuring that no PHI is entered into the system. Although a clinic is a covered entity under HIPAA, but using our tool for a non-clinical educational function which does not store or collect PHI then our solution is outside of the HIPAA scope.
Who are your Chatter Labs Member’s portal subprocessors and where is data stored?
All data for the member’s web portal is hosted via:
- Supabase (AWS infrastructure, EU/UK region) – database & authentication
- Microsoft Azure (EU/UK region) – real-time speech analysis
- Cloudflare – CDN and security protection
- HubSpot – optional CRM for professional communication (consent-based)
You can view our full vendor and subprocessor list for details on regions, purposes, and safeguards.
How long do you retain data in Chatter Labs Member’s portal ?
For data saved in the member’s web portal:
| Data Type | Retention | Purpose |
|---|---|---|
| Anonymous session data | 30 days | Maintain consistent user experience |
| Hashed IP addresses | 24 hours | Rate limiting & security |
| Game logs / progress | 90 days | Support, debugging, and product improvement |
| User accounts | Until deletion | Service delivery |
| Audit logs | 90 days | Security and compliance |
All data is automatically deleted or anonymized when no longer required.
How can I make a privacy or data request?
If you are using our member’s web portal, you can export or delete your information directly from your account on the web portal. If you’re using our tablet app, you can also directly export or delete your information directly from the settings page.
If you have any questions, we’d be happy to answer any privacy and security questions.
How often do you review your security and privacy practices?
We perform:
- Quarterly security and privacy reviews,
- Annual GDPR audits, and
- Triggered reviews when adding new features or vendors.
Each review is documented and signed off internally as part of our privacy and security review process.
Summary
- No advertising, profiling, or tracking of children.
- Real-time voice processing only, no recordings kept.
- Encryption and region-based hosting.
- Parental consent and professional oversight always required.
- Transparent subprocessors and audit schedule.