Data & Privacy

How Chatka protects sensitive business data while delivering transparent agentic reasoning.

Demo Uses Synthetic Data

Important: The public demo on this website uses 100% synthetic, pre-scripted data. No real business data, customer information, or PII is processed or stored.

  • All demo scenarios are pre-generated and run client-side in your browser
  • No queries are sent to real databases or cloud services
  • Timing, SQL, and reasoning traces are simulated for demonstration purposes

Production Data Handling

For pilot and production deployments, Chatka is designed with data sovereignty and privacy as core principles:

✓ Your Cloud, Your Data

Chatka runs entirely in your Google Cloud environment. Your data never leaves your project. We do not copy, access, or store your business data on our systems.

✓ Firestore Context Only

Session context (reasoning traces, SQL queries, metadata) is stored in your Firestore instance with configurable retention policies. No PII is required.

✓ IAM-Based Access

All services use Google Cloud IAM with service accounts. You control which datasets and tables are accessible. Permissions can be scoped per-user or per-domain.

✓ No External LLM Sharing

Query results are not sent to external LLM APIs. Reasoning runs on Vertex AI within your GCP project, ensuring data stays within your security perimeter.

PII Protection

Chatka is designed to work with aggregated KPI data, not individual customer records:

  • Aggregation-First: Queries are constrained to GROUP BY aggregates (SUM, AVG, COUNT), not row-level SELECT
  • Schema Scoping: You control which tables are exposed to the agent (e.g., exclude customer_emails, user_pii tables)
  • Query Review: All SQL is logged and can be audited. Optionally require human approval for sensitive queries.
  • DLP Integration (Optional): Use Google Cloud DLP to scan results before delivery.

Security Measures

🔒

Encryption

All data in transit uses TLS 1.3. Data at rest in Firestore and BigQuery is encrypted by default using GCP-managed keys.

🛡️

VPC Isolation

Cloud Functions can run in VPC with egress restrictions. No direct internet access required for data plane operations.

📋

Audit Logging

Cloud Logging captures every query, reasoning step, and data access. Logs can be exported to SIEM for compliance.

Compliance & Governance

Chatka inherits compliance posture from Google Cloud Platform:

GCP Certifications

  • • SOC 2 / SOC 3
  • • ISO 27001, 27017, 27018
  • • GDPR compliance (data residency controls)
  • • HIPAA eligible (BAA available)

Data Retention

  • • Session context: configurable (7-90 days)
  • • Query logs: retained per your Cloud Logging policy
  • • No permanent data storage by Chatka
  • • Right to deletion honored immediately

Our Trust Principles

  • 1.Transparency: All SQL, reasoning, and data access is logged and auditable
  • 2.Data Sovereignty: Your data stays in your cloud environment
  • 3.Least Privilege: IAM policies grant minimum necessary access
  • 4.User Control: You define schema scope, retention, and access policies

Read Our Privacy Policy

Detailed information about how we handle your information

View Privacy Policy

Questions About Data Security?

Discuss your specific compliance and security requirements

Contact Us