chernion
Open Chat
LEGAL

Privacy Policy

Last updated: 23 June 2026

How Klaver Solutions collects and uses personal data when you use Chernion, your rights under the General Data Protection Regulation and the Dutch implementation in the Algemene verordening gegevensbescherming, and how to exercise them.

This document is a draft prepared for review by qualified counsel. It is not final legal advice, and Klaver Solutions will have it confirmed by a Dutch lawyer before relying on it.

Provider identity

Provider
Klaver Solutions, trading as Chernion
Legal form
Eenmanszaak (a sole proprietorship under Dutch law)
Registered address
Blaasbalg 14, 8253 LX Dronten, Flevoland, Netherlands
Chamber of Commerce (KvK)
91096111
VAT number
NL004865093B36
Website
https://chernion.ai
Contact
[email protected]
Governing law
The laws of the Netherlands
Courts
The competent court in the Netherlands

On this page

  1. 1. Who is responsible
  2. 2. What this policy covers
  3. 3. What we collect and why
  4. 4. What happens to your requests and chats
  5. 5. Who we share data with
  6. 6. International transfers
  7. 7. How long we keep data
  8. 8. Your rights
  9. 9. Complaints
  10. 10. Children
  11. 11. Security
  12. 12. Automated decisions
  13. 13. Changes to this policy
  14. 14. Contact

1. Who is responsible

Klaver Solutions is the controller for the personal data described in this policy, except for the content you send through the API on behalf of others, where we act as your processor under the Data Processing Agreement. You can reach us about privacy at [email protected], or at Klaver Solutions, Blaasbalg 14, 8253 LX Dronten, Flevoland, Netherlands.

2. What this policy covers

This policy covers personal data we handle as a controller when you visit the website, create an account, top up a balance, and use the API, the hosted chat, and the coding command line agent. The General Data Protection Regulation and its Dutch implementation, the Algemene verordening gegevensbescherming, apply.

3. What we collect and why

We collect the following categories of personal data, for the purposes and on the lawful bases shown.

CategoryExamplesPurposeLawful basis
Account and identityEmail, optional name, password held only as a hash, email verification state, optional two factor setting, and, if you use social sign in, a Google or GitHub identifier with the email and name from that providerCreate and secure your account, sign you in, and contact you about the servicePerformance of the contract, and our legitimate interest in account security
BillingBilling name, email, country, address, postal code, city, company name and value added tax number for business customers, the payment method type, the prepaid balance, the transaction ledger, and value added tax invoicesTake payment, credit your balance, meet tax and accounting law, and prevent payment fraudPerformance of the contract, a legal obligation for tax and invoicing, and our legitimate interest in preventing fraud
Request and chat contentThe prompts, messages, files, and instructions you send, and, for hosted chat with memory, stored conversation threads, rolling summaries, and remembered factsGenerate the response you ask for and, where you use memory, continue your conversationsPerformance of the contract
Usage and meteringPer request model, input and output token counts, the cost charged, status, and timestampsMeter usage, bill correctly, show you your spend, and keep the service reliable and securePerformance of the contract, and our legitimate interest in security and abuse prevention
Technical and securityInternet protocol address, request metadata, and the strictly necessary cookies described in the Cookie PolicyOperate the site, apply rate limits, and protect against abuseOur legitimate interest in the security and integrity of the service
SupportThe content of messages you send usAnswer your questions and resolve issuesPerformance of the contract, and our legitimate interest in supporting customers

We do not ask you to provide special categories of personal data, and you should not send them in prompts unless you have a lawful basis to do so.

4. What happens to your requests and chats

When you make a request, the content of that request is sent to the upstream provider that owns the model you chose, so that the provider can generate a response. Today that means OpenAI for the GPT and Codex families, Anthropic for the Claude, Opus, and Fable families, and Google for the Gemini family. The provider processes that content under its own terms and its own privacy and data handling commitments.

We store the metering record of each call, which is the model, token counts, cost, status, and time, but not the body of a stateless API request once the response has been returned.

If you use the hosted chat with memory, your conversation threads, their rolling summaries, and the facts you choose to remember are stored on the server for your account so the conversation can continue. You can delete a single conversation, delete a single remembered fact, or wipe all remembered facts from the product at any time. Remembered facts are deliberately kept when you delete a conversation, so deleting a conversation does not delete a fact you asked us to remember.

The legacy browser chat keeps its history in your own browser and is not stored on our server, except as the ordinary inference requests it sends.

5. Who we share data with

We do not sell your personal data. We share it only with the service providers that help us run Chernion, acting on our instructions, and where the law requires it. These recipients are listed and kept current on the Sub processor list at the slug /subprocessors, and they fall into these groups:

  • The upstream model providers, which receive the content of your requests to the models you select.
  • Our payment service provider for card and wallet payments, and our crypto checkout provider, which receive the billing details and amounts needed to take payment and issue invoices.
  • Google and GitHub, where you choose to sign in with them, which confirm your identity.
  • Our hosting and infrastructure provider, and our transactional email provider, which run the service and deliver verification, sign in, and invoice emails.

We may also disclose data to comply with the law, to respond to a lawful request from a competent authority, to enforce our terms, or to protect the rights, safety, and security of our customers, the public, or us.

6. International transfers

Some of our providers, including the upstream model providers and some infrastructure, are located outside the European Economic Area, in particular in the United States. Where personal data is transferred outside the European Economic Area, we rely on a lawful transfer mechanism, such as an adequacy decision of the European Commission, or the European Commission's standard contractual clauses together with any extra safeguards that are needed. You can ask us for more detail about the safeguards that apply.

7. How long we keep data

We keep personal data only as long as we need it for the purposes above, then delete or anonymise it.

DataRetention
Account and identityFor the life of your account, then deleted within a reasonable period after closure, unless a longer period is required by law
Billing records and value added tax invoicesKept for the period required by Dutch tax and accounting law, which is seven years
Stored conversations and remembered factsUntil you delete them or close your account, whichever comes first
Usage and metering recordsKept for a limited period for billing, reporting, security, and abuse prevention, then deleted or anonymised
Technical and security logsKept for a short period needed for security and reliability, then deleted
Support messagesKept for as long as needed to handle your request and a reasonable period afterwards

8. Your rights

Under the General Data Protection Regulation you have the right to access your personal data, to have it corrected, to have it erased, to restrict or object to processing, to data portability, and, where we rely on consent, to withdraw that consent at any time without affecting earlier processing.

You can exercise many of these directly in the product, for example by editing your account, deleting conversations, and managing or wiping remembered facts. For anything else, write to [email protected]. We may need to verify your identity before we act, and we will respond within the period the law allows, normally within one month.

Some data we must keep even if you ask us to erase it, for example billing records we are required to retain for tax law. Where that applies, we will explain it.

9. Complaints

If you think we have not handled your personal data properly, please tell us first so we can put it right. You also have the right to complain to the Dutch data protection authority, the Autoriteit Persoonsgegevens, or to the supervisory authority in your country of residence.

10. Children

The service is for people aged eighteen and over. We do not knowingly collect personal data from children. If we learn that we have, we will delete it.

11. Security

We take appropriate technical and organisational measures to protect personal data, such as encryption in transit, storing passwords only as hashes, optional two factor authentication, access controls, and rate limiting. No service can be completely secure, so we cannot guarantee absolute security, but we work to protect your data and to meet our breach notification duties.

12. Automated decisions

We do not make decisions that produce legal or similarly significant effects about you based solely on automated processing. The model output you receive is generated at your request and is for you to evaluate and use; it is not a decision we make about you.

13. Changes to this policy

We may update this policy. If a change is material, we will give reasonable notice through the product or by email. The date at the top shows when it was last updated.

14. Contact

For any privacy question, write to [email protected], or to Klaver Solutions, Blaasbalg 14, 8253 LX Dronten, Flevoland, Netherlands.

GPT, Claude, and Gemini APIs, up to 70% off · Chernion