Privacy Policy

This Privacy Policy explains what information we collect, why we collect it, and how you can manage your information.

If you have any questions regarding this policy, feel free to contact us at [email protected].

Depending on your use of the Chili Search website, or direct interactions with us, we collect two types of information: personal data and non-personal data.

Personal data, as defined in GDPR, or ‘Personally identifiable Information’ (PII), as used in US privacy law and information security, is any information, either alone or combined with other data, that may be used to identify, contact, or locate you as an individual. Examples include your name, physical address, company name, etc.

Non-personal data is information that cannot be used or combined with other information to identify or contact you. E.g. browser settings, search queries, and statistical data involving the use of the Chili Search website.

Different types of information are collected depending on your actions:

1. When you use Chili Search on your Site
2. When you install Chili Search on your website
3. When you log in to access your Chili Search control panel
4. When you simply browse our website

Let’s review each case in detail.

I’m using Chili Search as a search engine on my website. What data is collected from my users?

Your users communicate with the Chili Search JavaScript code that you include on your website to enable the search. Here is an overview of the information sent to our servers when users interact with the search bar on your website:

• User’s search query, filters, and other search configurations
  Why? Search queries provide the core of your search analytics. When you know what your users look for, you can adjust your search settings and your site content to help them find what they need. This information is aggregated in your Control Panel and Google Analytics (when you choose to integrate it) and is not personally identifiable.
  It is stored until you delete your account with Chili Search.
• User’s IP address
  Why? To ignore logging from certain users (eg. your own team) and to prevent spam and abuse techniques (eg. blacklisting an IP address used for a malicious attack).
  The hash of IPs may remain stored even by deleting your account with Chili Search.
• __cfduid cookie
  Why? It is a strictly necessary cookie for Cloudflare’s (our CDN) security features and cannot be turned off. It does not store any personally identifiable information. It is exempt from GDPR Cookie Consent as it is required for the “user-centric security”. You can host the script yourself to avoid that cookie (absolutely not recommended).
  It is stored for 1 year

All communication between your website user and our server is encrypted and secured via SSL (Secure Sockets Layer).

As you can see, the Chili Search JavaScript code keeps your user’s data safe and no personal information about your users is stored on our servers.

What data is collected when I install Chili Search on my website?

For making your website’s content available for search, we need to send a copy of the documents you choose on your website to Chili Search servers and store/index them in our search engines.

For registering your website on Chili Search platform we get:

• Website’s public name and URL
  Why? identify and show in your list of websites in the Chili Search Control Panel
• Admin Email
  Why? for authenticating and communicating with the website’s admin
• Website’s language
  Why? to help us in processing the documents which need to be indexed and searched. Also for customizing the locale and language.
• Website’s timezone
  Why? to search and filter the correct timezone of searchable documents.

All communication between your website and our server is encrypted and secured via SSL (Secure Sockets Layer).

All website’s information are stored until you delete your account with Chili Search.

What data is collected when I’m using the Control Panel?

When you register on our website, subscribe to a newsletter or save information in your Profile, we only collect personal information that you provide us voluntarily.

By signing up for a trial period, you automatically create a user account for Chili Search, and you are asked to provide some personal information, such as your:

• Name
• Email address
• Website name, URL, and timezone (the website where you want to use Chili Search)
• Password

We use this information for the following purposes:

1. To set up your account and let you access it. Email and password create a unique combination that you’ll use to log into your Control Panel.
2. To send out service and transactional emails including invoices, payment confirmations, service outage notifications, password reset forms.
3. We might also use your email address to share with you our new features and important updates (about once a month). If you don’t want to receive any news emails from Chili Search, you are free to unsubscribe at any time (by using the link in the email footer).

Once you’re logged into the Control Panel, you can manage, update, or delete your personal information under your Profile settings. If you choose to delete your account, all associated information will be erased.

What about my payment information?

All transactions are processed by our payment provider Stripe. All sensitive information, such as credit card number, expiration date, and CVC/CVV is securely provided directly to Stripe and is never saved or stored on our servers.

What data is collected when I’m visiting Chili Search website?

When browsing our site, reading our documentation or watching the video materials, you automatically send us your non personal data, such as your device’s IP address, referring website, what pages you visited, when and through which browser.

We use this aggregated, non personally identifiable data for the following purposes:

• To collect website usage statistics so that we can improve our website performance and content
• To let you instantly connect with us through the website chat (powered by Crisp)
• To remember the language you selected so that we display it automatically when you come back to our site

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

What are cookies and what are they for?

Cookies are small text files sent to your browser by a website you visit. These files contain information about your interaction with the site, like your preferred language and other settings. This makes your next visit easier, login faster and our site more useful to you. Cookies are important and make using the web a much smoother experience.

We use this information for the following purposes:

1. To help us remember and process your actions in the control panel
2. To assist you in registration, login, and your ability to contact us or provide feedback
3. To help us analyze your use of our service and aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future
4. To assist us with our promotional and marketing efforts

What if I disable cookies in my browser?

If you turn the cookie setting off, some features will be disabled. It will turn off some of the features that make your site experience more efficient and some of our services will not function properly. You will not be able to log into your control panel.

Protecting your information

Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive information you supply is encrypted via Secure Socket Layer (SSL) technology.

We implement a variety of security measures when a user places an order, enters, submits, or accesses their information to maintain the safety of your personal data. All transactions are processed through a gateway provider (Stripe) and are not stored or processed on our servers.

Sharing your information

Chili Search does not sell, rent, trade, or otherwise transfer any personal data with other people/parties without your consent. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.

California Online Privacy Protection Act

CalOPPA requires commercial websites and online services collecting personally identifiable information from California consumers to post a conspicuous privacy policy. In compliance with CalOPPA, this policy is stating exactly what information we collect and who we share it with.

COPPA (Children Online Privacy Protection Act)

When it comes to the collection of personal information from children under 13, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, the US consumer protection agency, enforces the COPPA Rule, which spells out what websites and online services must do to protect children’s privacy and safety online.
We do not specifically market to children under 13.

Fair Information Practices

The Fair Information Practices Principles form the backbone of privacy law in the United States. We understand these principles and implement them to protect your personal information. We have also updated the existing breach management and communication process to comply with GDPR.

Should a personal data breach occur and if it is likely to put our users’ rights and freedoms at risk, we will take the following responsive action:

• We will notify the users by email and via in-site notification within 7 business days
• We will notify the designated supervisory authorities within 72 hours.

We also agree to the Individual Redress Principle allowing you to pursue legally enforceable rights against data controllers (us in this case), if they fail to adhere to the law. You also have the ability to engage with courts or government agencies to investigate and/or prosecute any non-compliance.

If you have any questions regarding this policy, feel free to contact us.

This page was last updated on 2021-03-28