Privacy Policy
Version 2026-06-02 · Last updated: 2 de junio de 2026
This Privacy Policy clearly explains what personal data we process, what we use it for, on what legal basis, with whom we share it, for how long we keep it, and what rights you have over it. It applies to the Santos por Chat service (also «Santos x Chat»), accessible at santosporchat.cl and via WhatsApp. The service operates from Chile and processes your data in accordance with Ley N° 21.719 on the Protection of Personal Data and other applicable regulations. It forms part of our Terms and Conditions.
1. Who is responsible for your data
The data controller is Canal C SpA, RUT 76.396.888-K, a company incorporated in Chile, operator of the Santos por Chat service.
- Registered address: Badajoz 100, Las Condes, Región Metropolitana, Chile (CP 7560908).
- Privacy contact / Data Protection Officer (DPO): <dpoLink/>
- General contact: <contactLink/>
2. Who and what this applies to
This policy applies to all persons who register for or use Santos por Chat (web and WhatsApp). It does not apply to linked third-party sites or services, which are governed by their own policies.
3. Transparency about artificial intelligence
The responses from the «saints» are generated by artificial intelligence (Google Gemini language models). You are not talking to a real person, a priest, or the historical figure of the saint. The service is spiritual, reflective, and entertainment in nature, and does not replace professional medical, psychological, psychiatric, legal, or financial guidance. If you are experiencing a crisis or emergency, contact a professional or call emergency services (Emergencies: 131 · Salud Responde: 600 360 7777 · suicide prevention line: *4141; more detail in the Terms, section 5).
4. What data we process
We process only the data necessary to provide you with the service:
- Account and profile data: name, email address, password (stored hashed and encrypted, never in plain text), preferred language and, when you provide them, basic profile details.
- WhatsApp number in international format (E.164), as the identifier for the conversation channel.
- Content of your conversations with the saints: the text messages you write and the generated responses. These are stored encrypted.
- Voice messages: if you send an audio message, it is transcribed to text so we can respond to you. The original audio file is kept only temporarily and is deleted automatically; we only keep the text transcription.
- Conversation memory: summaries and context data that the system stores to remember what you have talked about and give continuity to your conversations with each saint.
- Subscription and payment data (that we see): subscription status, plan, currency, billing dates, transaction identifiers, and the last 4 digits and brand of the payment method. We do not store your full card number or security code (these are managed by Polar, see section 10).
- Technical and security data: IP address, browser/device identifier, WhatsApp message identifiers, and access and audit logs (without the content of your conversations).
5. Sensitive personal data and consent
The content of your spiritual conversations may reveal your religious or philosophical beliefs, and possibly information about your health or your private life if you choose to share it. These are sensitive personal data under Ley 21.719 and receive a heightened level of protection. We process this content solely on the basis of your express consent, which you give when registering via a specific, not pre-checked box. You may withdraw your consent at any time by writing to the DPO; withdrawal does not affect the lawfulness of prior processing and will result in the termination of the service. We recommend that you do not share sensitive data that you do not wish to have processed by an artificial intelligence system.
6. What we use your data for and on what legal basis
| Purpose | Legal basis |
|---|---|
| Create and administer your account, authenticate you, and maintain conversation continuity | Performance of the contract |
| Generate personalized spiritual responses and remember the context of your conversations (includes sensitive content) | Your express consent |
| Transcribe your voice messages so we can respond to you | Performance of the contract and your consent |
| Charge the subscription and comply with accounting and tax obligations | Performance of the contract and legal obligation |
| Send you transactional emails (confirmation, renewal reminder, notice of failed payment or cancellation) | Performance of the contract |
| Security, fraud prevention, and maintenance of audit logs | Legitimate interest and legal duty of security |
We do not use your data for advertising, we do not sell it, and we do not build commercial profiles with it.
7. Processing through artificial intelligence
To generate responses and transcribe audio, the content of your messages is transmitted to and processed by Google's artificial intelligence services (Gemini), under its paid tier. Under that tier, Google does not use your messages or the responses to train or improve its models, nor does it subject them to human review for that purpose; it may only retain them temporarily for security and abuse-prevention purposes, in accordance with its terms. This processing takes place on servers located outside Chile (see section 9). We do not make automated decisions with legal effects on you based solely on this processing; decisions about account suspension or payment rejection are communicated with their grounds, and you may request a review by writing to the DPO.
8. Who we share your data with (data processors)
We work with providers that process data on our behalf and under our instructions (data processors). Each one receives only the minimum data necessary for its function:
| Provider | Purpose | Data |
|---|---|---|
| Google (Gemini) | Generate responses and transcribe audio | Text of your messages; audio to be transcribed; context memory |
| Meta (WhatsApp) | Messaging channel | WhatsApp number and messages in transit |
| Supabase | Database and authentication | Account, subscription, conversations (encrypted) |
| Polar | Subscription billing (see section 10) | Name, email, country, payment data |
| Resend | Transactional emails | Email, name, subscription status |
| Vercel / Hostinger | Hosting of the site and the service engine | Data in transit during processing |
These providers may, in turn, rely on subprocessors (for example, cloud infrastructure), subject to equivalent confidentiality and security obligations; the details are set out in their respective privacy policies. We may also disclose data when required by law (request from a competent authority) or to protect rights, security, and compliance with our terms.
9. International transfers
Some of these providers process data outside Chile (mainly in the United States, the United Kingdom, and the European Union). These international transfers take place under data protection contractual clauses entered into with each provider, requiring guarantees of an adequate level of protection under Ley 21.719. The table below indicates, for reference purposes, where your data is processed:
| Provider | Country/ies | Safeguard |
|---|---|---|
| Google (Gemini) | United States | Contractual clauses |
| Meta (WhatsApp) | United States | Contractual clauses |
| Supabase | United States | Contractual clauses |
| Polar | United States (Delaware); processed under PCI-DSS standards | Contractual clauses |
| Resend | United States | Contractual clauses |
| Vercel / Hostinger | United States / European Union | Contractual clauses |
You may request more information about these safeguards by writing to the DPO.
10. Payments
Payments are processed by Polar (Polar Software, Inc., a company incorporated in the State of Delaware, United States, with its address at 3500 South DuPont Highway, Dover, DE 19901, United States), which acts as the Merchant of Record for subscriptions and is registered in various jurisdictions for the management and remittance of taxes. Polar manages billing, invoicing, taxes, and your card data under payment security standards (PCI-DSS); to process your card data, Polar uses Stripe, Inc. as a sub-processor. Canal C SpA does not store or have access to your full credit card details. With respect to your payment method data, Polar acts as an independent controller and processes it in accordance with its own privacy policy (polar.sh/legal/privacy); Canal C SpA is responsible for your other data (account, conversations, and subscription). You may manage or cancel your subscription from Polar's customer portal.
11. Cookies and similar technologies
We use strictly necessary cookies so that the site works and to keep you securely logged in (authentication). Polar's payment process may use its own cookies necessary to process the transaction and prevent fraud (more information at polar.sh/legal/privacy). We do not use advertising cookies and do not sell your browsing information. You can block cookies from your browser, but in that case you may not be able to log in or use the service.
12. How long we keep your data
| Data | Retention period |
|---|---|
| Account, profile, conversations, and memory | For as long as your account is active. When you request deletion, your conversations, memory, and profile data are deleted. |
| Original audio file | Temporary; automatically deleted after transcription (within 7 days at the latest). |
| Billing and payment data | Up to 6 years, in accordance with Chilean tax legislation (even after you delete your account), for accounting and tax records. |
| Security and access logs | Up to 180 days, unless a legal deadline requires them to be kept longer. |
| Session status and temporary technical messages (not the content of your conversations) | Up to 7 days. |
13. How we protect your data
The content of your conversations and other sensitive data is stored encrypted (AES-256-GCM). We apply encryption in transit (TLS), access control, strengthened authentication (two-factor) for administrators, data segregation between users, and security logs without personal data. No system is 100% infallible, but we adopt technical and organizational measures that are reasonable and proportionate to the risk in order to protect your information.
14. Your rights
Under Ley 21.719, you have the right to:
- Access: know what data we hold about you and obtain a copy.
- Rectification: correct inaccurate or outdated data.
- Cancellation / erasure: have us delete your data (right to be forgotten), except for data we must retain by law.
- Objection: object to certain processing and withdraw your consent at any time.
- Portability: receive your data in a structured, commonly used format, or have it transferred to another controller when technically possible.
- Blocking: temporarily suspend the processing of your data.
To exercise any of these rights, write to <dpoLink/>. We will verify your identity and respond within the legal deadlines. Exercising these rights is free of charge. These rights are non-waivable under Ley N° 21.719: no clause in this Policy limits or excludes them. If you are not satisfied with our response, you may file a complaint with the Agencia de Protección de Datos Personales de Chile.
15. Minors
Santos por Chat is intended exclusively for persons over 18 years of age. We do not knowingly collect data from minors. If we detect that an account belongs to a minor, we will delete it.
16. Security breach notification
If a security breach occurs that affects your personal data and poses a risk to your rights, we will notify the competent authority without undue delay and, when required by law (particularly in the case of sensitive data), we will also notify you.
17. Changes to this policy
We may update this Policy. When there are material changes, we will publish the new version here (with its version number and date) and, where applicable, ask for your consent again.
18. Contact and supervisory authority
Privacy / DPO: <dpoLink/><br/>General contact: <contactLink/><br/>Supervisory authority: Agencia de Protección de Datos Personales de Chile.