Privacy
Rooms for the life of the event, clear controls, minimal extra retention.
cht.so is designed for event rooms that should exist while useful and disappear when the host is done with them.
No accounts
Guests do not create accounts. A room remembers a guest by a local device identity stored in the browser.
Room data exists for the room
Messages, resources, agenda items, split expense tracking, reactions, read receipts, guests, and admin settings are stored so the room can work and restore across devices.
Expiry and deletion
Admins can set a room expiry. When a room expires or is force deleted, the room and its contents are intended to be removed.
Disaster recovery only
We do not save extra copies of room data beyond operational backups used for restoration in the event of a disaster.
Push notifications
Push subscriptions are stored only so subscribed devices can receive supported room notifications such as mentions and agenda reminders.
Access is link-based
Anyone with the room link, and password if enabled, may be able to access the room. Treat room links like event keys.
What Is Stored
Only what the room needs to function.
Because cht.so is a no-login room, the app stores room content and guest records rather than user accounts. This lets people return to the room from the same device.
Room content can include chat messages, images, locations, reactions, receipts, agenda items, polls, shared lists, split expense tracking records, and announcements.
Rooms may be reviewed by automated safety systems, including AI-assisted moderation, to detect abuse, spam, sexual content, CSAM indicators, and other illegal or harmful activity.
Guest data can include display name, color, profile image, local guest key, last seen time, push subscription, room admin/ejection status, and paid/unpaid split expense status.
Basic operational analytics can include page paths, referrers, device user agent, source IP address, and approximate geography from hosting provider headers. This helps understand usage and abuse patterns without paid tracking services.
Operational backups may exist for disaster recovery. We do not keep additional archives for long-term history.
User controls
A guest can open their profile menu and delete their own chat messages. Admins can eject guests, promote admins, set expiry, and force delete a room and its contents.
Data expectations
Rooms are built around event coordination. Use them for plans, logistics, updates, photos, and lightweight group decisions, then close or delete the room when it is no longer needed.
Practical expectations
Do not post sensitive secrets in a link-based party room. Use room passwords for basic access control, share links only with intended guests, and delete the room when the event is over. MCP bot tokens are server-side room access tokens.
Questions about how rooms work?
Read the feature guide for details on joining, resources, payments, notifications, and admin controls.