Last Updated on June 10, 2025
19.1 Storage Scope
19.1 Storage Scope
Chariot may retain and manage a range of user-submitted and system-generated files as part of its service operations, analysis tools, and user-access features. This storage includes, but is not limited to, the following data types:
1. Uploaded Content:
Vehicle images submitted for AI visual inspection or report inclusion
Scanned or uploaded documents, such as contracts, invoices, or warranty PDFs
Photos or screenshots attached during chat or report submission workflows
2. AI-Generated Outputs:
Vehicle reports, including condition assessments, valuation summaries, risk flags, and chat-based recommendations
Document insights, clause breakdowns, summaries, and annotated PDFs generated from uploads
In-app summaries or chat history derived from image, text, or VIN inputs
Generated visuals or markup overlays, such as flagged vehicle damage areas
3. Session-Linked Data:
Associations between uploads and user sessions, chat threads, or individual VIN queries
Identifiers linking report output to user account, plan tier, and platform device
Result versions corresponding to timestamped system updates or model improvements
4. Metadata and Operational Tags:
Upload timestamps, session duration, and system version used during processing
Report tags, such as “High Risk”, “Missing Warranty”, “Needs VIN”
File-level attributes, such as size, filename, and source (camera, gallery, file upload)
Purpose of Storage:
To allow users to access previous reports or regenerate outputs
To support fraud prevention, abuse detection, and audit logging
To improve AI performance and ensure version traceability across sessions
To provide continuity of insights across user interactions (when permitted)
Chariot may retain this data temporarily or long-term, depending on subscription level, feature usage, compliance requirements, and account activity. Storage policies are further governed by Sections 14 (Prompt Data), 15 (Chat Sessions), and 18 (Document Analysis).
19.2 Storage Platform
19.2 Storage Platform
Chariot stores all user-submitted and AI-generated files using secure, cloud-based infrastructure designed for high reliability, data protection, and regulatory compliance. This storage architecture includes the use of third-party platforms that provide enterprise-grade encryption, access controls, and regional redundancy.
Primary Storage Providers May Include:
Supabase Storage – Used for managing uploaded images, reports, and associated metadata within Chariot’s application backend
Amazon Web Services (AWS S3) – Employed for scalable, encrypted file storage with regional replication and backup support
Equivalent Cloud Environments – Other industry-standard cloud providers offering comparable security, uptime, and data durability
Security Features Enforced Across All Platforms:
AES-256 encryption at rest, and TLS 1.2+ encryption in transit
Role-based access controls (RBAC) to restrict file access by user, session, or internal system role
Multi-region redundancy to prevent data loss in case of localized outages or infrastructure failure
Secure API upload/download mechanisms with tokenized access scoped to authenticated sessions
Access logging and monitoring, including anomaly detection and abuse prevention triggers
Platform Limitations & Disclaimers:
While Chariot uses best-in-class cloud infrastructure, no system is completely immune to compromise. Users should avoid uploading highly sensitive documents or private identifiers unless required.
Storage availability and retention periods may vary based on user subscription level, feature usage, or legal requirements.
Chariot reserves the right to migrate storage providers, regions, or systems without prior notice to improve security, cost-efficiency, or scalability.
By uploading files or generating reports through Chariot, you agree that your data may be stored using these third-party platforms and that Chariot is not liable for outages, breaches, or failures originating from those cloud providers, except as required by applicable law.
19.3 Retention Policy by Tier
19.3 Retention Policy by Tier
Chariot applies a tiered data retention policy based on your active subscription level. This policy governs how long uploaded files, generated reports, and associated metadata remain accessible within the platform.
1. Free or Trial Users
Retention Period: Files (e.g., uploaded images, reports, documents) are retained for 30 to 60 days from the time of upload or generation.
Automatic Deletion: After this period, files are automatically purged without recovery.
No Archive Access: Users on free or trial plans cannot request archived or expired files once purged.
2. Paid Users (Monthly/Annual Subscribers)
Retention Period: Files are retained for a minimum of 90 to 180 days.
Extended Availability: In some cases, files may be retained longer for convenience or analysis continuity.
Soft Deletion Grace Window: Chariot may allow a short grace period after expiration for data recovery upon request.
3. Premium / Enterprise Users
Retention Period: Files may be retained indefinitely or for a custom retention duration agreed upon in a commercial plan or enterprise agreement.
Manual Control: Premium users may gain access to data management controls, including manual deletion, retention overrides, or export options.
Priority Archiving: Certain file types (e.g. high-value reports, contract uploads) may be archived with version history and backup access.
General Retention Rules:
Timestamps govern expiration, not last access
Expired data is irreversibly deleted unless otherwise protected by plan settings
Deleted accounts trigger full purge of all stored data unless flagged for legal, audit, or abuse investigation
By using Chariot, you acknowledge that file availability and lifespan are governed by your plan tier, and that it is your responsibility to download or export any critical data before the applicable retention window closes.
19.4 Expiry Enforcement
19.4 Expiry Enforcement
Chariot enforces strict expiration protocols on stored files and generated content based on the applicable retention window defined by your subscription tier, as outlined in Section 19.3. Once a file exceeds its permitted storage duration, the following policies apply:
1. Automatic Purge or Archiving
File Deletion: Files that surpass their retention window are subject to automatic and irreversible deletion from all active and backup storage systems.
Archival (Premium Plans Only): In some premium or enterprise cases, files may be moved to cold storage or marked as archived for limited-time access prior to full deletion.
Inaccessibility: Once purged or archived, files are no longer retrievable through the user interface, including any linked reports, chats, or download links.
2. No Guaranteed Notification
Default Behavior: Users will not receive individual notifications or warnings before file expiration unless notification preferences or custom alerts are configured.
Notification Settings (Where Available): Premium users may enable retention alerts or export reminders through their account dashboard, if supported.
No Liability for Missed Notices: Chariot is not responsible for data loss resulting from missed or disabled expiration alerts.
3. Post-Expiry Consequences
Linked reports or chat references to expired files will display a file unavailable or expired message
Dependent outputs (e.g., regenerated reports from a purged image) will fail unless the original file is re-uploaded
Storage quotas reset automatically as expired files are purged; users do not need to manually clear space
4. Enforcement is Uniform and Non-Negotiable
Expiry enforcement applies to all users, tiers, and file types, unless overridden by contractual enterprise agreements
Requests for post-expiry recovery are not supported unless a valid backup retention policy exists under a premium plan
By uploading content to Chariot, you agree that retention enforcement is automatic and that it is solely your responsibility to manage, download, or export files prior to expiration, especially under free or limited access plans.
19.5 Manual File Deletion
19.5 Manual File Deletion
Users may initiate manual deletion of uploaded content and AI-generated outputs through available account settings or by submitting a formal request to Chariot support. However, deletion is governed by tier-specific access, compliance requirements, and backend audit policies.
1. Deletion Options Available to Users
Self-Service Controls:
Where supported, users may delete vehicle images, PDF uploads, and generated reports through the in-app interface or web dashboard.Support Requests:
Users may request file deletion by contacting support@chariotreport.com and specifying the file type, timestamp, and associated session or VIN.
2. Scope of Deletable Files
Vehicle photo uploads
PDF contracts, warranties, and receipts
AI-generated reports, summaries, and visual markups
Session-associated chat logs (where applicable under privacy regulations)
3. Retention Despite Deletion Request
Certain files or metadata may still be retained after user-initiated deletion for the following purposes:
Legal Compliance: Required by subpoena, law enforcement cooperation, or jurisdictional data laws
Audit Trails: Internal audit logs, fraud investigation, or abuse prevention
Billing Integrity: Historical recordkeeping for reports, subscriptions, or paid features involving file generation
4. Effect of Deletion
Deleted files are permanently purged from user-accessible systems
Associated features (e.g. regenerate report, download PDF) may become unavailable
Account quotas may reset upon deletion if applicable to your plan tier
5. No Retroactive Redaction
Manual deletion does not retroactively remove:
System usage logs
AI insights derived from the file
Analytics linked to the file before deletion
By using Chariot’s upload and report features, you accept that while you may request deletion of your data, Chariot may retain limited content where legally required or justified by platform security, billing, or operational integrity.
19.6 No Backup Guarantees
19.6 No Backup Guarantees
Chariot does not guarantee that any uploaded files, generated reports, or session-associated outputs will be backed up, recoverable, or restorable after deletion, expiration, or service interruption. All users are strongly advised to retain their own local copies of any important data.
1. No Guaranteed Restoration
Deleted or expired files cannot be recovered unless preserved under a specific enterprise archival agreement.
System backups, if performed, are for internal redundancy only and are not intended for user-facing restoration.
Corrupted or incomplete uploads may not be recoverable, even if detected in system logs.
2. User Responsibility for Data Preservation
It is your sole responsibility to download, export, and archive any reports, files, or documents you wish to retain prior to expiration or account changes.
Chariot is not liable for lost data due to system crashes, user error, inactivity, or lapse in subscription.
3. Scope of Non-Guaranteed Backup
Uploaded vehicle images and photo inspections
Submitted PDFs, contracts, invoices, or warranty documents
Generated reports, AI annotations, or risk summaries
Session-level chat logs and AI outputs linked to reports
4. Platform Changes or Decommissioning
In the event of feature deprecation, data migration, or storage system overhaul, Chariot may remove or transition data without user notice. In such cases:
Users may be given a short grace period to export critical files
No long-term backups will be maintained, and old data may be irreversibly deleted
By using Chariot, you acknowledge that while the platform employs secure storage practices, it does not function as a permanent file repository. Users must take proactive steps to preserve any content they deem valuable or irreplaceable.
19.7 Export Availability
19.7 Export Availability
Chariot offers users the ability to export certain files and outputs generated through the platform, such as AI reports, upload summaries, and session-linked documents. However, such exports are provided strictly on an “as-is” basis, and Chariot makes no guarantee of compatibility, formatting, or completeness for use in third-party tools, systems, or workflows.
1. Types of Exportable Content
Subject to plan tier and feature availability, users may download:
Generated vehicle reports in PDF or summary format
Uploaded file logs (e.g., upload timestamps, file metadata)
Session transcripts linked to document interpretation or image analysis (if applicable)
Invoice or transaction receipts tied to report purchases
2. Export Format Limitations
Exported files may not conform to third-party data ingestion standards (e.g., CSV formatting, EDI, or XML schemas).
No API or structured data format (e.g., JSON exports) is guaranteed unless expressly provided under a commercial agreement.
Exported documents are not guaranteed to retain formatting fidelity (e.g., table structures, margin alignment, color codes).
3. Access and Availability
Export functionality may be gated by plan type, file age, or user role (e.g., admin only).
Chariot reserves the right to throttle or disable exports during periods of high system load, abuse detection, or storage transition.
Expired or purged files cannot be exported post-deletion unless backed up under a premium archival plan.
4. Export Disclaimer
All exports are delivered as-is, without warranty of accuracy, use-case compatibility, or future access. Chariot does not accept liability for:
Errors introduced during file generation or formatting
Failure of the export to integrate with external software, platforms, or databases
Misuse or misinterpretation of exported content by third parties
By using Chariot’s export features, you acknowledge that data portability is offered as a user convenience and that all downloaded files should be reviewed for accuracy and suitability before reliance in legal, financial, or professional contexts.
19.8 Storage Limits by Plan
19.8 Storage Limits by Plan
Chariot enforces tier-specific storage limits that define the total volume of files (e.g., uploaded images, PDFs, generated reports) a user may retain on the platform at any given time. These limits vary by subscription plan and are monitored continuously to ensure fair usage and platform stability.
1. Tier-Based Storage Quotas
Free & Trial Users: Up to 500MB of total file storage
Standard Paid Plans: Up to 2GB – 3GB, depending on billing frequency
Premium / Enterprise Plans: Up to 5GB or more, with optional expansion through custom agreements
2. What Counts Toward Storage Limits
Uploaded vehicle photos and document scans
AI-generated reports (PDFs, visual annotations, summaries)
Contract uploads, inspection archives, or saved chat-linked assets
Associated metadata and thumbnails (where applicable)
3. Consequences of Exceeding Storage Quota
New uploads may fail with an error or warning until space is freed
Oldest or least-accessed files may be purged automatically, starting with the earliest uploads
Some features (e.g., report regeneration, export) may be disabled or throttled until under quota
4. Storage Monitoring and Alerts
Users may view current usage via the in-app dashboard (if available)
Notifications may be issued when nearing 80–90% of storage capacity (subject to platform support)
Chariot is not obligated to notify users before automated cleanup of non-critical or expired files
5. Expanding Storage
Users may upgrade plans to increase storage limits
Enterprise or team plans may request shared storage pools or custom expansion tiers
Additional fees may apply for archived storage, long-term backups, or bulk file access
By using Chariot’s upload and file retention features, you acknowledge that storage capacity is limited by your active plan tier, and you are responsible for monitoring, exporting, or managing files to avoid interruption of service.
19.9 Archived Files Access
19.9 Archived Files Access
To optimize system performance and manage capacity, Chariot may move older or infrequently accessed files into cold storage—a form of long-term, lower-priority archival infrastructure.
1. What Gets Archived
Uploaded images or documents that have not been accessed in 30+ days
AI-generated reports from inactive sessions
Files nearing the end of their retention window under your plan
2. Delayed Access to Archived Files
Archived files are not instantly retrievable. When requested:
Access may take 1–2 hours for rehydration from cold storage
Users will be notified when the file becomes available for download
Some downloads may be restricted to off-peak system hours
3. Paid Retrieval for Basic Tiers
Free and lower-tier plans may require a microtransaction or plan upgrade to retrieve files from archive
Premium users may access archived files at no additional cost, subject to fair use
4. Retrieval Limitations
Not all files are guaranteed to be archived. Files past their retention window may be purged entirely
Repeated retrieval of archived content may be throttled to prevent abuse or overload
5. No Archive Restoration Guarantee
Archived files are stored for convenience—not as a backup or preservation mechanism. Chariot makes no warranty of availability or recoverability for content placed in cold storage.
By using Chariot, you understand that archival access may involve delays, fees, or limits and that long-term file availability depends on your tier and usage behavior.
19.10 Access Restrictions
19.10 Access Restrictions
Chariot enforces strict access controls to ensure that uploaded and generated files remain private and account-bound. All files are associated with the authenticated user account that uploaded or generated them and are not publicly accessible without secure authorization.
1. File Access Tied to User Session
Uploaded images, PDFs, AI reports, and associated metadata are only accessible from the original user account.
Attempting to view or retrieve files from an unauthorized device or session may result in an access denial or forced reauthentication.
Cross-device access may require login verification, 2FA (if enabled), or security review.
2. Temporary Access Links or Tokens
When files are shared or downloaded via secure link (e.g., PDF download), Chariot may generate temporary access tokens.
These tokens are valid for a limited window—typically 24 to 72 hours depending on file sensitivity and plan tier.
After expiration, users must re-initiate the request or reauthenticate to regain access.
3. Session Validation and IP Checks
To prevent unauthorized access:
Chariot may restrict access based on IP address mismatch, device fingerprinting, or geo-anomaly detection.
Suspicious retrieval behavior (e.g., mass downloads, scripted access) may result in temporary account lockdown or revocation of tokenized links.
4. Restrictions on File Sharing
Chariot does not support public file hosting or open-access sharing.
Any attempt to bypass account-linked protections (e.g., sharing expired links, reverse engineering access tokens) is considered a violation of these Terms and may result in suspension or legal action.
5. Security Measures
All file access is encrypted in transit using HTTPS.
Files stored in secure cloud infrastructure are authenticated per-user and audited on access.
By using Chariot’s storage and download features, you agree to uphold the integrity of access controls and refrain from attempting to share, extract, or programmatically access files outside of approved workflows or authorized account usage.
19.11 Admin & Support Access
19.11 Admin & Support Access
Chariot maintains internal access protocols that allow authorized team members to view or retrieve user-submitted files strictly for operational, compliance, or support-related purposes. This access is tightly controlled and audited.
1. Purpose of Admin Access
Authorized Chariot personnel may access user files only for the following reasons:
Customer Support – To assist with missing files, corrupted uploads, or failed downloads
Fraud Investigation – To detect signs of upload manipulation, impersonation, or unauthorized access
Abuse Moderation – To review files reported for violating platform policies (e.g., illegal content, prompt injection)
Technical Troubleshooting – To resolve bugs, rendering issues, or OCR failures in AI processing of user documents
2. Scope of Accessible Content
Uploaded photos, PDFs, and reports
Associated metadata (timestamps, filenames, user ID)
Prompt history linked to file generation (if applicable)
Access does not include account passwords or billing information.
3. Internal Safeguards and Confidentiality
Access is restricted to approved personnel with proper credentials
All actions are logged and auditable, with review history maintained
Files accessed for review are not copied or shared externally
All support team members are bound by strict confidentiality agreements
4. User Consent and Notification
By using Chariot, you consent to this limited internal access for service integrity and compliance
In most cases, admin access is silent and not user-notified, unless required for issue resolution or legal reporting
5. Abuse of Access Strictly Prohibited
Any misuse of admin tools by Chariot staff (e.g., unauthorized viewing, off-platform sharing) results in immediate termination and legal escalation
You acknowledge and agree that while your files are private and secure, limited, justified access by Chariot support or compliance personnel is essential for maintaining platform reliability, safety, and user trust.
19.12 File Linking to User Reports
19.12 File Linking to User Reports
Chariot links uploaded files—such as vehicle images, scanned documents, or PDF contracts—to specific AI sessions, reports, or vehicle entries for continuity, analysis, and reference. These links are essential to maintain the logical structure of your experience and report history.
1. File-to-Report Association
Each uploaded file may be programmatically linked to one or more:
Vehicle reports
VIN analysis sessions
Chat-based evaluations
Document summary flows
These links enable Chariot to reference relevant files when generating, retrieving, or updating your reports.
2. Effects of File Deletion
If you manually delete a file tied to an active or historical report, you may encounter:
Incomplete visual summaries (e.g., missing vehicle photos)
Broken reference links in generated PDFs or session transcripts
Errors in document history or result regeneration
Deleted files cannot be restored unless previously exported or backed up under your plan tier.
3. Conditional File Retention
Even after a file is removed from visible history, Chariot may retain metadata or derived insights (e.g., image damage flags) to preserve downstream report integrity.
These derived elements do not contain the raw file but may reflect that it once existed.
4. User Responsibility
Users should avoid deleting files still tied to active or incomplete reports unless intentionally purging historical data.
If you’re unsure whether a file is still in use, contact support before deletion to avoid unintended consequences.
5. No Guaranteed Relinking
Reuploading a previously deleted file does not guarantee re-linking to the original report.
In many cases, report regeneration will be required, and results may vary due to updated models or inputs.
By using Chariot’s upload and report generation services, you acknowledge that uploaded files form part of a relational data structure, and their deletion may disrupt your experience, record continuity, or access to AI-generated summaries.
19.13 Metadata Storage
19.13 Metadata Storage
For every file uploaded or generated through the Chariot platform, associated metadata may be automatically collected and retained to support functionality, security, compliance, and analytics.
1. Types of Metadata Stored
Chariot may store the following metadata fields for each file:
Filename – Original or system-assigned name of the file
File Size – Total file size in bytes or kilobytes
User Identifier – Encrypted or hashed account ID associated with the upload
Upload Timestamp – Exact server-side time of upload (UTC)
Geolocation Data – Approximate location based on IP or EXIF data if user/device permissions allow
Device/Platform Details – Optional client information such as operating system, browser, or app version
System Classification – Internal AI labels or tags, such as “VIN doc”, “Warranty PDF”, “Front photo”, or “Invoice scan”
2. Use of Metadata
This metadata enables Chariot to:
Associate files with specific user sessions or reports
Monitor usage patterns and detect abuse (e.g., repeated uploads of malformed files)
Enable faster retrieval and sorting of user files
Classify content for correct AI processing (e.g., knowing whether a file is a photo or legal contract)
3. Data Integrity and Auditing
Metadata records are read-only after creation and retained for internal auditing
Logs may be used in fraud investigations, bug tracing, or dispute resolution
4. Privacy and Storage Duration
Metadata is treated as part of the file record and retained as long as the file exists, or longer if tied to compliance
Location data is only stored when explicitly shared through user device settings or file EXIF fields
5. No Public Metadata Exposure
Chariot does not expose metadata to other users or external parties
Metadata is not sold, syndicated, or indexed for advertising or profiling purposes
By uploading files, you consent to the collection and internal use of associated metadata for service delivery, accuracy, and platform governance.
19.14 External Sharing Restrictions
19.14 External Sharing Restrictions
Files uploaded to or generated by the Chariot platform—such as AI reports, vehicle photos, or document summaries—are intended for personal use within the Service and are subject to strict limitations on external distribution.
1. Prohibited Uses Without Explicit Permission
Users may not, without prior written authorization from Chariot:
Host or embed files on external websites, blogs, forums, or marketplaces
Resell or package files for commercial distribution, including within reports, toolkits, or resale listings
Use Chariot-hosted links to publicly display or distribute content outside the platform
Automate the export or sync of files to third-party platforms or APIs without a commercial integration agreement
2. Exceptions — Permitted Sharing
Sharing may be allowed under the following conditions:
Fair Use – Small excerpts for commentary, education, or non-commercial critique, as defined under applicable law
Creative Commons Media – Files or visual outputs explicitly marked by Chariot as “CC” or openly licensed
Personal Use – Sharing via email, direct message, or printed form for personal, family, or direct transactional use (e.g. selling a car to one buyer)
3. Copyright and Ownership
All AI-generated reports, summaries, and file enhancements are protected as Chariot intellectual property
Uploading original photos or documents does not transfer ownership to Chariot, but derivative outputs (e.g., risk assessments, visual overlays) remain licensed by Chariot and subject to sharing restrictions
4. Reporting and Enforcement
Unauthorized public redistribution may result in account suspension, revocation of export privileges, or legal takedown notices
Platforms (e.g., YouTube, eBay, Shopify, Instagram) that host Chariot-generated content in violation of this clause may receive DMCA complaints or legal contact from Chariot
5. User Liability
You accept full responsibility for any misuse, reposting, or downstream harm that results from unauthorized sharing of Chariot-hosted or -generated files. Chariot disclaims all liability associated with such external use.
By using Chariot, you agree that uploaded and generated files are for in-app or directly authorized uses only. External sharing must comply with intellectual property laws, Chariot’s licensing terms, and this Agreement.
19.15 File Format Limitations
19.15 File Format Limitations
To maintain platform integrity, security, and AI compatibility, Chariot strictly enforces file format restrictions for all uploads and downloads. Only approved formats are accepted, and all others are automatically rejected.
1. Accepted File Formats
The following formats are supported for upload and processing:
PDF – Clean, machine-readable, non-encrypted documents
PNG – Standard image files with transparency support
JPG/JPEG – Compressed photo images used for vehicle and document captures
HEIC – High-efficiency image format (accepted conditionally based on device support)
2. Rejected File Types
Uploads of the following file types are strictly prohibited and will be automatically blocked and logged:
Executable files – .exe, .bat, .sh, .cmd, or any file capable of executing code
Compressed archives – .zip, .rar, .7z, or similar formats that may bundle multiple files or obfuscate content
Office documents – .doc, .docx, .xls, .ppt, etc., unless exported to PDF
Script or code files – .js, .py, .html, .css, .php, etc.
Audio/video files – .mp3, .wav, .mp4, .mov, etc., are not accepted unless explicitly supported in future updates
3. Logging and Monitoring
All attempts to upload unsupported formats are recorded in system logs for security auditing.
Repeated attempts to upload prohibited files may trigger account review or automated abuse throttling.
4. Purpose of Format Restriction
Ensures safe AI parsing and visual analysis
Prevents malware injection, phishing, or system compromise
Streamlines performance and minimizes system errors
Supports consistent formatting for AI-based reasoning and document alignment
5. User Obligation
It is your responsibility to convert unsupported file types to accepted formats before upload. Chariot is not liable for failed processing, lost data, or interpretation errors resulting from non-compliant file submissions.
By using Chariot, you acknowledge and agree to abide by these file format limitations and understand that unsupported files may be silently rejected or flagged without notice.
19.16 Upload Failure Disclaimer
19.16 Upload Failure Disclaimer
Chariot disclaims all liability for failed, incomplete, or corrupted uploads resulting from technical issues outside its direct control. You acknowledge that the file upload process involves multiple dependencies—including your device, network, and external infrastructure—and that errors may occur.
1. No Guarantee of Successful Upload
Chariot does not guarantee that all files submitted through the platform will be:
Successfully received or saved
Fully preserved without corruption
Processed without delay or parsing failure
Uploads may fail silently or return error messages under certain conditions.
2. Common Causes of Upload Failure
Chariot is not responsible for upload issues resulting from:
User-side connectivity problems, including slow or unstable internet
App or browser crashes before file transfer completion
Device memory or storage limitations affecting upload integrity
Use of unsupported or oversized file formats
Third-party Content Delivery Network (CDN) latency or timeouts
File compression, encryption, or incompatible encoding
3. Responsibility of the User
You are solely responsible for:
Ensuring a stable internet connection during uploads
Keeping original copies of all documents, images, or PDFs submitted to Chariot
Verifying upload success through confirmation screens or report availability
Avoiding large, corrupted, or device-specific file types
4. Platform Behavior on Upload Failure
Failed uploads may not trigger visible alerts in all cases
Incomplete or corrupted files may be auto-deleted or rejected without processing
Chariot’s AI will not interpret partially saved data or truncated documents
5. No Liability
Chariot is not liable for any consequences resulting from failed uploads, including:
Missed deadlines, incomplete reports, or undelivered results
Financial, legal, or transactional decisions made in reliance on unprocessed files
Loss of user-submitted data due to corruption or device/browser interruptions
6. Recommendation
For critical documents or time-sensitive uploads, users are encouraged to:
Use a stable network (preferably Wi-Fi)
Keep backups
Confirm upload success within the app
Contact support in the event of consistent failure or suspicious behavior
By using Chariot’s upload features, you agree that upload failures caused by external, user-side, or infrastructural limitations are not the responsibility of Chariot or its affiliates.
19.17 Security Measures
19.17 Security Measures
Chariot implements industry-standard security protocols to protect all user-submitted files and associated metadata. All storage, access, and transmission pathways are governed by encryption, access control, and audit policies designed to minimize unauthorized exposure or tampering.
1. Encryption Standards
At Rest: All files stored on Chariot infrastructure—whether on Supabase Storage, AWS S3, or equivalent platforms—are encrypted using AES-256 or equivalent encryption standards.
In Transit: Files uploaded, accessed, or downloaded are transmitted over TLS 1.2+ encrypted connections, ensuring confidentiality during transfer between client and server.
2. Access Keys and Signed URLs
File access is restricted to authenticated sessions using time-bound signed URLs, scoped to individual users or actions.
These URLs expire automatically, typically within 5 to 60 minutes, depending on access context.
Chariot does not expose permanent or globally accessible file links to any external users or services.
3. Monitoring and Logging
All file access events—including uploads, downloads, deletions, and metadata edits—are logged with user ID, timestamp, and IP region.
Suspicious access patterns, repeated download attempts, or geographic anomalies may trigger alerts or automatic restrictions.
4. Key Rotation and Access Lifecycle Management
API keys, encryption tokens, and signed URL secrets are periodically rotated on a scheduled basis and after any breach detection, staff departure, or critical infrastructure change.
Temporary keys are revoked automatically upon logout, token expiry, or account deletion.
5. Internal Access Control
Only authorized Chariot personnel with security clearance can access backend file systems, and even then only under support, abuse, or legal investigation scenarios.
Internal access is gated by role-based permissions, audit trails, and least-privilege policies.
6. No External Sharing by Default
Files are never made public or externally shared unless explicitly exported by the user.
Exported content, if any, must be downloaded using authenticated sessions or temporary tokens.
7. User Responsibility
While Chariot takes every precaution to safeguard your files, users are also expected to:
Keep their login credentials secure
Avoid sharing session access with unauthorized individuals
Refrain from uploading malicious, obfuscated, or encrypted files intended to bypass scanning
8. Disclaimer
No system can guarantee absolute security. Chariot disclaims liability for breaches caused by:
User-side malware or compromised devices
Third-party platforms linked via integrations (e.g., unauthorized cloud backups)
Zero-day exploits or attacks beyond commercially reasonable protection scope
By using Chariot’s platform, you acknowledge and accept these security measures and understand the shared responsibility involved in data protection.
19.18 Retention for Legal Compliance
19.18 Retention for Legal Compliance
Chariot reserves the right to retain user-submitted files, metadata, and associated records beyond standard storage windows when necessary to comply with legal obligations, regulatory requirements, or investigative needs. This clause supersedes typical retention timelines where applicable.
1. Extended Retention Triggers
Files and metadata may be retained beyond user-deletion requests or plan-based expiration thresholds under the following conditions:
Compliance with laws and regulations (e.g., tax laws, consumer protection statutes, digital recordkeeping rules)
Internal or external audits required by financial institutions, platform providers (e.g., Apple, Google), or governing bodies
Fraud detection and abuse investigations, including suspicious uploads, repeated violations, or bot-like behavior
Pending or ongoing legal disputes where document evidence is relevant to arbitration, claims, or defense
Court orders, subpoenas, or law enforcement requests
Tax reporting or financial reconciliation involving subscription plans, file-triggered purchases, or refunds
2. Applicable File Types
Retention may apply to, but is not limited to:
Uploaded images, PDFs, documents, and AI-generated reports
Chat-based logs linked to file interpretation
Metadata such as filenames, timestamps, IP regions, flags, and classification tags
Session or export logs related to regulated transactions
3. User Rights and Limitations
While users may request file deletions through support or in-app tools, such requests:
Do not override legal hold policies
May be delayed or denied if the file is under investigation or audit lock
Will be acknowledged and processed only after verifying that no legal grounds require continued retention
4. Transparency & Requests
Chariot may disclose if a file is subject to extended retention due to compliance, but is not obligated to reveal investigative details or specific third-party inquiries unless legally required to do so.
Users may request a copy of the stored file (if legally permissible) or a summary of the reason for continued retention by contacting: support@chariotreport.com.
5. Retention Duration
Extended retention durations are determined case-by-case but typically follow:
7 years for tax or financial audit purposes
Up to 10 years for legal dispute records
Indefinite if flagged as part of a known abuse pattern or criminal investigation
6. No Commercial Use of Retained Files
Files retained under this clause will not be used for product development, marketing, or resale purposes and are isolated under internal security controls.
7. Jurisdictional Considerations
Retention compliance is enforced in accordance with:
U.S. federal and state law
Applicable international data governance standards (e.g., GDPR, if applicable to your location)
Platform-specific obligations (e.g., Apple App Store content requirements, PCI-DSS for payment-linked records)
By using Chariot, you acknowledge and consent to this conditional file retention framework. You agree that retention for legal compliance overrides standard deletion timelines and user-initiated purging, when required by law or regulation.
19.19 File Integrity Checks
19.19 File Integrity Checks
To protect the security, reliability, and trustworthiness of the platform, Chariot performs automated integrity checks on all uploaded files. These checks are designed to detect potential threats, ensure processing compatibility, and uphold platform standards.
1. Integrity Screening Criteria
Uploaded files may be scanned for the following risk factors:
Viruses or malware signatures
Tampering or injection attempts (e.g. hidden scripts, altered metadata)
Checksum inconsistencies suggesting partial or corrupted uploads
Unusual encoding or compression schemes designed to obscure contents
Unsupported structures, such as encrypted or password-protected PDFs
File size anomalies (e.g. extremely small or large files with mismatched headers)
Misleading file extensions (e.g., .jpg file that contains executable code)
2. Rejection & Remediation
If an uploaded file fails an integrity check:
It may be silently rejected, flagged, or deleted without being processed.
The user may receive a warning message or error response.
In some cases, Chariot may recommend resubmission in a different format (e.g. flattening a PDF or converting image encoding).
Repeated attempts to upload altered or suspicious files may result in account review or throttling.
3. User Responsibility
Users are fully responsible for ensuring that uploaded files:
Are clean and free of malicious code
Have not been edited in ways that compromise readability or AI compatibility
Match the declared file format and extension
Have not been corrupted in transit or compressed using proprietary software
4. Security Tools
Chariot’s file integrity system may leverage:
Antivirus and malware scanning engines
Hash-based checksum comparisons
File header inspection and MIME-type validation
Rate-based anomaly detection and file pattern classifiers
5. No Guarantee of Perfection
While Chariot maintains robust integrity screening protocols, no automated system is infallible. Users are advised to:
Keep a secure backup of important files
Avoid uploading sensitive documents without redaction
Use the latest version of their browser or app for stability during upload
6. Enforcement Clause
Files deemed deliberately harmful, obfuscated, or indicative of adversarial misuse may be:
Logged for investigation
Used as grounds for platform restriction
Reported to relevant authorities in compliance with cybercrime reporting obligations
By uploading content to Chariot, you agree to comply with these integrity standards. You acknowledge that file scanning is a condition of use, and that corrupted, tampered, or harmful files may be rejected or deleted to maintain the integrity of the platform.
19.20 Survival & Review Rights
19.20 Survival & Review Rights
The file storage and security clauses set forth in Section 19 shall survive the deletion, suspension, or expiration of your account. Chariot retains certain post-deletion rights for compliance, operational, and research purposes.
1. Post-Account Deletion Applicability
Even if you delete your account or discontinue use of the Services:
Chariot may retain logs, metadata, or system-generated flags associated with your past file uploads.
Clauses related to upload integrity, file usage restrictions, and platform security continue to apply retroactively.
You remain responsible for any misuse, policy violation, or harm originating from files uploaded during your active period.
2. Anonymized Data Retention
Chariot may retain and use anonymized or aggregated data derived from expired or deleted files for:
Trend analysis (e.g., file format usage, upload frequency)
Service optimization (e.g., identifying upload failure causes or image quality benchmarks)
AI model refinement (e.g., training filters to improve document parsing or visual detection)
Security benchmarking (e.g., integrity threat mapping and file scanning performance)
No personally identifiable information (PII) or direct file content will be reused unless already covered under other clauses (e.g., legal compliance or fraud investigation).
3. Non-Reversible Retention
You acknowledge that certain types of storage logs, hash comparisons, and audit trails:
Cannot be fully removed once committed to immutable storage layers
May persist in encrypted backups or anonymized statistical models beyond file expiry
Are not subject to full deletion even upon user request if required by operational safeguards or compliance policy
4. Limited Review Rights
Chariot reserves the right to access, audit, or retrospectively analyze stored files or metadata when:
Required by law enforcement, regulatory, or tax agencies
Investigating potential terms violations, abuse, or fraud
Verifying or correcting system anomalies
These reviews follow internal security protocols and do not constitute a user right to retroactive file editing, recall, or deletion once expiration or deletion has occurred.
5. Consent to Ongoing Terms
By using Chariot's Services, you agree that:
Storage and retention policies apply indefinitely to any data derived from your uploads
You waive any claims to remove anonymized or aggregate insights derived from expired files
These rights survive account termination and remain binding under the governing law set forth in Section 40
This clause ensures that Chariot can uphold platform reliability, conduct meaningful audits, and responsibly improve AI performance—even after user files have been deleted or accounts deactivated.
Contact Us
If you have any questions or concerns about our Terms of Service or the handling of your personal information, please contact us at support@chariotreport.com