ChatWorld is an anonymous public chat. Anything you type is shown live to everyone else in the same room. Treat it like speaking in a public square: don’t post your real name, address, phone number, email, passwords, or anything you wouldn’t want a stranger to read. We protect your identity by design — we cannot protect the content you choose to broadcast.
1. Who we are
ChatWorld (chatworld.aros.ai) is operated by Christian Mueller, an individual based in Munich, Germany, as a personal non-commercial project. We are the “data controller” under the EU General Data Protection Regulation (GDPR).
Schwanseestr. 47
81549 München, Germany
USt-IdNr.: DE298983586
Email: privacy@christianalbertmueller.com
Full operator details are in our Imprint.
Data Protection Officer
Franz-Joseph-Str. 11, 80801 München, Germany
Tel: +49 (0)800 – 6264376
Email: info@dg-datenschutz.de
2. No account, no signup
ChatWorld has no registration, no login, no password, no email collection. The moment you open the page you are given a random handle (e.g. QuietFox42). That handle is generated fresh on every connection, is not linked to you in any way, and disappears when you close the tab. There is no profile, no identity, no account to delete.
3. What we actually collect
Message content
The text you send is broadcast live to everyone in your room. Beyond that broadcast, message data is handled in two limited ways:
- Room history — the last 30 messages per room are kept (in a file called
history.json) so someone joining a room sees a little context. This is a rolling window: message number 31 permanently pushes out message number 1. It is not a searchable archive and it is never older than the last 30 messages of activity. - Moderation log — for messages that pass moderation cleanly, we store no text at all — just an anonymous counter line (timestamp + room). Only messages that are blocked or flagged have their text recorded (truncated to 300 characters) together with the random handle, so a human can review moderation quality. This log is hard-capped at 2 MB and auto-rotates — it can never grow into a permanent transcript.
IP address
Like every website, our web server (nginx) records visiting IP addresses in standard access logs (auto-deleted after 14 days). While you are connected, the chat application also holds your IP transiently in memory — to limit how many simultaneous connections one address can open (anti-flooding), to enforce a short temporary block if you are disconnected for repeatedly breaking the rules (about 5 minutes, in memory only), and so it can be attached to a message if that message is later reported (see next section). In normal use the chat application writes no IP to disk — not to the room history, not to the moderation log. The one deliberate exception is an abuse report.
When you report a message
Every message has a “report” control. When you use it, we write one entry to an abuse log (report.log) containing: the reported message’s text, the random handle and the IP address of the user who sent it, plus your own random handle and IP address as the reporter, and a timestamp. This is the one place the chat application deliberately records IP addresses to disk — it is the evidence trail that lets the operator act on abuse and, where legally required, respond to law-enforcement requests. Please don’t misuse it: false or spam reports are themselves logged with your IP.
Local storage on your device
We store exactly one thing in your browser’s localStorage: your theme choice (cw-theme = Midnight or Classic). It never leaves your device and is never sent to us. We use no cookies and therefore show no cookie banner.
4. What we deliberately don’t collect
- No name, no email, no phone number, no account.
- No cookies, no Google Analytics, no Facebook Pixel, no advertising trackers.
- No IP address in the chat application’s own logs — except in an abuse report you choose to file (see § 3).
- No profiling, no behavioural tracking, no data sold or shared with advertisers — ever.
- No permanent message archive.
5. AI moderation & the one third party
This is the part we most want to be transparent about. Every message is moderated, in two tiers:
- Tier 1 — local (about 95%+ of all messages). A profanity/abuse filter runs entirely on our own server. These messages never leave our server for moderation.
- Tier 2 — xAI / Grok (a small minority, roughly 2–5%). Messages that look hostile but contain no obvious profanity (where a local filter can’t decide) are sent to xAI’s Grok API for a moderation judgement. Only the message text is sent — not your handle, not your IP, nothing that identifies you. We send it over an encrypted connection and use the response purely to allow, flag, or block that one message.
xAI is therefore the only third-party processor that ever sees ChatWorld message content, and only for that minority of borderline messages. xAI’s own terms govern that transmission — see x.ai privacy policy. We do not use xAI, or anyone else, for analytics or advertising.
6. How long we keep things
- Room history — rolling last 30 messages per room. Older messages are gone permanently. A full server restart keeps only what was in that window.
- Moderation log — only blocked/flagged message text; hard-capped at 2 MB, auto-rotates (oldest half discarded). No IPs.
- Abuse report log (
report.log) — written only when someone files a report; contains the reported message text plus the reporter’s and reported author’s IP addresses. Retained as an abuse-handling and legal-response record, capped at 10 MB with rotation. - Server access logs (nginx, contain IPs) — 14 days, then auto-deleted by logrotate.
- In-memory connection data (your IP for the connection cap, your handle) — discarded the instant you disconnect.
7. Legal bases (GDPR)
- Legitimate interests (Art. 6(1)(f)) — running the chat, moderating it to keep it safe, short-lived security logs, and anti-flooding. We have weighed this against your privacy, which is why retention is minimal and identity is not collected.
- Legal obligation (Art. 6(1)(c)) — where law requires us to retain or disclose specific information.
8. Hosting & international transfers
ChatWorld runs on a server hosted by Amazon Web Services (AWS) in the eu-central-1 region (Frankfurt, Germany). Your data stays within the EU. The only routine data flow outside this server is the Tier-2 moderation call to xAI described in § 5; where that involves processing outside the EU/EEA it relies on Standard Contractual Clauses.
9. Security & encryption
- In transit — all traffic between your browser and ChatWorld is encrypted with TLS (HTTPS and secure WebSockets /
wss://). The Tier-2 moderation call to xAI is also encrypted in transit. - At rest — the rolling room history and the capped moderation log are stored as plain files on the server. They contain no identifying data and never more than the last 30 messages per room, so we consider plain storage proportionate. Be aware this is not end-to-end encryption: ChatWorld is not designed for confidential conversations (see the box at the top of this page).
- Server access — administrative access is by SSH key only, no password login. The application binds to localhost and is reachable only through the hardened nginx front end. A firewall and intrusion-prevention (fail2ban) are active.
- No system is ever 100% secure. If a breach occurs that is likely to put users at high risk, we will act and disclose in line with Art. 33/34 GDPR.
10. Your rights
Under GDPR you have the rights to access, rectify, erase, restrict, object, and data portability, and to lodge a complaint with a supervisory authority. There is an honest caveat here: because ChatWorld collects no identifying data, we usually have no way to connect a request to “your” data — there is no account and your handle is already gone. In practice your strongest protection is built in: the data self-deletes within a rolling 30-message window and server logs within 14 days. If you believe a specific recent message of yours should be removed from a room’s history, email us with enough detail to find it and we will remove it.
Supervisory authority for us: Bayerisches Landesamt für Datenschutzaufsicht (BayLDA).
11. Children’s privacy
ChatWorld is intended for users aged 16 and older. We do not knowingly collect data from children under 16. If you believe a child is using the service in a way that concerns you, contact us.
12. Changes to this policy
We may update this page as the service or the law changes. The “Last updated” date at the top always reflects the current version.
13. Contact us
Privacy questions: privacy@christianalbertmueller.com
Franz-Joseph-Str. 11, 80801 München · +49 (0)800 – 6264376
info@dg-datenschutz.de
This is a small independent project. If you write about your data, you’ll get a personal reply.