Legal · Privacy & Transparency

Privacy & Transparency

What ChatWorld knows about you — and what it deliberately doesn’t.

Last updated: 14 May 2026

← back to ChatWorld
Read this first — anonymous is not the same as confidential

ChatWorld is an anonymous public chat. Anything you type is shown live to everyone else in the same room. Treat it like speaking in a public square: don’t post your real name, address, phone number, email, passwords, or anything you wouldn’t want a stranger to read. We protect your identity by design — we cannot protect the content you choose to broadcast.

1. Who we are

ChatWorld (chatworld.aros.ai) is operated by Christian Mueller, an individual based in Munich, Germany, as a personal non-commercial project. We are the “data controller” under the EU General Data Protection Regulation (GDPR).

Controller / Verantwortlicher Christian Mueller
Schwanseestr. 47
81549 München, Germany
USt-IdNr.: DE298983586
Email: privacy@christianalbertmueller.com

Full operator details are in our Imprint.

Data Protection Officer

Prof. Dr. h.c. Heiko Jonny Maniero LL.B., LL.M. mult., M.L.E. · DG Datenschutz
Franz-Joseph-Str. 11, 80801 München, Germany
Tel: +49 (0)800 – 6264376
Email: info@dg-datenschutz.de

2. No account, no signup

ChatWorld has no registration, no login, no password, no email collection. The moment you open the page you are given a random handle (e.g. QuietFox42). That handle is generated fresh on every connection, is not linked to you in any way, and disappears when you close the tab. There is no profile, no identity, no account to delete.

3. What we actually collect

Message content

The text you send is broadcast live to everyone in your room. Beyond that broadcast, message data is handled in two limited ways:

IP address

Like every website, our web server (nginx) records visiting IP addresses in standard access logs (auto-deleted after 14 days). While you are connected, the chat application also holds your IP transiently in memory — to limit how many simultaneous connections one address can open (anti-flooding), to enforce a short temporary block if you are disconnected for repeatedly breaking the rules (about 5 minutes, in memory only), and so it can be attached to a message if that message is later reported (see next section). In normal use the chat application writes no IP to disk — not to the room history, not to the moderation log. The one deliberate exception is an abuse report.

When you report a message

Every message has a “report” control. When you use it, we write one entry to an abuse log (report.log) containing: the reported message’s text, the random handle and the IP address of the user who sent it, plus your own random handle and IP address as the reporter, and a timestamp. This is the one place the chat application deliberately records IP addresses to disk — it is the evidence trail that lets the operator act on abuse and, where legally required, respond to law-enforcement requests. Please don’t misuse it: false or spam reports are themselves logged with your IP.

Local storage on your device

We store exactly one thing in your browser’s localStorage: your theme choice (cw-theme = Midnight or Classic). It never leaves your device and is never sent to us. We use no cookies and therefore show no cookie banner.

4. What we deliberately don’t collect

5. AI moderation & the one third party

This is the part we most want to be transparent about. Every message is moderated, in two tiers:

xAI is therefore the only third-party processor that ever sees ChatWorld message content, and only for that minority of borderline messages. xAI’s own terms govern that transmission — see x.ai privacy policy. We do not use xAI, or anyone else, for analytics or advertising.

6. How long we keep things

8. Hosting & international transfers

ChatWorld runs on a server hosted by Amazon Web Services (AWS) in the eu-central-1 region (Frankfurt, Germany). Your data stays within the EU. The only routine data flow outside this server is the Tier-2 moderation call to xAI described in § 5; where that involves processing outside the EU/EEA it relies on Standard Contractual Clauses.

9. Security & encryption

10. Your rights

Under GDPR you have the rights to access, rectify, erase, restrict, object, and data portability, and to lodge a complaint with a supervisory authority. There is an honest caveat here: because ChatWorld collects no identifying data, we usually have no way to connect a request to “your” data — there is no account and your handle is already gone. In practice your strongest protection is built in: the data self-deletes within a rolling 30-message window and server logs within 14 days. If you believe a specific recent message of yours should be removed from a room’s history, email us with enough detail to find it and we will remove it.

Supervisory authority for us: Bayerisches Landesamt für Datenschutzaufsicht (BayLDA).

11. Children’s privacy

ChatWorld is intended for users aged 16 and older. We do not knowingly collect data from children under 16. If you believe a child is using the service in a way that concerns you, contact us.

12. Changes to this policy

We may update this page as the service or the law changes. The “Last updated” date at the top always reflects the current version.

13. Contact us

Christian Mueller (Controller) Schwanseestr. 47, 81549 München, Germany
Privacy questions: privacy@christianalbertmueller.com
Data Protection Officer Prof. Dr. h.c. Heiko Jonny Maniero · DG Datenschutz
Franz-Joseph-Str. 11, 80801 München · +49 (0)800 – 6264376
info@dg-datenschutz.de

This is a small independent project. If you write about your data, you’ll get a personal reply.