Privacy policy clauses for ChromaDB
ChromaDB is an open-source embedding database that stores vector representations of text and documents to enable semantic search and AI-powered retrieval. Websites use it to enhance search functionality, power recommendation systems, and improve AI application performance through efficient similarity matching.
Free scan · No signup · Results in 60 seconds
What data ChromaDB collects
Your privacy policy must disclose each of the following data types when you use ChromaDB.
When does ChromaDB trigger privacy obligations?
Installation Triggers Data Protection Obligations
The moment ChromaDB begins storing vector embeddings in your system, you are processing personal data if those embeddings derive from identifiable individuals — even indirectly. Embeddings encode semantic meaning from source documents; if a document contains a name, email, or user identifier, that information is encoded in the vector and metadata fields ChromaDB stores.
### Regulatory Thresholds
GDPR (EU/UK/EEA): Applies immediately if you process data of EU residents. ChromaDB's storage of embeddings and metadata constitutes "processing" under GDPR Article 4(2). You must establish a lawful basis (Article 6) — typically consent or legitimate interest — before ChromaDB ingests data. If you use ChromaDB to process health data or special categories, GDPR Article 9 heightens obligations.
CCPA (California): Triggered if ChromaDB stores personal information of California residents and you meet CCPA thresholds (annual revenue >$25M, data of 100k+ consumers/households, or >50% revenue from selling personal information). ChromaDB metadata and embeddings qualify as "personal information" under CCPA Section 1798.100.
