Privacy Policy

1. Information We Collect

We collect **all types of data that you provide or generate** when using our Service. This includes information you actively give us, content you create in the app, and data collected automatically about your use of the Service. The categories of personal data we collect include, but are not limited to:

* **Account Information:** If you create an account, we collect information like your name, email address, username, profile photo (if you add one), password, and **age or date of birth** (to determine eligibility, especially for children’s privacy compliance). If you log in via a third-party service (such as Google or Apple), we receive basic account details from that provider (e.g. your name and email).

* **User Content:** We collect **all content you input or upload** to the Service. This includes **chat prompts/questions you ask, the AI avatars’ responses, follow-up messages, and any documents or files** you choose to share with the AI. **Interactions with AI tools** are also logged — for example, if the AI avatar uses a tool or plugin to assist (such as searching information or analyzing an uploaded document), the fact that you used that tool and the content involved are recorded. **Audio Data:** If you use voice features, we may collect your voice recordings and their transcripts. **Every message or interaction you have with the AI advisors is stored in our database.**

* **Technical and Usage Information:** Like most apps, we automatically collect certain data about your device and how you use the Service:

* *Device and Log Data:* This includes your device type (e.g. phone, tablet, computer), operating system version, browser type, unique device identifiers, IP address, and timestamps of your visits. We log how you interact with the app, such as features you use, avatars you consult, pages or screens viewed, and the order/duration of your interactions.

* *Cookies and Similar Technologies:* We use cookies, web beacons, local storage, and similar technologies to **remember your preferences and settings**, keep you logged in, and collect analytics data about our website or app usage. Cookies are small text files placed on your browser or device. They may collect **information like your browser type, referring URLs, and usage patterns** on our site. (See Section 8 on Cookies & Tracking for more details.)

* *Analytics Information:* We use third-party analytics tools (for example, Google Analytics or Firebase Analytics) that employ cookies and device identifiers to help us understand how users engage with the Service. These tools may record information such as which pages/features are used, how often, crashes or errors, and overall app performance data. This information is generally collected in aggregate form but may be tied to your user ID or device ID.

* **Communication Data:** If you contact us for support or feedback (via email, in-app chat, or social media), we will collect the information you provide in those communications (such as your name, email, and the content of your message). We may also keep records of our correspondence with you.

* **Third-Party Provided Data:** In some cases, we might receive information about you from third parties. For example, if a parent or guardian provides consent for a child user, the parent might provide information about the child. Or if we run a referral program or promotion and you participate, we might get your info from someone referring you. We treat such third-party provided data according to this Policy as well.

We consider all of the above data as **“Personal Data”** if it can reasonably identify you or is linked to you. In some cases, we may collect data that does not identify you (such as aggregated usage statistics); if we combine that with personal identifiers, we treat it as Personal Data too.

2. How We Use Your Information

We use the collected information for various purposes necessary to operate and improve the Service, communicate with you, ensure safety, and comply with the law. Specifically, we may use your information to:

* **Provide and Maintain the Service:** We use your data to enable your interactions with the AI avatars and deliver the advice and answers you request. For example, your prompts and profile information are used to generate relevant responses, and your device info helps optimize the app display. We also use data to maintain your account, authenticate you when you log in, and allow you to access your chat history.

* **Power the AI Responses:** **Your prompts, messages, and uploaded content are sent to OpenAI’s AI platform** in order to generate the avatar’s responses. The Service essentially functions like a ChatGPT-style interface: when you ask a question, **we transmit your prompt (and relevant context from the chat) to OpenAI’s API, which then returns the AI’s answer.** We use your data in this process to get you the assistant-level advice you seek. *Please note:* OpenAI may **store and use these prompts and responses to improve its models**, subject to their own privacy policy. (We provide more about third-party data handling in Section 3.)

* **Improve and Develop the Service:** Your data (especially chat interactions and usage patterns) helps us improve our application’s performance, AI accuracy, and features. We analyze conversation logs and user feedback to **train, refine, and enhance the AI models** and to develop new features or tools. For instance, we might review common questions to improve an avatar’s knowledge base, or use interaction data to debug and improve response quality. **Even if you delete your account, we may retain your conversations and data (in identifiable or anonymized form) for these development and improvement purposes** (see Section 4 on Data Retention). All such use of data is aimed at making the Service better, more helpful, and more reliable for users.

* **Ensure Safety, Security, and Compliance:** We monitor usage to protect users, the community, and our platform. Data (like logs and message content) may be used to **detect and prevent fraud, abuse, or illegal activities**. For example, we may use automated filters (similar to OpenAI’s content moderation) on prompts and responses to prevent disallowed content (e.g. hate speech, explicit adult content, illicit behavior, etc.). We also may use data to enforce our terms of use and community guidelines. Additionally, technical information like IP addresses and device IDs help us diagnose service disruptions, protect against hacking attempts, and prevent unauthorized account access.

* **Communicate with You:** We may use your contact information to send you account-related announcements such as welcome emails, password reset emails, service updates, or notifications about changes to our terms or privacy policy. If you have opted in to receive marketing communications (where permitted by law), we might send newsletters or promotional offers about new features. You can opt out of marketing emails at any time by using the unsubscribe link or contacting us, and we will honor such requests. (Transactional or essential service communications, however, may still be sent as needed for service administration.)

* **Analytics and Personalization:** Data like your interactions and cookies may be used to analyze how users use our Service, so we can understand trends, usage volume, and user preferences. This helps us personalize your experience (for instance, remembering your preferred avatar or language, or showing relevant content). It also helps in measuring the effectiveness of any feature or UI change we make.

* **Legal Compliance and Protection:** We may process and retain your information as needed to **comply with applicable laws, regulations, legal processes, or enforceable governmental requests.** For example, we may retain certain data to meet financial reporting obligations or respond to subpoenas. We may also use or disclose data to **assert legal rights or defend against legal claims**, to investigate or address potential violations of law or of our terms, or to **protect the rights, property, or safety of our users, our company, or others** (such as preventing harm or detecting security incidents).

Our use of personal data is based on various legal grounds, including: your consent (for data you choose to provide or optional features), the necessity to perform a contract (providing you the Service you requested), our **legitimate interests** (improving our product, securing our platform, communicating with you, etc.), and compliance with legal obligations. We do **not** use your personal data for any purpose that is incompatible with the purposes outlined above without first obtaining your consent.

We may also **aggregate, anonymize, or de-identify** personal data (so it can no longer identify you personally) and use that information for any purpose, such as research, machine learning, and analytics. For example, we might use aggregated usage statistics to understand how often typical users consult the “Health” advisor avatar versus the “Finance” one, without any personal identifiers attached.

3. Disclosure of Your Information

We value your privacy and **do not sell your personal information** to third parties. However, we do share your data in certain situations, with appropriate safeguards, as needed to run our Service and as required by law. The categories of recipients with whom we may share personal data include:

* **Service Providers (Processors):** We share information with third-party companies that perform services on our behalf, in order to operate and support the Service. Notably:

* *OpenAI:* As described, our AI avatars’ intelligence is powered by OpenAI’s API. **When you use the Service, your prompts and relevant user data are sent to OpenAI’s systems** to generate AI responses. OpenAI will process that data for us to deliver the answer, and may store it for a limited time to monitor for abuse or improve their models. OpenAI acts as a data processor in this context, and is contractually obligated to protect your data. However, your use of our Service is also subject to OpenAI’s policies. (OpenAI’s Privacy Policy notes that AI-generated outputs may not be accurate, and should not be relied on without verification.)

* *Google Firebase and Google Cloud:* Our application and databases are built on Google Cloud infrastructure (including Firebase Authentication for login, Firestore database for storing chats and user data, and Firebase Hosting/Cloud Functions). **This means your personal data (account info, chat logs, etc.) is stored on Google’s servers** and processed by Google Firebase services on our behalf. Google is a trusted cloud service provider that implements strong security measures; they will only access and use your data as necessary to provide these services to us (per Google’s terms and applicable data protection agreements).

* *Analytics Providers:* We may use third-party analytics tools (like Google Analytics, Firebase Analytics, or similar) to collect usage data as explained in Section 1. These providers may receive your device identifiers, IP, and usage info. They act on our behalf to analyze this data and report to us on app performance and user behavior. We ensure any analytics partner protects data per this Policy and does not use it for their own unrelated purposes.

* *Other Vendors:* We might also use other vendors for services such as email delivery (e.g., sending verification or notification emails), customer support ticketing, or data storage/backup. For instance, if we use an email service provider to send out our newsletters or support replies, your name and email would be shared with that provider solely for executing the email communication. All such service providers are bound by confidentiality and security obligations and **may not use your data for anything outside the scope of their work for us**.

* **Affiliates:** If our company has affiliate entities (e.g., a parent company, subsidiaries, or companies under common ownership), we may share your information with them. Any affiliate receiving your data will only use it in accordance with this Privacy Policy (for example, helping to provide or improve the Service). If in the future our corporate structure changes (such as through a merger, acquisition, or financing deal), your data may be transferred to the new entity as part of that transaction so the Service can continue to operate. In such a case, we will ensure the successor honors the commitments in this Policy.

* **Compliance with Law & Protection:** We may disclose personal information to courts, law enforcement, government authorities, or other third parties when we believe it’s legally required or we have a good-faith belief that such disclosure is necessary to:

* Comply with a legal obligation, regulation, or court order (for example, responding to a subpoena or lawful request by public authorities, including to meet national security or law enforcement requirements).

* Enforce our **Terms of Service** or other agreements, and investigate potential violations thereof.

* Detect, prevent, or address fraud, security, or technical issues (such as detecting bots, spam, or malicious activities on the platform).

* Protect our rights, property, and safety, or that of our users or the public, as required or permitted by law. This includes exchanging information with other companies and organizations for the purposes of cyber-security protection, credit risk reduction, and fraud prevention.

* **With Your Consent or at Your Direction:** We will share your personal data with other parties **if you specifically consent or direct us to do so.** For instance, if in the future we introduce an integration that allows you to share an AI-generated advice summary with a third-party app or on social media, we would do so only with your explicit action and direction. Or, if we ever want to use your testimonial or use-case publicly, we would ask for your consent. In any case where you have given consent to share data, you have the right to revoke that consent at any time, and we will stop any future sharing under that consent.

* **Business Transfers:** As noted under Affiliates, if we undergo a business transition such as a merger, acquisition by another company, reorganization, or sale of all or part of our assets, your personal data may be among the assets transferred. We would ensure the new owner continues to honor the privacy commitments to you. We will notify you (for example, via email or a prominent notice in the app) of any such change in ownership or control of your personal information, as required by law.

**No Sale of Personal Information:** We do not sell your personal data to third parties for monetary consideration. We also do not share your personal information for targeted advertising purposes without your consent. If this ever changes, we will update this policy and provide required opt-out mechanisms. For California residents: in the past 12 months, we have **not sold** personal information as “sale” is defined under the CCPA/CPRA, nor do we knowingly share it for cross-context behavioral advertising.

**Third-Party Content and Links:** The Service may occasionally provide links or references to third-party websites or services (for example, the AI might provide a reference link as part of an answer, or we might link to an external resource in our interface). This Privacy Policy does not cover those third-party sites or services. If you follow a link to any external site, **please note that those third parties have their own privacy policies, and we are not responsible for their content or practices.** We encourage you to review the privacy policies of any third-party services you interact with.

4. Data Retention

We will retain your personal data **for as long as necessary to fulfill the purposes outlined in this Privacy Policy**, taking into account the sensitivity and volume of data, and the requirements of applicable law. In practice, this means:

* **Ongoing Use:** As long as you have an active account or ongoing relationship with us, we will keep your information on file to provide you the Service (including maintaining your chat history and preferences).

* **Improvement and Development:** **Even if you delete your account or request deletion of your data, we may continue to retain certain data (such as your chat transcripts, interactions, and other usage data) for product improvement, development of new features, and to train our AI models.** This retention may be for an indefinite period or a period determined by us as necessary for these purposes. We retain this data **solely for our internal legitimate interests** (such as improving AI accuracy and user experience) and take steps to **de-identify or pseudonymize it where feasible**. For example, we might disassociate your chat logs from your email or username and then use those logs to refine our AI’s knowledge base.

* **Legal and Operational Retention:** We may also retain your information as needed to comply with legal obligations (e.g., keeping transaction records for accounting/tax purposes or evidence for resolving disputes) or to enforce our agreements. For instance, data necessary for security, fraud prevention, or abuse tracking might be kept to defend possible future legal claims.

* **Backup and Archival Copies:** Please note that residual copies of your information might **persist in backup media** after you delete information from our systems. Our routine backups might capture data which is then retained until those backups are cycled or destroyed. We also maintain logs for security and audit purposes which may contain certain data even after active use ends.

When we no longer have a legitimate need or legal obligation to retain your personal information, we will either delete it or anonymize it so that it can no longer be associated with you. If deletion (or anonymization) is not immediately feasible (for example, the data is stored in secure archives), we will isolate it from further processing until deletion is possible.

**Retention Example:** If you delete your account, your profile information will be removed from our live systems and you will not be able to log in. However, your past conversations and interactions **will remain in our archives** and may still be used internally to improve the Service (with identifying info removed or masked where possible). Any content that has been anonymized may be kept indefinitely. Keep in mind that content shared with third-party processors (like OpenAI) may also be retained by them according to their policies; for example, OpenAI may retain API request logs for a certain period for abuse monitoring. We will make good-faith efforts to ensure that our partners also delete or anonymize data when we ask them to, in line with this policy and applicable law.

5. Your Rights and Choices

You have **rights and choices** regarding your personal data. We are committed to enabling you to exercise those rights. Depending on your jurisdiction and applicable law, your rights may include:

* **Access:** You have the right to **request access to the personal data we hold about you**. This includes the right to ask for a copy of the specific pieces of personal information we have collected about you, as well as information about how that data is used and who we share it with.

* **Correction:** If any of your personal data is inaccurate or incomplete, you have the right to request that we **correct or update** it. For example, if you change email addresses or if we recorded something incorrectly, you can ask us to fix it.

* **Deletion:** You have the right to **request deletion (erasure)** of your personal data. This is sometimes called the “right to be forgotten.” Upon your request, we will delete your personal information that we are not legally required or otherwise permitted to retain. **Important Note:** As stated in Section 4, even if you request deletion of your account and personal data, certain content (like de-identified conversation logs) may be retained for development purposes. However, we will remove personal identifiers from such retained data or keep it in a form that does not readily identify you. We will also ensure that your data is no longer used to personally serve you or make decisions about you once you’ve requested deletion.

* **Data Portability:** You have the right to **obtain a copy of your personal data in a portable, commonly used format**, and to have that data transmitted to another service provider (where technically feasible). For example, you can request an export of your chat history and profile data in a JSON or text format.

* **Restriction of Processing:** You have the right to request that we **limit or restrict the processing** of your personal data under certain circumstances – for instance, if you contest the accuracy of the data or if you want to limit our use of it while a complaint is being resolved. When processing is restricted, we can still store your data but will not use it for other purposes until the restriction is lifted.

* **Objection:** You have the right to **object to our processing of your personal data** in certain situations. This includes objecting to processing based on our legitimate interests or for direct marketing purposes. If you object, we will re-evaluate the necessity of processing your data. Where required by law, we will cease processing unless we have compelling legitimate grounds to continue (e.g., overriding safety reasons or legal obligations).

* **Withdraw Consent:** If we are processing any of your personal data based on your consent, you have the right to **withdraw your consent at any time**. For example, if you consented to receive marketing emails or to a particular data sharing, you can change your mind and opt out. Withdrawing consent will not affect the lawfulness of any processing we already performed based on your consent before its withdrawal.

* **Non-Discrimination:** We will not discriminate against you for exercising any of these rights. For users in jurisdictions like California, this means we will not deny you the Service or provide a different level of service just because you exercised your privacy rights. Everyone will be treated equally regardless of their data requests.

* **Right to Lodge a Complaint:** If you believe your privacy rights have been violated or you have a concern about our data practices, you have the right to **file a complaint** with a supervisory authority. For example, if you are in the European Economic Area (EEA), you can contact your country’s data protection authority; if you are in the UK, you can contact the ICO; if in Canada, the OPC; etc. We would, however, appreciate the chance to address your concerns directly before you do this, so please consider reaching out to us first.

**California Privacy Rights (CCPA/CPRA):** If you are a California resident, in addition to the rights above (many of which align with CCPA rights), you have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months, including:

* The **categories of personal information** we collected about you (for example: identifiers like name or email, internet activity like your interactions, etc.), the **categories of sources** from which we collected it (e.g., directly from you, from your device, from service providers), the **business or commercial purposes** for collecting it (see Section 2 above), and the **categories of third parties** with whom we share personal information (see Section 3).

* The **specific pieces of personal information** we collected about you (essentially, you can request a copy of the actual data we have about you).

* If we disclosed your personal information for a business purpose, the categories of information shared and the categories of recipients for each. (We have provided this information generally in Section 3 – for example, we may disclose identifiers and usage data to our service providers like OpenAI and Google for business purposes of providing the service).

* You also have the right to request deletion of your personal information (subject to exceptions as noted above).

* Additionally, you have the **right to opt out of the “sale or sharing” of your personal information**. As noted, we do not sell personal data, nor do we share it for cross-context advertising without consent, so this right is typically not applicable in our case. If we ever consider “selling” data as defined by CCPA, we will provide a clear opt-out method (like a “Do Not Sell My Personal Info” link).

* California law also provides you the right to not be discriminated against for exercising your CCPA rights, which we already commit to under “Non-Discrimination” above.

To exercise any of your rights or choices, you may do the following:

* **Account Settings:** If the Service provides in-app settings or profile management, you may be able to access, correct, or delete certain information directly by logging into your account and using those tools. For example, you might edit your profile or download data export if such features are available.

* **Contact Us:** For any requests (access, deletion, correction, etc.), or if the feature you need is not self-serve, please contact us by email at **privacy@\[ourapp].com** (placeholder) or through \[Account Settings → Privacy Request] within the app if available. Please clearly state your request and provide sufficient information for us to verify your identity (we need to make sure we’re altering or disclosing data to the correct person). For certain requests, especially under CCPA, we may ask for additional information to verify you (such as confirming specific data we have on file or using the email associated with your account).

* **Verification:** To protect your privacy, we will take steps to verify your identity before fulfilling sensitive requests. For example, if you request access or deletion of data, we may verify using your account credentials or by asking you to confirm some personal details we have on record. If you have an authorized agent making a request on your behalf (allowed under CCPA for instance), we will require proof of that authorization and still take steps to verify the identity of the agent and/or you.

* **Response Time:** We will respond to your request within the timeframe required by law. Under GDPR, that’s typically within one month. Under CCPA, that’s generally within 45 days (with the possibility to extend once by an additional 45 days if necessary with notice). We will inform you if we need more time or if for some reason we cannot fulfill your request (due to a legal exception), and we will provide an explanation in that case.

* **Rectification of AI-Generated Information:** If you believe that the AI has generated content that includes false information about you (for example, if an avatar’s response contains inaccurate personal facts), you can contact us to request that such content be **corrected or deleted** from our records. We will consider such requests in accordance with applicable law and the technical feasibility (recognizing that AI-generated content is not like a static database entry, but we can try to prevent certain incorrect associations).

**Your Choices (Opt-Outs):** In addition to formal rights, we provide the following privacy choices:

* *Marketing Communications:* If you have signed up for any newsletter or marketing emails, you can opt out at any time by clicking the “unsubscribe” link in those emails or by contacting us. Once you opt out, we will stop sending you non-essential communications. (You will still receive service-related communications as needed.)

* *Cookies:* You can usually set your browser to refuse cookies or alert you when cookies are being used. You can also clear cookies after using our Service. Note that if you disable cookies, some features of our website might not function properly (for example, you might be logged out or preferences might not be saved). For mobile apps, you can typically control in-app tracking via your device settings (such as resetting the advertising identifier or limiting ad tracking). For more details, see Section 8 below.

* *Analytics:* To opt out of Google Analytics, you can install the Google Analytics Opt-out Browser Add-on, or use privacy browsers/settings that block such scripts. Some analytics providers also honor “Do Not Track” (DNT) signals or offer their own opt-out mechanisms. Currently, our Service does not respond to DNT signals in a uniform way, but we do limit tracking to the purposes described.

* *Interest-Based Ads:* If we ever display advertisements based on user data (not currently, but if in future), you will have choices such as adjusting your ad preferences or using industry opt-out tools (like the Digital Advertising Alliance’s opt-out). We will update our policy if this becomes relevant.

We are committed to enabling you to exercise control over your personal information. Please contact us at any time if you have questions or need assistance regarding your rights and choices.

6. AI Content and Advice Disclaimer

*(This section highlights the nature and limitations of our AI avatars, reiterating important information for users seeking advice in sensitive areas.)*

The Service provides a platform for you to interact with **AI-generated personas (“avatars”)** that aim to offer helpful advice or information in various domains (health, finance, legal, etc.). While we strive to make these AI advisors as reliable and knowledgeable as possible, **it is crucial to understand their inherent limitations:**

* **Not Professional Advice:** **AI avatars are *not* licensed professionals.** They do not hold medical degrees, law licenses, financial advisor certifications, or any other professional qualifications. Any **health tips, financial strategies, legal interpretations, or other advice** given by the AI is provided for your consideration as **general information only**. It **should never be taken as definitive medical diagnosis, legal counsel, financial planning advice, or the like from a qualified professional.** Always consult a certified professional for advice that has significant impact on your health, finances, or legal matters. Using this app **does not create any doctor-patient, attorney-client, or advisor-client relationship** between you and the AI or our company.

* **Accuracy and Completeness:** The AI model (provided by OpenAI) works by predicting likely responses based on patterns in data. **This means it might sometimes produce incorrect, outdated, or irrelevant information.** It does not truly “know” facts in the way a human expert does, and it has no capability to guarantee the truth or accuracy of its responses. The AI might also **omit important details** or fail to consider your unique personal circumstances. **You should not rely solely on the factual accuracy of any AI-generated response.** We strongly urge you to double-check critical information through other sources. If the AI provides a piece of information that influences an important decision, verify it with a trusted human expert or authoritative source.

* **Evolving Model:** The AI’s knowledge has limits. It may have a knowledge cutoff (for example, it might not know events or information beyond a certain date) and it may not be aware of the most current research or regulations. Additionally, the model may improve over time as we update it, which means answers might change or prior errors might later be corrected. Always treat the AI’s output as one *input* among many, rather than absolute truth.

* **Content Limitations and Moderation:** Our AI avatars follow usage guidelines and **content restrictions similar to ChatGPT.** They are programmed **not to engage in certain types of content**: for example, they should refuse or safely handle requests for violent, sexually explicit, or hate content, or disallowed advice (such as instructions for illegal activities). If you attempt to get such content, the AI will either refuse or respond with a warning. We log these events to improve our filters and ensure compliance with our policies. Despite these safeguards, it’s possible that the AI could occasionally produce or allow content that is inappropriate or harmful. If you encounter any response that is problematic or violates our acceptable use standards, **please stop using that conversation and report it to us** so we can take corrective action (such as improving the filter or, if needed, removing or editing the content if it’s within our control).

* **User Responsibility:** **By using the Service, you agree that your use of any information or advice obtained from the AI avatars is **at your own risk**.** You must use your own judgment and **take responsibility for decisions you make** based on the AI’s output. This includes carefully evaluating and verifying the AI’s suggestions before acting on them. If you choose to follow any advice (e.g., health or financial steps) provided by the AI without further verification, you assume full responsibility for the outcome. **We (the creators of the Service) will not be liable for any loss, injury, or damage (whether direct or indirect) arising from your reliance on AI-generated content.** In legal terms, the Service and all AI outputs are provided “**as is**” without any warranty of accuracy, reliability, or fitness for a particular purpose. We **disclaim all liability** for actions you take based on the AI. For example, if you suffer a health issue because you followed AI advice instead of seeing a doctor, or if you incur financial loss from an investment decision influenced by the AI, **you agree that you understand these risks and will not hold us responsible.**

* **No Emergency Use:** Do **not** use the Service for emergency or time-critical situations. If you have a medical emergency, legal crisis, or any situation requiring immediate expert assistance, contact the appropriate professional or emergency services. The AI may not recognize the urgency or give correct advice in such cases.

We include this **disclaimer section** to ensure you understand the experimental and advisory nature of this Service. We want our AI avatars to be **useful supplements to human expertise** — providing quick answers, insights, and second opinions — but **not replacements for human professionals.** Always exercise due diligence and caution in interpreting AI outputs.

*(Note: This disclaimer section is part of the Privacy Policy for informational clarity, but some of these terms (especially regarding liability) may also be reflected in our Terms of Service. In the event of any conflict between this Policy and our Terms of Service regarding the use of AI advice, the Terms of Service will govern.)*

7. Children’s Privacy

We understand the importance of protecting children’s privacy, especially in an application that can be used by all ages. **Our Service is *not* intended for children under the age of 13 without parental consent.** We do not knowingly collect personal data from children under 13 years old unless a parent or legal guardian has provided verifiable consent.

* **If You Are Under 13:** You **must have your parent or guardian’s permission** to use this Service. If you are under 13, please do not attempt to register an account or send any personal data (including your name, email, etc.) to us **unless your parent/guardian has reviewed and agreed to this Policy on your behalf**. We may require a parent’s email address to provide consent or use child-specific accounts if we choose to allow young users in compliance with laws like COPPA.

* **Parental Consent and Controls:** For any child user under 13, we will make reasonable efforts to obtain verifiable parental consent prior to collecting personal information. Parents/guardians who consent to their child’s use of the Service can contact us to review, update, or delete the child’s personal data, or revoke consent. We will provide parents with the ability to inspect the data and request deletion of the child’s information at any time.

* **If You Are 13-17:** If you are between 13 and 17 (or under the age of majority in your jurisdiction), **you should use the Service only with the involvement and consent of a parent or guardian.** By using the Service, we assume that you have your parent/guardian’s permission. Certain features might be limited for accounts of users under 18 to provide additional protections (for example, we might restrict certain sensitive advice or require parental oversight for some interactions).

* **No Personal Data from Young Children:** If we learn that we have inadvertently collected personal information from a child under 13 without proper consent, **we will take steps to delete that information promptly.** If you believe that a child under 13 may have provided us personal data without parental consent, please contact us immediately so we can investigate and address it.

* **Teen Users and Sensitive Content:** While we allow teenagers to use the app (with parental consent as noted), we emphasize that **the AI’s advice is not a replacement for parental guidance or professional counseling.** We encourage parents to talk with their children about using AI safely and to supervise their activity as appropriate. We also encourage users of all ages, including teens, to exercise caution and critical thinking when applying any advice from the AI, and to reach out to trusted adults or professionals for help with serious issues (like health, mental health, or legal problems).

Our goal is to create a **safe environment for users of all ages**. If you are a parent or guardian and have concerns about your child’s use of the Service or the data we collect, please **contact us** and we will be happy to discuss or take appropriate action.

8. Cookies and Tracking Technologies

When you use our website or application, we and our third-party partners use cookies and similar tracking technologies to provide and improve the Service. This section explains how we use these technologies and your choices regarding them.

* **What Are Cookies?** Cookies are small text files that are placed on your device (computer, smartphone, etc.) when you visit a website. They allow the site to recognize your device and store certain information about your preferences or past actions. Similar technologies include **local storage** (which stores data in your browser), **pixels or web beacons** (tiny images embedded in pages or emails that track if they’re viewed), and **mobile ad identifiers** (unique IDs on your phone for advertising).

* **How We Use Cookies:** We use cookies and similar tech for several purposes:

* *Essential Cookies:* These are necessary for the Service to function. For example, authentication cookies keep you logged in as you navigate through the app; without them, you’d have to re-login on every page. We also use cookies to remember your language preferences, the advisors you last used, or other settings so that you have a smoother experience.

* *Analytics Cookies:* We use these to collect information about how users interact with our Service. For instance, they tell us which pages are popular, how long users stay, how they move through the site, and if they experience errors. This helps us optimize the Service. We often use Google Analytics or similar tools which set their own cookies (like `_ga` for Google Analytics) to track usage. The information collected is usually aggregated and not personally identifying; if it is ever linked to identifiable info, we treat it as personal data.

* *Functionality Cookies:* These enable certain features. For example, if we have a chat widget or support widget, a cookie might remember your last conversation so you can pick up where you left off. If we allow you to switch between different AI avatars, a cookie might store which avatars you have active in your “boardroom” so they persist next session.

* *Advertising Cookies:* **(Not currently used)** – As of the effective date, we are not displaying third-party ads in the app that would use advertising cookies or trackers. If that changes, such cookies would be used to personalize ads to you on our Service or to measure ad campaign effectiveness. We will update this Policy and provide opt-out options if we introduce advertising cookies.

* **Google Firebase Analytics and Crashlytics:** In our mobile app, we may use Firebase Analytics to gather usage data and Firebase Crashlytics to log app crashes. These services automatically collect identifiers like Instance IDs or device info to help us debug issues and understand user engagement. While these aren’t “cookies” per se, they serve a similar role in a mobile context (tracking usage). You can reset your mobile advertising ID or opt out of personalized ads in your device settings, which these services respect to some extent.

* **Do-Not-Track Signals:** Web browsers offer a “Do Not Track” (DNT) option that lets you signal a preference not to have your online activity tracked. At this time, our systems do not respond differently to DNT signals, in part because there is no consensus on how to interpret them. We treat all users’ data according to this Policy, and if you want to opt out of tracking, please use the mechanisms described here (cookie settings, opt-out links, etc.).

* **Your Choices for Cookies:**

* *Browser Settings:* You can set your web browser to refuse all or some browser cookies, or to alert you when cookies are being set. Each browser is different, but you can usually find settings under “Preferences” or “Options” in the menu. If you disable or refuse cookies, please note that some parts of the Service (especially the web-based features) might become inaccessible or not function properly (for example, you may not be able to stay logged in).

* *Cookie Banner:* If required by law in your region, our website will display a cookie consent banner on your first visit. This banner may allow you to accept or reject non-essential cookies. Once you’ve made a choice, your preference will be stored (itself via a cookie) for future visits. You can always change your preference by clearing cookies or using our provided “Cookie Settings” link if available.

* *Analytics Opt-Out:* For Google Analytics, Google provides an opt-out mechanism: the [Google Analytics Opt-out Browser Add-on](https://tools.google.com/dlpage/gaoptout). Installing this add-on prevents Google Analytics script from running. On mobile, you can use privacy-focused apps or network-level blockers if desired.

* *Interest-Based Advertising:* If in the future we work with advertising partners that use cookies to track activity across sites for targeted ads, you will be able to opt out through tools like the [NAI’s opt-out page](https://optout.networkadvertising.org/) or [YourAdChoices](https://optout.aboutads.info/). For mobile apps, you can enable the “Limit Ad Tracking” or “Opt out of Ads Personalization” setting on your iOS or Android device. We will provide more information if/when such advertising cookies become relevant on our Service.

* **Third-Party Tracking:** Some third parties (like OpenAI or Google, in the context of their services integrated into our app) might use their own cookies or tracking when you interact with them through our Service. For example, if there is an embedded content or you click a link to OpenAI’s resources, those third parties may set cookies. We do not have direct control over these cookies. We encourage you to read the privacy policies of any third-party services for their use of cookies and other tracking technologies.

By using our Service, you consent to the placement of cookies and similar technologies in your browser and emails in accordance with this Privacy Policy and your browser settings. We will not set any non-essential cookies on your device without your consent where required by law.

9. Security Measures

We take the security of your personal information seriously and implement **reasonable and appropriate measures** to protect it from loss, misuse, and unauthorized access or disclosure. Our security program includes technical, administrative, and physical safeguards such as:

* **Encryption:** We use encryption to protect data in transit and at rest. For instance, communications between your device and our servers (and to OpenAI’s API) are secured via industry-standard SSL/TLS encryption. Sensitive data (like passwords) is stored hashed or encrypted in our database.

* **Access Controls:** We limit access to personal data to authorized personnel who need it to operate or improve the Service. Our team members and contractors are bound by confidentiality obligations. Access to administrative interfaces and databases is protected with strong authentication, and we log access and actions for security auditing.

* **Firewalls and Network Security:** Our servers (including those hosted on Google Cloud) are protected by firewalls and monitored for potential intrusions. We regularly update our software and dependencies to patch security vulnerabilities.

* **Testing and Best Practices:** We employ secure coding practices and may conduct security audits, code reviews, and penetration testing to proactively identify and fix security issues. Firebase/Google Cloud also provides robust security features that we leverage (like Firestore security rules to prevent unauthorized data reads/writes).

* **Anonymization and Minimization:** Where possible, we minimize the amount of personal data we store. For example, if we don’t need to know your exact age, we might just store that you are above a certain age. We also try to strip personal identifiers from chat logs used for AI training, as noted. By reducing the link between data and identities, we mitigate harm in case of any data leak.

**However,** despite all these efforts, **no method of transmission over the internet or electronic storage is 100% secure**. We **cannot guarantee absolute security** of your information. The use of our Service and transmission of data to us is at your own risk. It is important for you as well to protect against unauthorized access to your account by keeping your login credentials confidential and, if applicable, using a strong, unique password. If you suspect any unauthorized access or activity in your account, please notify us immediately.

In the event of a data breach that affects your personal information, we will notify you and the appropriate authorities as required by law. We have a breach response plan in place to quickly mitigate and communicate any security incidents.

10. International Data Transfers

The Service is **global** in nature, and your information may be transferred to or accessed by our team or service providers **in countries outside of your own**. In particular, note that:

* Our company’s operations may be based in **\[Company’s Home Country]** (placeholder, e.g., the United States), and **OpenAI and Google (Firebase)** are also based in the United States. Therefore, if you are using the Service from outside the U.S. (for example, in Europe or Asia), **your personal data will likely be transferred to and processed in the United States** or other jurisdictions where our servers or authorized third parties are located.

* Data protection laws vary by country. The U.S. or other countries may not have the same level of data protection as the laws in your home country (for instance, the EEA). We want to assure you that, **no matter where your data is processed, we take steps to protect it in line with this Privacy Policy.** We apply the same robust privacy and security standards described in this Policy to all user data, regardless of jurisdiction.

* **Legal Bases for Transfer (for EU/UK users):** Whenever we transfer personal data out of the European Economic Area (EEA), United Kingdom, Switzerland, or other regions with data transfer restrictions, we will ensure a lawful transfer mechanism is in place. This may include:

* Relying on the **European Commission’s adequacy decisions** (if the destination country is recognized as having adequate protection, though the U.S. is not currently deemed adequate without additional measures).

* Implementing **Standard Contractual Clauses (SCCs)** approved by the European Commission, which contractually oblige the recipient to protect your data according to EU standards. We have SCCs in place with our key service providers (e.g., Google and OpenAI, where applicable) as needed.

* In some cases, using **binding corporate rules** or **other certification mechanisms** if available, or obtaining your **explicit consent** for the transfer after informing you of possible risks.

* **Additional Safeguards:** Beyond legal contracts, we also use technical measures like encryption and access control to ensure that your data is secure when stored in foreign data centers. For example, content we store in Firebase (which may reside on servers in the U.S. or elsewhere) is subject to Google’s stringent security controls and our own encryption practices. OpenAI’s processing of your data is protected via encryption in transit, and they have internal policies to safeguard data as well.

* **Disclosure for Legal Reasons:** Keep in mind that personal data stored in a country may be subject to lawful access by courts, law enforcement, or other authorities in that country. For instance, data in the U.S. might be accessed by U.S. authorities under certain conditions. We will endeavor to redirect any such requests to you or to only comply if required (and in line with international norms and due process), but we want users to be aware of this aspect of international data storage.

By using the Service or providing us with information, **you consent to the transfer of your personal data to countries outside of your country of residence**. We understand this is a big responsibility and we will handle your data with care. If you have questions about our international data practices or want more details about the safeguards we have in place, please contact us (see Section 12).

11. Changes to This Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make changes, we will notify users in ways appropriate to the significance of the changes:

* **Posting the Updated Policy:** We will post the revised Privacy Policy on our website (or in the app) with a new “Effective Date” at the top. The updated version will supersede all prior versions.

* **Notification:** If we make any material changes to how we collect or use personal data, we will take additional steps to inform you. This could include, for example, posting a prominent notice on our site/app, sending an email notification to the address associated with your account, or presenting an in-app notice. We may also briefly summarize the key changes for clarity.

* **Your Review:** We encourage you to review this Privacy Policy periodically to stay informed about our data practices. If you continue to use the Service after a revised Privacy Policy has become effective, **you will be considered to have agreed to the updated terms** (to the extent permitted by law). We will not, however, without your consent, use your personal data in a materially different manner than what was stated at the time it was collected. If any change requires your consent (for example, if in the future we intend to collect additional sensitive data not previously collected), we will obtain such consent from you.

* **Archived Versions:** For transparency, we may keep prior versions of this Privacy Policy accessible (for example, on our website or by request) so you can see how our practices have evolved.

If you do not agree with any updates or changes to the Privacy Policy, you should stop using the Service and may request that we delete your data as per Section 5. Your privacy is important, and we will always indicate when the Policy was last updated so you know if there have been modifications.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact us. We are here to help and address any issues you may have.

* **Email:** You can reach our privacy team at **privacy@\[ourapp].com** (please replace “\[ourapp]” with the actual domain of our service). This is the primary way to contact us for privacy inquiries, including exercising your rights or asking questions about how your data is handled.

* **Mail:** If you prefer to send us a written letter, our mailing address is:

*\[Company Name]* (Attn: Privacy Compliance)

*\[Street Address]*

*\[City, State/Province, Postal Code]*

*\[Country]*

*(Please ensure to include Attn: Privacy so it reaches the correct team.)*

* **Data Protection Officer (DPO):** If we are required by law to have a Data Protection Officer, or if we have appointed one voluntarily, you may contact our DPO at **dpo@\[ourapp].com**. (If not applicable, the privacy email above will suffice for all inquiries.)

* **EU/UK Representative:** \[If applicable, for compliance with Article 27 of the GDPR, provide the contact details of our EU representative.] For example: “EU Representative: \[Name], \[Address], \[Email].”

* **In-App Support:** You may also contact us through any support or feedback feature in the app itself, if available. Simply state that your message is regarding privacy, and it will be routed to the appropriate personnel.

We will do our best to respond promptly to your inquiries – typically within a few business days. If you are contacting us to exercise a specific right, please refer to Section 5 for information we might need and the expected timeline.

Thank you for entrusting us with your information. We are dedicated to protecting your privacy while providing you with a valuable AI advisor experience.