Privacy Policy

1. Information We Collect

We collect several categories of information to provide, improve, and secure the Service.

1.1 Information You Provide Directly

• Account Information: When you register or sign in, we may collect your email address, username, password (hashed), display name, and profile picture (if provided).
• Contact Information: If you contact support, submit feedback, or fill out forms, we collect your name, email, and any message content.
• Payment Information: If you purchase a paid plan (if introduced), we collect billing name, address, and payment method details — processed securely by third-party payment processors (we do not store full card numbers).
• User Content: Prompts, messages, files, or any input you provide to the AI chat interface.

1.2 Information Collected Automatically

• Device & Usage Data: IP address, browser type/version, operating system, device type, language preference, time zone, pages visited, time spent, referral source, and interaction events (clicks, scrolls).
• Log Data: Access times, request URLs, error logs, performance metrics.
• Cookies & Similar Technologies: See Section 12 below.
• Analytics Data: Aggregated usage statistics collected via tools such as Google Analytics, Plausible, or Cloudflare Analytics (anonymized where possible).

1.3 Information from AI Interactions

We collect the content of your conversations with the AI, including prompts and generated responses, solely to provide the Service, debug issues, improve safety filters, and (only with explicit opt-in consent) to train future models.

Important: By default, your private chats are not used for model training. You can opt in to contribute anonymized data via account settings. You may revoke this consent at any time.

2. How We Collect Information

We collect information through:

• Directly from you when you create an account, use the chat interface, or contact support
• Automatically via cookies, server logs, analytics tools, and embedded scripts
• From third-party services when you log in via Google, GitHub, or similar (only the data you authorize)
• Indirectly through usage patterns and metadata (e.g., session duration, most active hours)

3. How We Use Your Information

We use your information for the following purposes:

• To provide, maintain, and improve the Service (including chat functionality, model responses, and UI)
• To authenticate users and prevent unauthorized access
• To communicate with you (account notifications, support replies, service updates)
• To detect, prevent, and respond to abuse, fraud, security incidents, or violations of the Terms
• To generate anonymized, aggregated usage statistics for internal analytics and product development
• To comply with legal obligations (subpoenas, court orders, tax reporting, etc.)
• With your explicit consent — to train or fine-tune AI models (opt-in only)
• To enforce our Terms of Service and Acceptable Use Policy

4. Legal Basis for Processing (GDPR / UK GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, our legal basis for processing personal data includes:

• Contract: Processing necessary to provide the Service you requested (e.g., generating AI responses, maintaining account access)
• Legitimate Interests: Improving safety, preventing abuse, analytics, debugging (balanced against your rights)
• Legal Obligation: Complying with laws, responding to lawful requests
• Consent: Optional uses such as model training or marketing emails (you can withdraw consent at any time)

5. Sharing & Disclosure of Information

We do not sell your personal data. We may share information in these limited circumstances:

• Service Providers: With vendors who help us operate the Service (Cloudflare, hosting providers, analytics tools, payment processors) — bound by strict confidentiality and data protection agreements
• Legal Requirements: If required by law, subpoena, court order, or government request
• Business Transfers: In connection with a merger, acquisition, bankruptcy, or sale of assets (your data may be transferred as part of the transaction)
• With Your Consent: When you explicitly authorize sharing (e.g., public sharing of a chat)
• Aggregated / De-identified Data: Anonymized statistics shared with researchers or partners

6. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this Policy or as required by law:

• Account data: Retained while your account is active + 90 days after deletion (for legal and backup purposes)
• Chat history: Retained until you delete it or your account is deleted (unless you opt in to model training)
• Logs & analytics: Retained for 12–24 months (anonymized where possible)
• Legal obligations: Certain data may be kept longer if required by tax, fraud prevention, or litigation hold requirements

7. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

• Right to access / obtain a copy
• Right to rectification (correct inaccurate data)
• Right to erasure (“right to be forgotten”)
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent (where processing is consent-based)
• Right not to be subject to automated decision-making with legal effect

To exercise these rights, contact us at privacy@diyregistry.com. We will respond within the timeframes required by law (usually 30–45 days).

8. California Consumer Privacy Act (CCPA / CPRA) Rights

If you are a California resident, you have additional rights under the CCPA/CPRA, including:

• Right to know what personal information we collect, use, disclose, or sell
• Right to delete personal information
• Right to opt out of sale/sharing of personal information (we do not sell data)
• Right to correct inaccurate personal information
• Right to limit use of sensitive personal information
• Right to non-discrimination for exercising rights

9. International Data Transfers

Your data may be transferred to, stored, and processed in the United States or other countries outside the EEA/UK. We use appropriate safeguards (Standard Contractual Clauses, adequacy decisions, or other mechanisms) to protect your data during transfers.

10. Security of Your Information

We implement commercially reasonable technical, administrative, and organizational measures to protect your data, including encryption in transit (TLS 1.3), access controls, regular security audits, and secure hosting on Cloudflare infrastructure.

However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

11. Children’s Privacy

Our Service is not directed to children under 13 (or 16 under certain laws). We do not knowingly collect personal information from children. If we become aware that we have collected such data, we will delete it promptly.

12. Cookies & Tracking Technologies

We use cookies, web beacons, and similar technologies for functionality, analytics, and security. You can manage preferences via your browser settings or our cookie banner (when implemented).

13. Third-Party Links & Services

Our Service may contain links to third-party websites or services (e.g., payment processors, analytics providers). We are not responsible for their privacy practices. Review their policies before providing information.

14. Changes to This Privacy Policy

We may update this Policy from time to time. Changes will be posted on this page with an updated “Last Updated” date. Material changes will be notified via email or in-app notice.

15. Contact Us

If you have questions about this Privacy Policy or our data practices, contact:

Email: privacy@diyregistry.com

Postal: DIYRegistry, Attn: Privacy Officer, [Your Business Address – to be inserted]