en

Privacy Policy

Privacy Policy

Effective Date: November 16, 2025 Last Updated: November 16, 2025

Introduction

AIMeCreations LLC ("we," "our," "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, store, and protect your information when you use our services, including:

  • AIMeAvatar: AI avatar creation platform
  • AIMeFriends: AI companion chat service

By using our services, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Information You Provide Directly

Account Information:

  • Email address (required for account creation)
  • Username/display name
  • Password (encrypted, never stored in plain text)
  • Age verification (to ensure 13+ compliance)

Content You Create:

  • Chat messages with AI friends
  • Avatar creation inputs (text descriptions, preferences)
  • Story choices and interactions
  • User preferences and settings

Optional Information:

  • Profile customization (avatar, bio)
  • Feedback and support requests
  • Survey responses

1.2 Information We Collect Automatically

Usage Data:

  • Pages visited and features used
  • Time spent on platform
  • Interaction patterns with AI
  • Device type and browser
  • Operating system

Technical Data:

  • IP address (hashed for analytics)
  • Session IDs and cookies
  • Error logs and crash reports
  • API request logs (stripped of PII)

AI Interaction Data:

  • Prompts sent to AI models
  • AI responses generated
  • Emotion and mood tracking
  • Voice synthesis requests (audio not stored)

1.3 Information We Do NOT Collect

We do NOT collect or store:

  • Social Security Numbers
  • Credit card numbers (if payment implemented, handled by processor)
  • Biometric data for identification
  • Precise geolocation
  • Contact lists or device files
  • Third-party app data
  • Voice recordings (TTS audio generated on-demand, not stored)
  • Video recordings

2. How We Use Your Information

2.1 Primary Purposes

To Provide Services:

  • Create and manage your account
  • Generate AI responses personalized to you
  • Create AI avatars based on your descriptions
  • Save your conversation history and preferences
  • Provide voice synthesis for AI friends

To Improve Services:

  • Analyze usage patterns to improve features
  • Test and optimize AI models
  • Fix bugs and technical issues
  • Develop new features based on feedback

To Ensure Safety:

  • Detect and prevent abuse
  • Moderate harmful content
  • Enforce terms of service
  • Respond to legal requests

2.2 Legal Basis for Processing (GDPR)

We process your data based on:

  • Consent: You agree to our terms and privacy policy
  • Contractual Necessity: Required to provide the service
  • Legitimate Interest: Improve services, prevent abuse
  • Legal Obligation: Comply with laws and regulations

3. How We Share Your Information

3.1 We Do NOT Sell Your Data

We will never sell, rent, or trade your personal information to third parties for marketing purposes.

3.2 Service Providers

We may share data with trusted service providers who help us operate our services:

AI Model Providers:

  • OpenAI (GPT models) - governed by their privacy policy
  • Anthropic (Claude models) - governed by their privacy policy
  • Local models (Llama, Mistral) - processed on our servers

Infrastructure Providers:

  • Cloud hosting (AWS, Google Cloud, Azure)
  • Database services (PostgreSQL, Redis)
  • CDN and media storage

Analytics & Monitoring:

  • Anonymous usage analytics
  • Error tracking services
  • Performance monitoring

All service providers are contractually required to:

  • Protect your data with industry-standard security
  • Use data only for specified purposes
  • Delete data when no longer needed
  • Comply with GDPR and other regulations

3.3 Legal Requirements

We may disclose your information if required by law:

  • Court orders or subpoenas
  • Law enforcement requests
  • National security requirements
  • Protection of rights, property, or safety

We will notify you of legal requests unless prohibited by law.

3.4 Business Transfers

If AIMeAvatar is acquired or merged, your data may be transferred. We will notify you and ensure the new entity honors this privacy policy.

4. Data Retention

4.1 Retention Periods

Active Accounts:

  • Chat history: 30 days (configurable: 1, 7, or 30 days)
  • Account data: Until you delete your account
  • Session data: 24 hours
  • Generated audio: Immediately after playback (not stored)
  • Generated videos: Not stored (created on-demand)

Deleted Accounts:

  • Full deletion within 30 days of request
  • Backups purged within 90 days

Legal/Safety:

  • Anonymized safety logs: 1 year
  • Abuse reports: Until resolved, then deleted

4.2 Automatic Deletion

Data is automatically deleted when:

  • Retention period expires (e.g., 30-day chat history)
  • Session ends (temporary data)
  • Account is deleted
  • Legal hold is lifted

5. Your Rights & Choices

5.1 Access & Control

You have the right to:

  • βœ… Access your personal data
  • βœ… Export your data in machine-readable format (JSON/CSV)
  • βœ… Correct inaccurate information
  • βœ… Delete your account and all associated data
  • βœ… Object to certain data processing
  • βœ… Restrict processing of your data
  • βœ… Portability - transfer data to another service

How to Exercise Rights:

  • Account settings: Manage preferences, export data, delete account
  • Visit our Privacy page for instructions on data requests
  • Response time: Within 30 days

5.2 Communication Preferences

You can control:

  • Email notifications (on/off)
  • Analytics tracking (opt-out)
  • Personalization (use generic responses)

5.3 Cookies & Tracking

We use cookies for:

  • Session management (required)
  • User preferences (required)
  • Analytics (optional - you can opt out)

Cookie Types:

  • Essential: Cannot be disabled
  • Analytics: Can be disabled in settings
  • Third-party: None (we don't use third-party tracking)

How to Manage:

  • Browser settings: Block or delete cookies
  • Our settings: Disable analytics cookies

6. Data Security

6.1 Security Measures

We protect your data with:

Encryption:

  • TLS 1.3 for all data in transit
  • AES-256 encryption for data at rest
  • Encrypted database backups
  • Hashed passwords (bcrypt, cost factor 12+)

Access Controls:

  • Multi-factor authentication for administrators
  • Role-based access control (RBAC)
  • Principle of least privilege
  • Regular access audits

Infrastructure:

  • Firewalls and network isolation
  • DDoS protection
  • Regular security updates
  • Automated vulnerability scanning

Monitoring:

  • 24/7 security monitoring
  • Intrusion detection systems
  • Audit logging
  • Incident response plan

6.2 Security Limitations

No system is 100% secure. While we use industry-best practices:

  • Data breaches can occur despite precautions
  • You are responsible for keeping your password secure
  • Don't share your login credentials
  • Report suspicious activity immediately

6.3 Data Breach Notification

If a breach occurs, we will:

  1. Notify affected users within 72 hours
  2. Explain what data was compromised
  3. Detail steps we're taking to resolve it
  4. Provide guidance on protecting yourself
  5. Report to regulators as required by law

7. Children's Privacy (COPPA)

7.1 Age Restrictions

Our services are intended for users 13 years and older.

We do NOT knowingly collect data from children under 13.

If we discover a user is under 13:

  1. We will immediately delete their account
  2. We will delete all associated data
  3. We will notify parents if contact info available

7.2 Parental Rights

If you believe your child under 13 has created an account:

  • Visit our support page for parental inquiry procedures
  • We will delete the account within 24 hours
  • Provide verification of parental relationship

7.3 Teen Privacy (13-17)

For users aged 13-17:

  • Parental guidance recommended
  • Enhanced content safety filters
  • Limited data collection
  • No targeted advertising
  • Educational resources for safe AI use

8. International Data Transfers

8.1 Data Location

Our servers are located in:

  • United States (primary)
  • European Union (if you're in EU)

8.2 GDPR Compliance (EU Users)

If you're in the EU/EEA:

  • We comply with GDPR
  • Your data is protected by EU-US Data Privacy Framework
  • You have additional rights under GDPR
  • You can file complaints with your local data protection authority

8.3 Other Jurisdictions

We comply with:

  • CCPA (California Consumer Privacy Act)
  • UK GDPR (United Kingdom)
  • PIPEDA (Canada)
  • Privacy Act 1988 (Australia)

9. AI-Specific Privacy

9.1 AI Training

Your data and AI models:

  • Your conversations may be used to improve AI safety and quality
  • Data is anonymized before use in training
  • You can opt out of model improvement in settings
  • PII is always removed before any training use

Opt-Out:

  • Go to Settings β†’ Privacy β†’ Uncheck "Help improve AI"
  • Your data will not be used for model training

9.2 Voice Synthesis

Text-to-Speech (TTS):

  • Text is sent to TTS service for audio generation
  • Audio is streamed directly to you (not stored)
  • Voice reference models are persona-specific (not user-specific)
  • No voice cloning of real individuals

9.3 Avatar Generation

AI Avatar Creation:

  • Text descriptions are processed by AI models
  • Generated images are stored in your account
  • You own the avatars you create
  • We may display public avatars in gallery (with consent)

10. Third-Party Links

Our services may contain links to third-party websites or services:

  • We are not responsible for their privacy practices
  • We recommend reviewing their privacy policies
  • Their data collection is governed by their own policies

11. Changes to This Policy

11.1 Updates

We may update this privacy policy to reflect:

  • New features or services
  • Changes in regulations
  • Improved security practices
  • User feedback

11.2 Notification

When we make significant changes:

  • We will email you at your registered address
  • We will display a notice on our website
  • You will be asked to review and accept changes
  • Continued use implies acceptance

11.3 Version History

  • v1.0 (2025-11-16): Initial privacy policy

12. Contact Us

12.1 Privacy Questions

For privacy-related inquiries:

  • Visit our Privacy page for more information

12.2 Data Rights Requests

To exercise your data rights:

  • Visit our Privacy page for data request procedures

12.3 Security Issues

To report security concerns:

  • Visit our Security page for reporting procedures

12.4 General Support

For general questions:

Appendix: Definitions

Personal Data: Any information relating to an identified or identifiable person.

Processing: Any operation performed on personal data (collection, storage, use, deletion).

Controller: The entity that determines purposes and means of processing (AIMeCreations LLC).

Processor: An entity that processes data on behalf of the controller (our service providers).

PII (Personally Identifiable Information): Data that can identify a specific individual.

Anonymization: Irreversibly removing identifying information from data.

Pseudonymization: Replacing identifiers with artificial identifiers.

Consent: Freely given, specific, informed agreement to data processing.

Last Updated: November 16, 2025 Effective Date: November 16, 2025 Version: 1.0

By using AIMeAvatar services, you acknowledge that you have read and understood this Privacy Policy.