Privacy Policy

1. Introduction

AvalynnAI, LLC ("Company," "we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Avalynn.ai platform and related services (the "Service").

By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with the practices described herein, please do not use the Service.

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: Username, display name, email address, phone number, password (stored as a cryptographic hash), and profile details.
• Profile Information: Avatar images, profile privacy preferences, display preferences, and optional social media handles.
• User Content: Messages, prompts, conversations, and other inputs you submit through the Service, including both your inputs and any AI-generated responses.
• Uploaded Assets: Images, documents, media files, and other assets you upload to the Service.
• Credentials: Third-party API keys, tokens, or other credentials you or your administrator store within the Service (encrypted at rest).
• Payment Information: If applicable, billing details necessary to process transactions. We do not store full payment card numbers; payment processing is handled by third-party processors.

2.2 Information Collected Automatically

• Usage Data: Feature usage patterns, resource consumption metrics, session activity, and interaction history within the Service.
• Technical Data: IP addresses, browser type and version, operating system, device information, access timestamps, and referring URLs.
• Session Data: Authentication session identifiers, security tokens, and session duration.
• Security Logs: Failed authentication attempts, blocked access events, and other security-related incidents.

2.3 Information from AI Interactions

• AI Inputs: Prompts, messages, and attachments you send to AI systems through the Service.
• AI Outputs: Text, images, code, media, and other content generated by AI systems in response to your inputs.
• Interaction Metadata: Model identifiers, response timing, resource usage metrics, and other operational data associated with AI interactions.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To operate, maintain, and provide the features and functionality of the Service, including processing your requests and storing your content.
• Account Management: To create and manage your account, authenticate your identity, and communicate with you about your account and the Service.
• Security: To detect, prevent, and address fraud, unauthorized access, abuse, and other illegal or harmful activities, and to protect the rights and safety of our users and the Service.
• Service Improvement: To understand how the Service is used, identify areas for improvement, resolve issues, and develop new features and capabilities.
• Resource Management: To track and manage resource consumption, enforce usage limits, and ensure fair use across the platform.
• Communication: To send you service-related notices, security alerts, and updates about changes to our policies or the Service.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

4. How We Share Your Information

4.1 Third-Party AI and Service Providers

When you use AI-powered features, your inputs and relevant context may be transmitted to third-party AI providers for processing. These transmissions are governed by the respective provider's privacy policy and data processing practices. We do not control how these providers handle your data after transmission. We encourage you to review the privacy policies of any third-party AI providers whose models you access through the Service.

4.2 Other Users

Depending on your profile and privacy settings, certain information may be visible to other authenticated users of the Service:

• Public profiles: Your display name, username, avatar, bio, and selected public information are visible to other authenticated users.
• Restricted profiles: Visibility is limited based on your chosen privacy level (e.g., friends-only, private).

Regardless of privacy settings, your email address, phone number, and credentials are never displayed to other non-administrator users.

4.3 Infrastructure and Service Providers

We may share information with third-party service providers who assist us in operating the Service, including hosting providers, security services, analytics tools, and infrastructure providers. These providers are contractually obligated to use your information only for the purposes of providing services to us and in accordance with this Privacy Policy.

4.4 Legal Requirements

We may disclose your information if required to do so by law or in response to valid legal process, including subpoenas, court orders, or government requests. We may also disclose information when we believe in good faith that disclosure is necessary to protect our rights, property, or safety, or the rights, property, or safety of our users or the public.

4.5 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will use reasonable efforts to notify you via email or prominent notice on the Service prior to any such transfer and any change in applicable privacy practices.

4.6 With Your Consent

We may share your information in other circumstances with your explicit consent or at your direction.

5. Data Storage and Security

5.1 Data Storage

Your data is stored on secure servers with access controls. User content, account data, and metadata are stored in encrypted databases. Uploaded files are stored in isolated, access-controlled storage systems.

5.2 Credential Security

API keys, tokens, and other credentials stored within the Service are encrypted using industry-standard encryption algorithms. Credentials are decrypted only at the moment they are needed for authorized operations and are never logged or stored in plaintext.

5.3 Password Security

Your account password is never stored in plaintext. We use bcrypt cryptographic hashing with appropriate work factors to securely store password hashes.

5.4 Security Measures

We implement reasonable technical and organizational security measures including, but not limited to:

• TLS/HTTPS encryption for all data in transit;
• CSRF (Cross-Site Request Forgery) protection on all state-changing operations;
• Rate limiting and brute-force protection on authentication and sensitive endpoints;
• IP-based monitoring and blocking for suspicious activity;
• Secure session management with HttpOnly, Secure, and SameSite cookie attributes;
• Content Security Policy (CSP) and other security headers (HSTS, X-Content-Type-Options, X-Frame-Options);
• Regular security reviews and updates.

Despite these measures, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security, and you use the Service at your own risk.

6. Data Retention

• Account Data: Retained for as long as your account is active. Upon account deletion, personal data is removed within 30 days, except where retention is required by law or for legitimate audit purposes.
• User Content: Retained for as long as your account is active. You may delete individual items or entire datasets at any time through the Service.
• Uploaded Assets: Retained for as long as your account is active. You may delete files at any time. Upon account deletion, all assets are permanently removed within 30 days.
• Usage Data: Resource usage and analytics data may be retained in anonymized, aggregated form after account deletion for service improvement and capacity planning purposes.
• Security Logs: Retained for up to 90 days for security monitoring and incident response purposes.

7. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: You may request a copy of the personal information we hold about you.
• Correction: You may update or correct your personal information through your account settings or by contacting us.
• Deletion: You may request deletion of your account and personal information.
• Portability: You may request an export of your data in a machine-readable format.
• Restriction: You may request that we restrict processing of your personal information in certain circumstances.
• Objection: You may object to certain types of processing of your personal information.
• Withdrawal of Consent: Where we rely on your consent for processing, you may withdraw that consent at any time.
• Privacy Controls: You may adjust your profile visibility and privacy settings at any time within the Service.

To exercise any of these rights, please contact us at privacy@avalynn.ai. We will respond to your request within 30 days, or such shorter period as may be required by applicable law.

8. Children's Privacy

The Service is not intended for individuals under the age of 18 (or the age of majority in the applicable jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected information from a minor, please contact us immediately at privacy@avalynn.ai, and we will take prompt steps to investigate and delete such information.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws than your jurisdiction. By using the Service, you consent to the transfer of your information to such countries. When we transfer data internationally, we take reasonable steps to ensure an adequate level of protection for your personal information in accordance with applicable law.

10. Cookies and Tracking Technologies

The Service uses essential cookies for authentication and security purposes. We minimize our use of cookies and tracking technologies:

• Essential Session Cookies: Required for authentication, session management, and security. These are HttpOnly, Secure, and use SameSite restrictions.
• Security Tokens: CSRF tokens and related security mechanisms to protect against cross-site attacks.

We do not use third-party tracking cookies, advertising cookies, or behavioral analytics cookies. We do not engage in cross-site tracking, behavioral advertising, or the sale of personal information.

11. Do Not Track

We honor Do Not Track ("DNT") signals transmitted by your browser. As we do not engage in third-party tracking or behavioral advertising, the Service functions identically whether or not a DNT signal is received.

12. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the right to: (a) know what personal information we collect, use, disclose, and sell or share; (b) request deletion of your personal information; (c) request correction of inaccurate personal information; (d) opt out of the sale or sharing of your personal information (we do not sell or share personal information for cross-context behavioral advertising); (e) limit the use of sensitive personal information; and (f) not be discriminated against or retaliated against for exercising your privacy rights. To exercise these rights, contact us at privacy@avalynn.ai.

13. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) or equivalent legislation, including the right to lodge a complaint with your local supervisory authority. Our legal bases for processing your personal information include: (a) performance of a contract (providing the Service pursuant to our Terms); (b) legitimate interests (security monitoring, fraud prevention, service improvement); (c) compliance with legal obligations; and (d) your consent (where applicable and where no other legal basis applies).

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the Service. We will notify you of material changes by posting the updated policy on this page and updating the "Last Updated" date. For significant changes, we may also provide additional notice (such as email notification or an in-app alert). Your continued use of the Service after changes constitutes acceptance of the revised policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

AvalynnAI, LLC
Privacy inquiries: privacy@avalynn.ai
Legal inquiries: legal@avalynn.ai