Privacy Policy - Conspirazy.ai

Our Commitment to Your Privacy

At Conspirazy.ai, your privacy is not just a legal obligation—it's a fundamental principle. This Privacy Policy explains exactly what data we collect, why we collect it, how we use it, and your rights to control it.

The short version: We collect only what we need to operate the platform. We never sell your data. We protect your identity with anonymous identifiers. You control your content.

1Information We Collect

1.1 Information You Provide

Account Registration

Email address: Via Google OAuth authentication (required for account creation and communication)
Display name: Optional username for your account
Age verification: Confirmation that you are 18 years or older

Payment Information

Payment method details: Processed and stored by Stripe, our payment processor
Billing history: Transaction records, subscription status, credit purchases
We do NOT store complete credit card numbers—Stripe handles all payment data securely

User-Generated Content

AI companion configurations: Personality traits, backstories, physical descriptions, custom settings
Chat messages: Conversations with AI companions
Atomic facts: Structured memory data extracted from conversations
Generated images: AI-generated images you create using our Service
Custom LoRA models: User-trained models for specialized companion capabilities (if applicable)

1.2 Information Automatically Collected

Technical Data

IP address: For security, fraud prevention, and geographic analytics
Device information: Browser type, operating system, device identifiers
Usage data: Features accessed, session duration, interaction patterns
Performance metrics: Error logs, API response times, system health data

Cookies and Tracking Technologies

Essential cookies: Session management, authentication tokens
Preference cookies: UI settings, theme preferences
Analytics cookies: Usage patterns, feature adoption (anonymized when possible)

1.3 Information from Third Parties

Google OAuth: Basic profile information (email, name) during authentication
Stripe: Payment success/failure status, subscription events
AI Providers (Together.ai, Featherless.ai): Error reports, rate limiting data

2How We Use Your Information

Core Principle: Purpose Limitation

We use your data exclusively for operating and improving Conspirazy.ai. We do not sell data, share it for advertising, or use it for purposes beyond what's described here.

2.1 Platform Operation

Account management: Creating, authenticating, and maintaining your account
Service delivery: Processing AI generation requests, storing content, managing companions
Payment processing: Billing, subscription management, credit tracking
Content Gateway: Analyzing inputs for safety compliance before sending to AI providers

2.2 Security and Compliance

Fraud prevention: Detecting and preventing payment fraud, account abuse
Platform security: Monitoring for suspicious activity, preventing unauthorized access
Legal compliance: Responding to valid subpoenas, court orders, legal obligations
Terms enforcement: Investigating Terms of Use violations, content policy violations

2.3 Communication

Service updates: Important platform changes, new features, policy updates
Transactional emails: Payment confirmations, account security alerts, password resets
Support: Responding to your questions, troubleshooting issues
Marketing (with consent): Optional promotional emails (you can opt out anytime)

2.4 Platform Improvement

Analytics: Understanding feature usage, identifying bugs, measuring performance
Product development: Prioritizing new features, improving user experience
Quality assurance: Testing system reliability, optimizing infrastructure

3Privacy-First Identifier Systems

Privacy by Design: Dual Identifier Approach

We use two complementary systems to protect your privacy while enabling platform functionality and content traceability.

3.1 Anonymous Identifiers (AID System)

All user account and activity data is associated with an Anonymous Identifier (AID) rather than directly with your personal information.

How AID Works

Account Creation: When you register, we assign you a unique AID (e.g., "AID_a8f92b3e")
Data Storage: Your chat history, companion configurations, and activity logs are stored using your AID
Separation: Personal identifiable information (email, payment data) is stored separately from content data
Auditing: We can analyze platform usage and improve services without accessing personal information

Benefits of AID

Data breach protection: If content databases were breached, attackers couldn't directly identify users
Privacy-preserving analytics: We can study usage patterns without knowing who specific users are
Regulatory compliance: Easier to comply with "right to be forgotten" requests by deleting AID associations

When We Link AID to Personal Information

We only connect your AID to personal information when necessary:

Processing payments and billing
Sending you emails or notifications
Responding to your support requests
Complying with legal obligations (subpoenas, court orders)
Investigating Terms of Use violations

3.2 Generation Identification (RUNE ID System)

Each piece of generated multimedia content (images, audio, video) receives a unique RUNE ID - a Request Universal Network Execution identifier.

⟨ RUNE-7F3A9B2C ⟩

What is a RUNE ID?

RUNE stands for "Request Universal Network Execution" - a technical identifier for each AI generation event on our platform.

Breaking it down:

Request: Your specific generation request
Universal: Works across all models and providers
Network: References our distributed AI provider network
Execution: The specific generation run/event

What the RUNE ID References

Each RUNE ID links to:

Generation timestamp and model used
Generation parameters (seed, steps, settings)
Content hash for technical verification
Your AID (stored separately, accessible only to authorized personnel)
Moderation status and safety flags

Privacy Controls

By default, your RUNE IDs are private:

Only you can look up your own RUNE IDs
Moderators can access RUNE IDs only for reported violations
Not publicly searchable or visible to other users
Enables precise investigation without reviewing entire account histories

Optional Public Sharing

You may choose to make specific RUNE IDs public to:

Share prompts and parameters with the community
Allow others to regenerate your creation
Appear in community galleries with attribution
Control exactly what information is shared

Why RUNE IDs Matter

For You: Track creations, share with community, get attribution
For Safety: Precise violation investigation without account-wide review
For Transparency: Community verification and learning
For Reproducibility: Others can recreate generations you choose to share
For Traceability: Content origin identification and abuse prevention

RUNE ID Watermarking

Generated images may include embedded watermarks containing:

RUNE ID: For content traceability and verification
Conspirazy.ai branding: Platform identification
Generation metadata: Technical parameters (may be visible or invisible)

Watermarks support safety, legal compliance, and are standard practice across AI generation platforms. They help identify AI-generated content origin and assist with abuse prevention.

3.3 How AID and RUNE ID Work Together

Complementary Privacy Protection:

AID protects your identity by separating personal information from platform activity
RUNE ID protects the platform by enabling content traceability without exposing user identity
Together, they provide privacy-respecting content moderation and community features
Both systems support "right to be forgotten" requests while maintaining platform safety

4Data Sharing and Third Parties

We Never Sell Your Data

Conspirazy.ai does not and will never sell, rent, or trade your personal information or content.

4.1 Third-Party AI Service Providers

We use multiple third-party AI providers to generate content. When you create content, we transmit:

What We Send	Why
Your prompts and generation parameters	Required for AI model to generate content
Your AID (anonymized)	Rate limiting, abuse prevention
RUNE ID	Generation tracking and traceability
Technical metadata	Timestamps, model versions, settings

What we do NOT send to AI providers:

Your email address or real name
Payment information
Chat history unrelated to the specific generation
Other users' data or unrelated account information

Current AI Providers

We currently use:

Featherless.ai: Flat-rate LLM inference for social companions
Together.ai / OpenRouter: Premium LLM inference for productivity/creative companions
fal.ai: Image generation with LoRA support

This list may change as we optimize for quality, cost, and performance. Each provider operates under their own privacy policies.

4.2 Payment Processing (Stripe)

What Stripe receives: Email, payment method, billing amount, subscription details
What they do: Process payments, detect fraud, manage subscriptions
Why we chose Stripe: Industry-leading security, PCI DSS Level 1 compliance
Stripe's policies: stripe.com/privacy

4.3 Infrastructure Providers

We use trusted infrastructure partners to operate the platform:

Hosting: Cloud app hosting, testing, deployment
Securing.io: Privacy storage, database storage, file storage
Routing: Message queueing for distibuted processing
Delivery: Content gateway, delivery, encryption

4.4 Analytics and Monitoring

Usage analytics: Anonymized metrics on feature usage, performance
Error tracking: Crash reports, system health monitoring
User behavior: Aggregate patterns to improve UX (no individual tracking)

4.5 Legal Requirements

We may disclose information when required by law or to protect rights:

Valid legal process: Subpoenas, court orders, search warrants
Terms enforcement: Investigating violations, preventing abuse
Mandatory reporting: Child safety (CSAM), threats of violence
Platform protection: Defending against legal claims, protecting intellectual property

5Data Retention and Deletion

5.1 How Long We Keep Your Data

Data Type	Retention Period	Reason
Account data (email, profile)	While account is active	Platform operation
User content (chats, companions)	While account is active	Service delivery
Generated images	While account is active	User access
RUNE ID records	8 years	Legal compliance, abuse prevention
Billing records	8 years	Tax law, accounting requirements
Safety/moderation logs	As required by law	Legal compliance
Anonymized analytics	Indefinitely	Platform improvement (cannot identify users)

5.2 Account Deletion Process

Request deletion: Via account settings or email to support@conspirazy.ai
30-day grace period: Account deactivated but recoverable if you change your mind
Permanent deletion: After 30 days, all personal data is deleted
Backup cleanup: Backups are purged within 90 days

What We Cannot Delete

Some data must be retained for legal compliance:

Financial records: 8 years for tax/accounting law
RUNE ID records: 8 years for abuse prevention and legal compliance
Legal holds: Data subject to ongoing litigation or investigation
Aggregated analytics: Already anonymized and cannot identify you

5.3 Your Data Portability

Before deleting your account, you can export:

All chat transcripts and atomic facts
AI companion configurations
Generated images (with RUNE IDs)
Account activity history

Export format: JSON for data, ZIP archive for images

6Security Measures

Our Security Commitment

We implement industry-standard security practices to protect your data from unauthorized access, disclosure, alteration, or destruction.

6.1 Technical Safeguards

Encryption in transit: TLS 1.3 for all data transmission
Encryption at rest: AES-256 encryption for stored data
Database security: Anonymous record storing and embedding
File storage: Encrypted blob and data storage with access controls and use-once technology
Authentication: OAuth 2.0 via Google, session tokens with expiration

6.2 Operational Security

Access controls: Role-based permissions, principle of least privilege
Audit logging: All administrative actions logged and monitored
Segregated storage: User content isolated by AID to prevent cross-user access
Regular audits: Security reviews, vulnerability assessments
Incident response: Documented procedures for security events

6.3 Application Security

Input validation: All user inputs sanitized and validated
API security: Rate limiting, authentication tokens
Dependency management: Regular updates for security patches
Code review: Security-focused code review process
Instances: Multiple instances for implementation and testing

Important Disclaimer

No system is perfectly secure. While we implement robust security measures, we cannot guarantee absolute protection against all possible threats. You are responsible for:

Keeping your Google account credentials secure
Not sharing your login information
Reporting suspicious activity immediately
Using strong, unique passwords for your Google account

7Your Privacy Rights

7.1 Universal Rights (All Users)

Right to Access: Request a copy of your personal data
Right to Correction: Update inaccurate or incomplete information
Right to Deletion: Request deletion of your account and data
Right to Export: Download your data in portable formats
Right to Object: Object to certain data processing activities

7.2 California Residents (CCPA/CPRA)

If you're a California resident, you have additional rights:

Right to Know

You can request:

Categories of personal information collected
Sources of that information
Business purposes for collection
Categories of third parties we share with
Specific pieces of personal information we have

Right to Delete

Request deletion of personal information, subject to exceptions for:

Completing transactions
Detecting security incidents
Complying with legal obligations
Internal research (anonymized data)

Right to Opt-Out of Sale

We do not sell personal information. If our practices change, we'll provide opt-out mechanisms.

Right to Non-Discrimination

We won't discriminate against you for exercising privacy rights.

Exercising California Rights

Submit requests via:

Email: privacy@conspirazy.ai
In-app: Account Settings → Privacy Rights

We'll verify your identity and respond within 45 days.

7.3 European Residents (GDPR)

If you're in the EU/EEA/UK, you have additional rights:

Legal Basis for Processing

Contract performance: Providing the Service
Legitimate interests: Platform improvement, fraud prevention
Legal obligations: Compliance with laws
Consent: Optional features (can be withdrawn anytime)

GDPR Rights

Right to access: Obtain copies of your data
Right to rectification: Correct inaccurate data
Right to erasure: "Right to be forgotten"
Right to restrict processing: Limit how we use data
Right to data portability: Receive data in machine-readable format
Right to object: Object to processing for legitimate interests
Right to withdraw consent: For consent-based processing
Right to lodge a complaint: Contact your data protection authority

International Data Transfers

Your data may be transferred to the United States. We use Standard Contractual Clauses (SCCs) approved by the European Commission to protect your data.

Data Protection Officer

Contact our DPO: dpo@conspirazy.ai

8Children's Privacy

Conspirazy.ai is restricted to users 18 and older.

Age verification: Required during account creation
No children's data: We do not knowingly collect data from anyone under 18
Immediate deletion: If we discover a user is under 18, we delete their account and data immediately

If you believe a minor has created an account, contact: support@conspirazy.ai

9Cookies and Tracking

9.1 Types of Cookies We Use

Cookie Type	Purpose	Can Disable?
Essential	Authentication, session management, security	No (required for platform)
Functional	User preferences, theme settings	Yes (degrades experience)
Analytics	Usage patterns, feature adoption	Yes (via browser settings)

9.2 Managing Cookies

You can control cookies through:

Browser settings: Block or delete cookies
Opt-out tools: Industry opt-out mechanisms
In-app settings: Manage non-essential cookies

Note: Disabling essential cookies will prevent platform functionality.

9.3 Do Not Track

We do not currently respond to Do Not Track (DNT) browser signals. We may implement DNT support in the future.

10Data Breach Notification

In the event of a data breach affecting personal information:

10.1 Our Response Process

Immediate containment: Stop the breach, secure systems
Investigation: Determine scope, affected data, cause
User notification: Email affected users within 72 hours (when feasible)
Authority notification: Report to regulators as required by law
Remediation: Fix vulnerabilities, prevent recurrence

10.2 What We'll Tell You

What happened and when
What data was affected
Steps we're taking to address it
Steps you should take to protect yourself
How to contact us for questions

11Changes to This Policy

We may update this Privacy Policy to reflect:

Changes in our practices or services
Legal or regulatory requirements
Industry best practices

11.1 How We Notify You

Material changes: 30 days' advance notice via email and in-app notification
Minor updates: Updated effective date on this page
Your consent: Continued use after changes = acceptance

11.2 Version History

Current version: December 13, 2024

We recommend reviewing this policy periodically to stay informed about how we protect your privacy.

12Contact Us

Conspirazy.ai, LLC
2232 Sunrise Street
Emmett, ID 83617
United States

Contact Directory

General Support: support@conspirazy.ai
Account help, billing, technical issues
Privacy Requests: privacy@conspirazy.ai
Data access, deletion, CCPA requests
Data Protection Officer: dpo@conspirazy.ai
GDPR inquiries, EU/UK data protection matters
Legal & Compliance: legal@conspirazy.ai
Legal matters, law enforcement, subpoenas

Your Privacy Matters

We built Conspirazy.ai with privacy at its core. Your data belongs to you, and we're committed to protecting it. If you have questions about this Privacy Policy, please reach out—we're here to help.