Privacy Policy
Last Updated: March 2, 2025
Introduction
This Privacy Policy ("Policy") explains how GFAI, operating SecretCrush.ai ("Company," "we," "us," or "our") collects, uses, discloses, and safeguards your personal information when you use our website, mobile application, and services (collectively, the "Service"). We are committed to protecting your privacy and handling your data in an open and transparent manner.
This Service is intended for users who are 18 years of age or older and may involve adult content. By using our Service, you confirm that you meet the age requirements and consent to this privacy policy.
1. Scope and Consent
1.1. This Policy applies to all information collected through our Service and any related services, sales, marketing, or events.
1.2. By using the Service, you consent to the collection, use, disclosure, and procedures this Policy describes. If you do not agree with our policies and practices, please do not use our Service.
1.3. This Policy applies to users in the United States, European Union, and other jurisdictions where we operate.
2. Information Collection
2.1. Personal Information You Provide
a) Account Information:
- Email address
- Username
- Password (encrypted and managed by Clerk authentication service)
- Date of birth (for age verification)
- Profile information and preferences
b) Payment Information:
Payment processing is handled entirely by third-party providers (Stripe and Coinpayments). We do not store, process, or have access to your complete payment card information, billing addresses, or other payment details. We may receive transaction confirmations and subscription status information from payment processors.
c) Communication Data:
- Messages and conversations with AI companions
- Support communications
- Feedback and survey responses
2.2. Information Automatically Collected
a) Technical Information:
- IP address and general location
- Device type, operating system, and browser information
- Usage patterns and interaction data
- Performance and error logs
b) Analytics Data:
- Page views and session duration
- Feature usage statistics
- User engagement metrics
2.3. Generated Content
We collect and store content generated through our AI services, including:
- AI-generated images
- Conversation logs with AI companions
- User prompts and requests
3. How We Use Your Information
3.1. Service Provision: To provide, maintain, and improve our AI companion and image generation services.
3.2. Account Management: To create and manage your account, process payments, and provide customer support.
3.3. Content Generation: To generate personalized AI responses and images based on your interactions and preferences.
3.4. Safety and Security: To monitor for illegal or harmful content and ensure platform safety.
3.5. Analytics and Improvement: To analyze usage patterns and improve our services.
3.6. Legal Compliance: To comply with applicable laws and regulations.
3.7. Age Verification: To ensure users meet the minimum age requirement.
4. Legal Basis for Processing (GDPR)
For users in the European Union, we process personal data based on the following legal bases:
4.1. Consent: For optional features, marketing communications, and certain data processing activities.
4.2. Contract Performance: To provide the services you've requested and fulfill our contractual obligations.
4.3. Legitimate Interests: For service improvement, security, and analytics, where not overridden by your privacy rights.
4.4. Legal Obligation: To comply with applicable laws and regulations.
5. Information Sharing and Disclosure
5.1. Third-Party Service Providers
We share information with the following categories of service providers:
- Authentication: Clerk for user authentication and account management
- Payment Processors: Stripe and Coinpayments for payment processing (we do not store payment details)
- Analytics Providers: Google Analytics for usage analytics
- Infrastructure Providers: Cloudflare for content delivery and security
- Cloud Hosting: For data storage and service hosting
5.2. Legal Requirements
We may disclose information when required by law, including:
- Response to legal process or government requests
- Protection of our rights and property
- Prevention of illegal activities or harm
- Compliance with applicable regulations
5.3. Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity.
6. Data Retention
6.1. Account Data: We retain account information for as long as your account is active or as needed to provide services.
6.2. Conversation Data: AI conversation logs are retained for up to 2 years to improve our services, unless you request deletion.
6.3. Generated Content: AI-generated images and content are retained for up to 1 year unless deleted by the user.
6.4. Payment Data: We do not store payment information. Transaction records may be retained according to legal requirements.
6.5. Analytics Data: Aggregated and anonymized analytics data may be retained indefinitely for service improvement.
6.6. Legal Holds: Data may be retained longer when required by law or for legal proceedings.
7. Your Privacy Rights
7.1. General Rights
You have the right to:
- Access your personal information
- Request correction of inaccurate data
- Request deletion of your account and data
- Object to certain data processing activities
- Withdraw consent where applicable
7.2. European Union Rights (GDPR)
EU residents have additional rights including:
- Right to data portability
- Right to restriction of processing
- Right to object to automated decision-making
- Right to lodge a complaint with supervisory authorities
7.3. California Rights (CCPA)
California residents have the right to:
- Know what personal information is collected
- Request deletion of personal information
- Opt-out of the sale of personal information (we do not sell personal information)
- Non-discrimination for exercising privacy rights
7.4. Exercising Your Rights
To exercise your privacy rights, contact us at [email protected]. We will respond within 30 days.
8. Data Security
8.1. Encryption: We use industry-standard encryption to protect data in transit and at rest.
8.2. Access Controls: Access to personal data is restricted to authorized personnel only.
8.3. Authentication Security: User authentication is managed by Clerk, which provides secure login and account management.
8.4. Monitoring: We monitor our systems for security threats and unauthorized access.
8.5. Incident Response: We have procedures in place to respond to data breaches promptly.
9. International Data Transfers
9.1. Data Location: Your data may be processed and stored in various countries where our service providers operate.
9.2. Safeguards: We ensure appropriate safeguards are in place for international transfers, including:
- Standard Contractual Clauses
- Adequacy decisions by relevant authorities
- Other approved transfer mechanisms
9.3. EU-US Transfers: For transfers from the EU to the US, we rely on approved transfer mechanisms and safeguards.
10. Cookies and Tracking Technologies
10.1. Cookie Usage: We use cookies and similar technologies to enhance your experience and analyze usage.
10.2. Cookie Types: We use essential, functional, analytics, and security cookies.
10.3. Cookie Management: You can manage your cookie preferences through your browser settings or our cookie preference center.
10.4. Detailed Information: For more information, see our Cookie Policy.
11. Age Restrictions
Our Service is for users who are 18 years of age or older. We do not knowingly collect personal information from minors under 18.
11.1. Age Verification: We require users to confirm they meet the minimum age requirement during registration.
11.2. Minor Data: If we discover we have collected information from a minor, we will delete it immediately.
11.3. Parental Notification: Parents who believe their child has provided information to us should contact us immediately.
12. Changes to This Privacy Policy
12.1. Updates: We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.
12.2. Notification: We will notify you of material changes through email or prominent notice on our website.
12.3. Effective Date: Changes become effective immediately upon posting unless otherwise specified.
12.4. Continued Use: Your continued use of the Service after changes constitutes acceptance of the updated policy.
13. Contact Information and Data Controller
13.1. Data Controller: GFAI is the data controller for the purposes of data protection laws.
13.2. Contact Details: For privacy-related inquiries, please contact:
- Email: [email protected]
- Support: [email protected]
13.3. Response Time: We aim to respond to privacy requests within 30 days.
Contact Information
For privacy-related inquiries and all other legal matters:
GFAI - SecretCrush.ai
Email: [email protected]
Support: [email protected]
Website: https://secretcrush.ai/legal/privacy