AIRUDA
Contents

Privacy Policy

Last updated: 2025-11-13

Privacy Commitment

Airuda Labs, LLC ("we", "our", "AIRUDA") respects your privacy. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our multi-modal AI messenger platform.

Key Principles: We collect only data necessary for Service operation. We never sell your personal data. You control your data with rights to access, export, and deletion.

1. Data We Collect

Account Information

  • Email address (for account creation, verification, communications)
  • Username (public identifier in chats and marketplace)
  • Password (hashed with bcrypt rounds 12, never stored in plain text)
  • Language preference (for UI localization and AI responses)
  • Profile information (avatar, bio - optional)

Usage Data

  • Messages sent and received (stored for conversation history and RAG context)
  • AI prompts used and conversations (for service delivery and cost calculation)
  • Marketplace interactions (prompts viewed, bookmarked, purchased, reviewed)
  • Credit transactions (purchases, usage, balances for billing accuracy)
  • Workflow configurations (parameters you provide for automation execution)

Technical Data

  • IP address (for security, rate limiting, geolocation routing)
  • Device information (for mobile push notifications, platform optimization)
  • Browser type and version (for compatibility and debugging)
  • Usage analytics (page views, feature usage, performance metrics)
  • Error logs with correlationIds (for debugging and incident response)

Payment Information

Payment processing handled by Stripe. We store: Stripe customer ID, payment method ID (last 4 digits), transaction history. We never store full credit card numbers. Stripe's privacy policy applies to payment data.

2. How We Use Your Data

  • Service Delivery: Operate messenger, AI chats, marketplace, workflow automation
  • AI Context: RAG sliding window uses message history for perfect recall (recent 10 + semantic 10 pairs)
  • Billing: Calculate credit usage, process purchases, track creator revenue
  • Security: Detect fraud, prevent abuse, enforce rate limiting
  • Communications: Send verification emails, notifications, service updates (in your language)
  • Improvement: Analyze usage patterns to improve features, optimize performance, fix bugs
  • Legal Compliance: Respond to legal requests, enforce Terms of Service

3. Data Sharing and Third Parties

AI Providers (Service Delivery)

Your AI conversations are sent to third-party providers solely for generation: OpenAI (GPT-5.4, GPT-5.4 mini, GPT-image-1.5, embeddings), Anthropic (Claude Sonnet 4.6, Claude Opus 4.6), Google (Gemini 3.1 Pro, Imagen 4, Veo 3.1), Stability AI (Stable Diffusion 3.5), BFL AI (FLUX.2 Pro), Recraft (Recraft V4), and Runway (Gen-4.5). Each provider's privacy policy applies to their processing.

Payment Processing (Stripe)

Credit purchases and creator payouts processed by Stripe. Stripe receives: payment information, billing address, transaction amounts. Stripe Connect used for creator KYC and revenue distribution. Stripe's privacy policy applies.

We Never Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes. Data shared with AI providers and Stripe is solely for service delivery, not monetization of your information.

Legal Requirements

We may disclose data if required by law, court order, or to: (1) Comply with legal process, (2) Protect our rights and safety, (3) Investigate fraud or abuse, (4) Respond to government requests.

4. Your Privacy Rights (GDPR/CCPA)

  • Access: Request copy of your personal data we hold
  • Export: Download your data in machine-readable format (JSON)
  • Correction: Update inaccurate or incomplete information
  • Deletion: Request account and data deletion (some data retained per legal requirements)
  • Portability: Transfer your data to another service
  • Object: Object to certain data processing (analytics, marketing)
  • Withdraw Consent: Revoke consent for optional data processing

To exercise these rights, contact privacy@airuda.com with your request. We respond within 30 days.

5. Data Retention

Active Accounts: We retain your data while your account is active and for reasonable period after (backup, recovery, legal compliance).

Messages: Chat history retained indefinitely for your access. You can delete individual messages or entire chats at any time.

Inactive Accounts: Accounts inactive for 2+ years with no credits or data may be deleted after email notification with 60-day grace period.

Backups: Data in automated backups retained up to 35 days (Aurora point-in-time recovery), then automatically purged.

Legal Holds: Data subject to legal holds, investigations, or disputes retained until resolution.

6. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption: HTTPS/TLS for all data in transit, encryption at rest for database (Aurora) and cache (Redis)
  • Authentication: JWT with short-lived access tokens (15min), refresh tokens in httpOnly cookies (XSS protection)
  • Passwords: Bcrypt hashing rounds 12, never stored in plain text, never logged
  • Access Controls: Role-based permissions, principle of least privilege, database row-level security
  • Monitoring: CloudWatch alerts for suspicious activity, Sentry error tracking with correlationId tracing
  • Rate Limiting: Prevents brute force attacks, DDoS protection, abuse detection

Despite our efforts, no system is 100% secure. Notify us immediately of any suspected security breach at security@airuda.com.

7. Children's Privacy

The Service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we discover we have collected data from a child under 13, we will delete it immediately.

Users aged 13-17 may use the Service with parental consent. Parents can request access to or deletion of their child's data by contacting privacy@airuda.com.

8. International Data Transfers

AIRUDA operates globally with infrastructure in: United States (primary), Korea, Europe, Japan. Your data may be transferred to and processed in these regions.

EU-US Transfers: For European users, we rely on Standard Contractual Clauses approved by EU Commission for lawful data transfer to United States.

Regional Data Residency: We use multi-region infrastructure (Aurora Global Database, ElastiCache Global Datastore) to keep data close to users for performance while maintaining global accessibility.

9. Changes to This Policy

We may update this Privacy Policy occasionally. We will notify you of material changes via: (1) Email to your registered address, (2) In-app notification, (3) Notice on this page.

Continued use of Service after changes constitutes acceptance of updated Privacy Policy. We encourage reviewing this page periodically.

10. Contact for Privacy Matters

For privacy-related questions, data requests, or concerns, contact:

Privacy Officer

Airuda Labs, LLC

Email: privacy@airuda.com

Data Requests: Include your registered email, specific request (access/export/deletion), and reason. We respond within 30 days per GDPR requirements.

Back to Home