Privacy Policy

1. Introduction

Welcome to Rabu AI ("we," "our," or "us"). We are committed to protecting your privacy and ensuring you have a positive experience when using our app and services.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our app, website, and related services. Please read it carefully. By using Rabu AI, you agree to the practices described here.

2. Information We Collect

2.1 Information You Provide

• Account information (username, email address, password)
• Profile information (avatar, display name, preferences)
• Payment information (processed through Stripe — we do not store raw card numbers)
• Communications with us (support tickets, feedback, email correspondence)
• Age confirmation (you must confirm you are 18+ to use our service)

2.2 Automatically Collected Information

• Device information (device type, operating system, browser type)
• Log data (IP address, pages visited, timestamps, referring URLs)
• Usage data (features used, session duration, in-app activity)
• Performance and error data (crash reports, diagnostic information)
• Cookie data — see our Cookie Policy for details

2.3 AI Conversation Data

Rabu AI stores conversation logs to provide the service (e.g., character memory, conversation continuity). Regarding AI conversations:

• We do NOT use your personal chat conversations to train our AI models. Your private conversations are not used for AI training purposes.
• Conversations may be stored to provide the service and for safety/moderation purposes.
• Anonymized or aggregated data (never tied to individual users) may be used to improve platform performance and safety systems.
• Conversations flagged for policy violations may be reviewed by our trust and safety team.

3. How We Use Your Information

• To provide, operate, and maintain our services
• To process transactions and manage subscriptions (via Stripe)
• To personalize your experience and remember your preferences
• To improve our app, features, and AI systems
• To communicate with you about updates, changes, and promotional offers
• To provide customer support
• To detect, prevent, and address fraud, abuse, and policy violations
• To comply with legal obligations
• To enforce our Terms of Service and Content Policy

4. Third-Party Services We Use

We share certain data with trusted third-party service providers to operate our platform:

• Stripe — Payment processing. Stripe receives payment information directly and handles it under their own privacy policy. We receive confirmation of payment status, not your raw card details.
• Analytics providers — We may use analytics tools to understand how users interact with our platform. Analytics data is aggregated and not tied to identifiable individuals where possible.
• Cloud infrastructure providers — Our platform is hosted on cloud servers. Your data is stored securely with industry-standard protections.
• Email service providers — Used to send transactional emails (account confirmations, receipts, important notices).

We do not sell your personal information to third parties. We share data only as necessary to operate our services or as required by law.

5. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

• Account data: Retained for the life of your account, plus a reasonable period after deletion to comply with legal obligations.
• Conversation logs: Retained to provide the service. You can request deletion of your conversation history by contacting [email protected].
• Payment records: Retained for the period required by applicable tax and financial regulations (typically 7 years).
• Log/usage data: Typically retained for 90 days for operational purposes, then deleted or anonymized.
• Accounts terminated for policy violations: We may retain certain data as necessary to prevent future abuse and comply with legal requirements.

6. Data Sharing and Disclosure

We may share your information in the following circumstances:

• Service providers: As described in Section 4 above.
• Legal requirements: When required by law, court order, or governmental authority.
• Safety: When we believe disclosure is necessary to protect the safety of our users, the public, or to prevent harm.
• Business transfers: In connection with a merger, acquisition, or sale of all or substantially all of our assets, with appropriate notice to you.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including encryption in transit and at rest, access controls, and regular security reviews. However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security but will promptly notify affected users of any data breach as required by applicable law.

Data Breach Notification

In the event of a data breach that affects your personal information, we will:

• Notify affected users by email as soon as reasonably practicable
• Notify relevant regulatory authorities as required by applicable law (e.g., within 72 hours under GDPR)
• Provide information about what data was affected and steps you can take to protect yourself

8. Children's Privacy (18+ Requirement)

Rabu AI is an adult platform. Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from anyone under 18. If we discover that we have inadvertently collected information from a minor, we will delete it immediately and terminate the associated account. If you are a parent or guardian and believe your child has used our service, please contact us at [email protected] immediately.

9. Your Privacy Rights

Subject to applicable law, you have the following rights regarding your personal information:

• Right to access — You can request a copy of the personal information we hold about you.
• Right to correction — You can request correction of inaccurate personal information.
• Right to deletion — You can request deletion of your personal information, subject to legal retention requirements.
• Right to portability — You can request your data in a structured, machine-readable format.
• Right to object — You can object to certain types of data processing, including direct marketing.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know — You have the right to know what personal information we collect, use, disclose, and sell about you.
• Right to Delete — You have the right to request deletion of your personal information, subject to certain exceptions.
• Right to Opt-Out of Sale — We do not sell your personal information. If this changes, we will provide a "Do Not Sell My Personal Information" link.
• Right to Non-Discrimination — We will not discriminate against you for exercising your CCPA rights.

To submit a CCPA request, contact us at [email protected] with "CCPA Request" in the subject line. We will verify your identity before processing your request.

11. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR) and equivalent laws:

• Right of Access (Art. 15) — Obtain a copy of your personal data.
• Right to Rectification (Art. 16) — Correct inaccurate personal data.
• Right to Erasure (Art. 17) — Request deletion of your personal data ("right to be forgotten").
• Right to Data Portability (Art. 20) — Receive your data in a structured, machine-readable format.
• Right to Object (Art. 21) — Object to processing based on legitimate interests or for direct marketing.
• Right to Restrict Processing (Art. 18) — Request that we limit how we use your data in certain circumstances.

Our legal basis for processing personal data includes: performance of a contract (providing our services), legitimate interests (fraud prevention, security), and consent (where specifically requested). To exercise your GDPR rights, contact us at [email protected]. You also have the right to lodge a complaint with your local data protection authority.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your own, including the United States. When we transfer personal data from the EEA or UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

13. Cookies

We use cookies and similar tracking technologies. For full details, see our Cookie Policy.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last Updated" date. For significant changes, we may also notify you by email. Continued use of our services after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us at:

• Email: [email protected]