Privacy Policy

Effective Date: September 4, 2024 Last Updated: November 5, 2025

1. Introduction

Welcome to GQV.ai ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI character content creation platform available at https://GQV.ai/ and related services (the "Service").

We are committed to protecting your privacy and ensuring transparency in our data practices. This policy complies with applicable privacy laws including GDPR and CCPA.

Google Sign-In Usage

When you sign in with Google:

• ✅ We access only your basic profile information (name, email, profile picture) for account creation
• ✅ We use Google Sign-In solely for authentication - we do NOT access any other Google services
• ❌ We never access your Gmail, Drive, Calendar, Photos, or any other Google data
• ❌ We never sell or share your Google profile data with advertisers
• ✅ You can revoke our access anytime at Google Account Settings

2. Information We Collect

2.1 Information You Provide Directly

When you create an account and use our Service, you may provide us with account information including your name, email address, username, and password. You may also choose to add profile information such as a profile picture, bio, and preferences. We collect the content you create or upload, including AI characters, training images, generated images and videos, and other materials. Additionally, we collect communications you send to us or through our platform, and payment information such as billing address and payment method details (which are processed securely by Stripe).

2.2 Information Collected Automatically

When you use our Service, we automatically collect certain information including usage data about how you interact with our Service, features used, and time spent. We also collect device information such as your IP address, browser type, operating system, and device identifiers. Our servers automatically record log data including server logs, error reports, and performance metrics. We also use cookies and similar tracking technologies as described in Section 10 of this policy.

2.3 Information from Third Parties

We may receive information from third-party sources when you choose to connect external services. When you use Google Sign-In, we receive only your basic profile information (name, email, profile picture). We may receive anonymized usage statistics from third-party AI service providers. We also collect aggregated usage and performance data from analytics providers. Stripe processes payment information on our behalf, and Vercel provides our application hosting infrastructure.

3. How We Use Your Information

We use your information only for legitimate business purposes:

3.1 Primary Purposes

• Service Provision: To provide, maintain, and improve our AI character creation and content generation services
• Account Management: To create and manage your account and preferences
• Content Processing: To generate AI characters, images, and videos using third-party AI services
• Customer Support: To respond to your inquiries and provide assistance
• Platform Security: To detect fraud, abuse, and ensure platform security

3.2 Secondary Purposes (with consent)

• Communications: To send service updates, newsletters, and promotional content
• Analytics: To understand usage patterns and improve our Service
• Research: To develop new features and improve AI model performance

Important: We do NOT use your personal data for:

• Advertising or marketing to third parties
• Credit scoring or financial assessments
• Surveillance or monitoring beyond security purposes
• Training AI models without explicit consent

4. Data Sharing and Disclosure

4.1 We Do NOT Sell Your Data

We never sell, rent, or trade your personal information to third parties for monetary consideration.

4.2 Limited Sharing Situations

We may share your information only in these specific circumstances:

• AI Service Providers: Necessary data (images, training data, generation parameters) to process your AI character and content generation requests
• Payment Processing: Stripe processes payment information securely on our behalf
• Hosting Infrastructure: Vercel hosts our application with enterprise-grade security
• Database Services: Neon provides secure PostgreSQL database hosting
• Service Providers: Other trusted partners who help operate our platform (analytics, support)
• Legal Requirements: When required by law, court order, or to protect rights and safety
• Business Transfers: In case of merger, acquisition, or sale of assets
• With Your Consent: When you explicitly authorize sharing

4.3 Data Processing Agreements

All third-party processors are bound by strict data protection agreements and cannot use your data for their own purposes.

5. Third-Party Authentication (Google Sign-In)

5.1 What We Access

When you sign in with Google, we only access:

• Basic Profile Information: Your name, email address, and profile picture
• Google Account ID: A unique identifier for authentication purposes

We do NOT access or request permission for:

• Gmail, Drive, Calendar, Photos, or any other Google services
• Your Google contacts, documents, or personal files
• Any Google data beyond basic profile information

5.2 Revoking Google Access

You can revoke our access to your Google account at any time:

1. Visit Google Account Permissions
2. Find "GQV.ai" and click "Remove Access"
3. Your GQV.ai account will remain active (you can use email/password login)

5.3 Data Deletion

When you delete your GQV.ai account:

• Google profile information is deleted within 30 days from active systems
• Backup systems are purged within 90 days
• You can request immediate deletion by contacting support

6. Data Security

6.1 Security Measures

• Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Role-based access with multi-factor authentication
• Infrastructure: Enterprise-grade hosting with Vercel and Neon PostgreSQL
• Payment Security: PCI DSS compliant payment processing through Stripe
• Application Security: Next.js framework with built-in security features
• Monitoring: 24/7 security monitoring and incident response
• Audits: Regular security assessments and penetration testing

6.2 Data Breach Response

In case of a security incident:

• Immediate containment and investigation
• Notification to affected users within 72 hours
• Coordination with relevant authorities as required
• Remediation steps and prevention measures

7. Your Rights and Choices

7.1 Access and Control

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and data
• Portability: Export your data in a machine-readable format
• Restriction: Limit how we process your data
• Objection: Object to certain types of processing

7.2 Communication Preferences

• Email Preferences: Unsubscribe from marketing emails anytime
• Notification Settings: Control in-app and push notifications
• Cookie Choices: Manage cookie preferences in your browser

7.3 Account Deletion

You can delete your account at any time from your settings page or by contacting support@GQV.ai. This will:

• Remove your personal information from our active systems within 30 days
• Delete your AI characters, generated images/videos, and user-generated content
• Anonymize your usage data for analytics purposes
• Retain certain data as required by law or legitimate business interests (transaction records, legal compliance)
• Provide confirmation of deletion upon request

8. Data Retention

8.1 Retention Periods

• Account Data: Retained while your account is active
• Content: Retained until you delete it or close your account
• Usage Logs: Retained for 24 months for security and analytics
• Support Records: Retained for 3 years for quality assurance
• Legal Records: Retained as required by applicable law

8.2 Deletion Process

When data is deleted:

• Removal from production systems within 30 days
• Secure deletion from backups within 90 days
• Some data may be retained in anonymized form for analytics

9. Technology Stack and Service Providers

9.1 Core Technology Infrastructure

Our platform is built using industry-standard, secure technologies:

• Frontend Framework: Next.js 15 (React-based framework with built-in security features)
• Hosting Platform: Vercel (enterprise-grade deployment and hosting)
• Database: Neon PostgreSQL (serverless database with automatic backups)
• Payment Processing: Stripe (PCI DSS Level 1 compliant payment processor)
• Authentication: Better-auth (secure authentication system)
• Content Delivery: Vercel Edge Network (global CDN for optimal performance)

9.2 Third-Party Service Providers

We work with the following trusted service providers:

9.2.1 Payment Processing

• Stripe, Inc. processes all payment transactions
• Stripe is PCI DSS Level 1 certified
• Payment data is never stored on our servers
• Stripe's privacy policy applies to payment information

9.2.2 Hosting and Infrastructure

• Vercel, Inc. provides application hosting and deployment
• Enterprise-grade security and SOC 2 Type II compliance
• Automatic SSL/TLS encryption and DDoS protection
• Global edge network for optimal performance

9.2.3 Database Services

• Neon provides PostgreSQL database hosting
• Data encryption at rest and in transit
• Automatic backups and point-in-time recovery
• Enterprise security features and compliance

9.2.4 AI Service Providers

We integrate with the following third-party AI services to power our features:

• Flux Dev - Image generation and AI character creation
• Kling - Video generation capabilities
• WaveSpeed - Video processing and advanced features
• Seedream - Character creation and image editing
• Other specialized AI engines as needed

Data Shared with AI Providers:

• Your training images (for character creation)
• Reference images and prompts (for content generation)
• Generation parameters and settings
• Each provider has their own data handling and privacy policies that may apply to your content

9.3 Data Processing Locations

Your data may be processed in the following locations:

• United States (Vercel, Stripe, Neon primary data centers)
• European Union (EU data processing when required)
• Global (Vercel Edge Network locations worldwide)

All international transfers comply with applicable data protection laws and use appropriate safeguards.

10. Cookies and Tracking Technologies

10.1 What Are Cookies

Cookies are small text files stored on your device when you visit our website. We use cookies and similar tracking technologies to enhance your experience and improve our services.

10.2 Types of Cookies We Use

10.2.1 Essential Cookies

• Required for basic website functionality
• Authentication and security
• Session management
• Cannot be disabled without affecting site functionality

10.2.2 Analytics Cookies

• Help us understand how you use our website
• Provide insights for improving user experience
• Google Analytics and similar services
• Can be disabled through browser settings

10.2.3 Preference Cookies

• Remember your settings and preferences
• Theme selection (dark/light mode)
• Language preferences
• Improve personalization

10.2.4 Marketing Cookies (Optional)

• Used for advertising and marketing purposes
• Only with your explicit consent
• Can be managed through cookie preferences

10.3 Managing Cookies

You can control cookies through:

• Browser settings and preferences
• Our cookie consent banner
• Opt-out links in marketing communications
• Cookie preference center on our website

10.4 Third-Party Cookies

Some cookies are set by third-party services we use:

• Google Analytics for website analytics
• Stripe for payment processing
• Vercel for hosting and performance monitoring

11. Additional Data Transfer Safeguards

11.1 Transfer Mechanisms

• Adequacy Decisions: Transfers to countries with adequate protection
• Standard Contractual Clauses: EU-approved data transfer agreements
• Certification Programs: Service providers with recognized certifications

12. Children's Privacy (COPPA Compliance)

12.1 Age Restrictions

• Our Service is not intended for children under 13 years old
• We do not knowingly collect personal information from children under 13
• If we learn we have collected such information, we will delete it promptly
• Age verification may be required for certain features

12.2 Parental Rights

Parents have the right to request deletion of their child's information, refuse further collection or use of their child's information, and request access to information collected about their child. For any child-related privacy concerns, please contact us at support@GQV.ai with "Child Privacy" in the subject line.

12.3 Educational Use

• Special considerations for educational institutions
• Compliance with FERPA for educational records
• Parental consent requirements for school use

13. California Privacy Rights (CCPA/CPRA)

California residents have additional rights:

13.1 Right to Know

Request information about:

• Categories of personal information collected
• Sources of personal information
• Purposes for collecting personal information
• Categories of third parties with whom we share information
• Specific pieces of personal information collected

13.2 Right to Delete

Request deletion of personal information, subject to certain exceptions for:

• Completing transactions
• Security and fraud prevention
• Legal compliance requirements
• Internal business operations

13.3 Right to Correct

Request correction of inaccurate personal information.

13.4 Right to Non-Discrimination

We will not discriminate against you for exercising your privacy rights.

13.5 Exercising Your Rights

California residents can exercise their privacy rights by submitting requests to support@GQV.ai. We will verify your identity before processing requests and provide a response within 45 days (extendable to 90 days if necessary). You may also designate authorized agents to act on your behalf by providing proper documentation.

14. Changes to This Policy

14.1 Updates

We may update this Privacy Policy to reflect:

• Changes in our practices or services
• Legal or regulatory requirements
• Industry best practices
• User feedback and suggestions

14.2 Notification

We will notify you of material changes through email to your registered address, prominent notices on https://GQV.ai/, in-app notifications for significant changes, and by updating the "Last Modified" date at the top of this policy.

14.3 Review Responsibility

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

15. Contact Information

15.1 Contact Information

For all privacy-related questions, data requests, security concerns, and legal matters, please contact us at support@GQV.ai. Our team will route your inquiry to the appropriate department and respond within 30 days.

You can also visit our website at https://GQV.ai/contact for additional support options.

15.2 European Union Users

EU users have the right to lodge a complaint with their local supervisory authority if they believe their data protection rights have been violated. You may also contact our designated Data Protection Officer through support@GQV.ai with "DPO Inquiry" in the subject line.

15.3 Response Times

We are committed to responding to your privacy inquiries promptly. Standard response times are within 30 days for privacy requests and within 24 hours for urgent security matters.

---

This Privacy Policy was last updated on November 5, 2025. Please review it periodically for any changes.