Summary
We collect device identifiers, subscription data, usage data, and conversations / chats to provide Chat AI 5, including AI-powered conversations, file analysis, image and video generation, search, voice input, email drafting, and AI Scheduler (iOS only; synced with Apple Calendar). The App uses third-party AI service providers and AI service platforms, including OpenAI, Anthropic Claude, Google Gemini, xAI Grok, DeepSeek, Seedance, Flux, OpenRouter, Replicate, and Coze, depending on the model, feature, and routing method used. Your conversations / chats may be uploaded, transmitted, processed, and stored with encryption and may be used to generate a personalized User Memory where enabled. You can access, delete, or limit your data (including User Memory) by contacting [email protected] or by deleting your saved conversations / chats in the App. We aim to comply with applicable data protection laws in the regions where we operate, including GDPR, CCPA, APPI, PIPA, PDPA, and PIPL. Review the full policy below.
In this Privacy Policy, "conversations" and "chats" have the same meaning. They include the content you submit, upload, generate, or share in the App, including text messages, prompts, uploaded files, documents, PDFs, images, videos, audio, voice inputs, screenshots, extracted text, previous chat context, generated outputs, and related technical metadata needed to process your request.
1. Introduction
Alzor Labs Company Limited ("we," "our," "the company") is committed to protecting your privacy. This Privacy Policy ("Privacy Policy") explains how we collect, use, share, and safeguard your personal information when you use our product Chat AI 5 ("the App").
The App may allow users to sign in with Apple, Google, or other supported login methods. When you sign in, we receive the account information permitted by you or provided by the login provider, such as a user identifier and, where authorized or made available by the provider, your email address or display name. We do not receive your Apple or Google account password.
2. Information We Collect
2.1 Categories of Personal Information
In the past 12 months, we have collected the following categories of personal information through the App, supported login methods, subscription services, analytics, attribution, and AI-powered features:
- Identifiers: IP address, device identifiers, analytics identifiers, advertising identifiers where permitted, and login provider identifiers where you sign in.
- Commercial Information: Subscription status, transaction identifiers, product identifiers, purchase dates, renewal status, and related subscription records.
- Internet Activity Information: Features used, access records, operation times, attribution events, install events, conversion events, and product interaction data.
- Geolocation Data: General location derived from IP address.
- Audio, Electronic, or Visual Information: Conversations / chats and user-generated content within the App, including text, files, images, videos, audio, screenshots, extracted text, previous context, and generated outputs.
- Calendar Information: Where you enable AI Scheduler (iOS only) and grant permission, calendar events from Apple Calendar, such as event titles, dates, times, and related details.
- Inferences: Limited inferences used for personalization, User Memory, safety, analytics, and service improvement. Not used for advertising profiling.
Specifically, we collect:
- Account Information: Login provider user identifiers and, where authorized or made available by the provider, your email address or display name. We do not receive your Apple or Google account password.
- Subscription Information: Apple / RevenueCat subscription records and, for web products where available, Stripe / PayPal subscription status, transaction identifiers, product identifiers, purchase dates, renewal status, and related records.
- Transaction Information: Records of subscriptions or purchases, including subscription status, transaction identifiers, product identifiers, purchase dates, renewal status, and related records. We do not receive full payment card details.
- Device Information: Device model, operating system, app version, system version, device identifier, advertising identifier where permitted, IP address, and related technical data.
- Usage Data: Automatically generated data, such as features used, access records, and operation times, analytics events, attribution events, install events, conversion events, and performance data, to improve user experience and performance.
- Conversations / Chats: Content you submit, upload, generate, or share in the App, including text messages, prompts, uploaded files, documents, PDFs, images, videos, audio, voice inputs, screenshots, extracted text, previous chat context, generated outputs, and related technical metadata needed to process your request.
- Calendar Data: With your permission, we access calendar events from Apple Calendar (such as event titles, dates, times, locations, participants, notes, and related details) to provide AI Scheduler — our AI calendar feature, which is currently available on iOS only and is not available on web — and to keep your schedule in sync between Apple Calendar and Chat AI 5. Where AI processing is needed, relevant calendar event information may be sent to third-party AI service providers as part of your request. We use your calendar data only to provide AI Scheduler and related scheduling features; we do not use it for advertising, advertising targeting, profiling, or any commercial purpose unrelated to this feature, and we do not sell or share it for cross-context behavioral advertising. You can grant or revoke calendar access at any time in your device settings; if access is not granted, calendar features will be unavailable.
- User Memory Data: Summaries of your preferences, interests, topics discussed, and interaction patterns derived from your conversations / chats. This data is generated by our systems to personalize your experience in future conversations (see Section 3.1 for details).
2.2 Collection of Sensitive Personal Information
In the past 12 months, we have collected the following sensitive personal information (as defined under California law and other jurisdictions like Saudi Arabia PDPL):
- Contents of private communications within the App, including conversations / chats.
- Potentially, data related to religious beliefs, health, racial or ethnic origins, or biometric data, if included by you in conversations / chats or other user-generated content.
If you include such sensitive information in your conversations / chats, it will be transmitted to the third-party AI service providers listed in Section 7.1 as part of your request. We recommend avoiding sensitive personal information in your conversations where possible.
Note: We do not receive your Apple or Google account password, full payment card details, App Store subscription credentials, Google sign-in credentials, or payment credentials. Sensitive personal information is used only for necessary service provision and as permitted by law, with additional safeguards (see Section 15.2).
3. How We Use Your Information
3.1 Purposes of Processing
We use your personal information to:
- Provide and maintain services: Deliver features (e.g., conversations, file analysis, image and video generation, search, voice input, email drafting, AI Scheduler, and other AI-powered features) by sending necessary conversations / chats and related context to third-party AI service providers and AI service platforms and receiving generated responses or outputs.
- Transaction management: Process subscriptions through Apple In-App Purchase (iOS) and, for web products where available, Stripe or PayPal. We maintain Apple / RevenueCat subscription records and Stripe / PayPal web subscription and transaction records where applicable, including subscription status, transaction identifiers, product identifiers, purchase dates, renewal status, and related records.
- User behavior analysis: Analyze device information, operation records, and usage data to improve service quality and user experience.
- Personalized services: Offer tailored services (e.g., content recommendations, optimized feature displays) based on usage patterns. We do not use your conversations / chats, uploaded files, images, videos, audio, screenshots, or AI-generated content for advertising targeting, cross-app tracking, or cross-context behavioral advertising. You can opt out of non-essential processing via in-app settings (see Section 18).
- User Memory: Analyze your conversations / chats to extract and store key information — such as your preferences, interests, frequently discussed topics, and interaction patterns — as a persistent User Memory profile. This profile is used to provide more relevant and personalized responses in future conversations. If User Memory is enabled, relevant memory entries may be included in future AI requests sent to third-party AI providers to personalize responses. Conversations / chats used for this purpose are uploaded and stored with encryption on our servers (see Section 8). You can request to access, export, or delete your User Memory, or opt out of User Memory generation entirely, by contacting [email protected] (see Sections 10.5 and 18). Additionally, deleting your saved conversations / chats in the App will also remove any associated User Memory entries.
- Security and fraud prevention: Use device identifiers to monitor unusual activities, prevent unauthorized use, and ensure account/payment safety.
3.2 How We Obtain Consent
We obtain your consent in two stages:
1. Launch screen notice. When you first launch the App, we display a notice on the launch screen stating: "By continuing, you agree to our Privacy Policy and Terms of Use. This app sends your conversations to third-party AI providers (e.g., OpenAI, Google) to generate responses." This notice also provides a link to this Privacy Policy.
2. Consent dialog before your first message. Before you send your first message, the App displays an in-app consent dialog that, prior to any content being sent, explains: (a) what data we collect; (b) what data will be sent; (c) the third-party AI service providers and platforms the data will be sent to; and (d) the purposes for which the data is collected and sent. Your conversations / chats are sent to third-party AI providers only after you tap "Agree and Continue" in this dialog.
By tapping Continue on the launch screen and "Agree and Continue" in the consent dialog, you acknowledge these notices and allow us to send your conversations / chats to third-party AI providers as described in this Privacy Policy. If you do not tap "Agree and Continue," your conversations / chats will not be sent to third-party AI providers, and AI features that require third-party AI processing will not be available.
Because the core AI features require third-party AI processing, these features cannot be provided without sending the necessary conversations / chats to third-party AI providers. Non-essential processing, such as analytics, attribution, or personalization where applicable, may be limited or disabled as described in this Privacy Policy.
3.3 Legal Bases for Processing
Under applicable laws, particularly GDPR, we process personal data based on:
- Consent: For explicit consent to processing.
- Contractual Necessity: For performing a contract (e.g., providing services via API calls).
- Legal Obligation: For compliance with legal requirements.
- Legitimate Interests: For our or a third party's legitimate interests, unless overridden by your rights.
- Vital Interests: To protect your or another's vital interests.
- Public Interest: For tasks in the public interest.
| Processing Activity | Legal Basis |
|---|---|
| Providing and maintaining services | Contractual Necessity |
| Transaction management | Contractual Necessity, Legal Obligation |
| User behavior analysis | Legitimate Interests |
| Personalized service | Consent |
| User Memory generation and storage | Consent |
| Security and fraud prevention | Legitimate Interests |
Where processing is based on consent, you may withdraw consent at any time (see Section 10). Withdrawing consent does not affect processing that occurred before withdrawal, and some features may be limited or unavailable if consent is needed to provide them.
4. International Data Transfers
We provide the App globally, meaning your personal data, including conversations / chats sent to third-party AI service providers and AI service platforms, may be transferred to and stored in countries with different data protection standards. Transfer locations may depend on your region, the feature used, the selected model, routing method, and the service providers involved. Depending on the providers and models involved, these transfers may include regions such as the United States, the European Union, Singapore, and China.
4.1 Cross-Border Transfer Mechanisms
We implement safeguards for international transfers:
- EEA (including Norway, Iceland, Liechtenstein), UK, Switzerland: Standard Contractual Clauses (SCCs), Data Processing Agreements (DPAs), and other appropriate safeguards where required.
- Israel: Compliance with the Protection of Privacy Law, including contractual safeguards and obtaining user consent where required.
- Switzerland: Compliance with the Federal Act on Data Protection (FADP), ensuring transfers meet local standards.
- Brazil: Compliance with LGPD, including appropriate legal bases and safeguards for transfers.
- Japan: Compliance with the Act on the Protection of Personal Information (APPI).
- South Korea: Compliance with the Personal Information Protection Act (PIPA).
- Other countries: Contractual safeguards and technical measures, with appropriate review of DPAs/SCCs where required.
4.2 Data Localization Compliance
Where required by applicable law, we apply appropriate localization, transfer, contractual, technical, or organizational safeguards. Actual storage locations may depend on your region, the feature used, and the service providers involved.
Where required by applicable law, we rely on appropriate legal mechanisms, safeguards, or user consent before transferring personal data internationally.
5. Cookies and Similar Technologies
Where applicable, our web products may use cookies or similar technologies. We request consent for non-essential cookies where required by applicable law and provide available controls to manage cookie preferences. Manage preferences via:
- iOS: Settings > Privacy & Security > Tracking.
- Web: Available cookie preference controls.
6. How We Share Your Information
6.1 Data Sharing Practices
We do not sell personal information. We may share limited device, usage, subscription, analytics, attribution, and conversion data with analytics, attribution, advertising, subscription, cloud, and infrastructure providers to operate, measure, secure, improve, and market the App, as described in this Privacy Policy. We do not use conversations / chats for advertising targeting.
We disclosed the following for business purposes to service providers and third parties:
- Identifiers.
- Commercial Information.
- Internet Activity Information.
- Geolocation Data.
- Conversations / chats.
- Audio, Electronic, or Visual Information.
- Calendar information (where you use AI Scheduler).
- Analytics, attribution, advertising, subscription, and conversion data.
We share information with:
- Apple, Google, and Login Providers: Account identifiers and login information where you sign in. We do not receive your Apple or Google account password.
- Payment and Subscription Providers: Subscription or transaction records from Apple In-App Purchase (iOS) and, for web products where available, Stripe or PayPal. We do not receive full payment card details.
- Third-Party AI Service Providers and AI Service Platforms: Conversations / chats and related context are sent via APIs to providers and platforms including OpenAI, Anthropic Claude, Google Gemini, xAI Grok, DeepSeek, Seedance, Flux, OpenRouter, Replicate, and Coze to generate replies, understand user input, analyze uploaded content, generate image or video content, route model requests, call AI models, and provide other AI-powered features.
- Data, Subscription, Analytics, Attribution, Cloud, and Infrastructure Providers: Limited device, usage, subscription, analytics, attribution, conversion, cloud hosting, network, security, and performance data may be shared with providers such as Mixpanel, Singular, RevenueCat, Google Cloud, Microsoft Azure, Amazon Web Services (AWS), Cloudflare, Meta/Facebook, and TikTok as described in Section 7.3.
- Legal Requirements: When required by law or to enforce legal obligations.
6.2 Third-Party AI Data Processing
When you use Chat AI 5, your conversations / chats are processed as follows:
- Pre-Processing: We may apply automated safety, formatting, or filtering measures before transmission. These measures are best-effort and may not remove all personal or sensitive information. You should avoid including sensitive personal information in your conversations where possible.
- Data Transmission: Conversations / chats are sent to third-party AI service providers and AI service platforms with secure encryption (TLS 1.2 or higher), selected model or feature information, routing information where applicable, and technical metadata needed to process the request.
- Conversations / Chats Storage and User Memory: Your conversations / chats may be uploaded and stored with encryption on our servers (see Section 8). If User Memory is enabled by you or with your consent, your conversations / chats may be analyzed to generate User Memory — a persistent profile of your preferences and interaction patterns used to personalize future conversations. If User Memory is enabled, relevant memory entries may be included in future AI requests sent to third-party AI providers to personalize responses. You can manage your User Memory by contacting [email protected] (see Sections 10.5 and 18).
- Data Control: Third-party providers may process data per their privacy policies (see Section 7.1), and we require privacy and security protections as described in Section 7.
- Data Deletion: Upon deletion requests, we delete data from our systems (including conversations / chats and associated User Memory entries) and request deletion from providers where feasible, though some may retain anonymized data per their policies. You may also delete your saved conversations / chats directly in the App, which will automatically remove any User Memory entries derived from those conversations / chats.
7. Third-Party Service Providers
We work with third-party providers to deliver, secure, measure, and improve the App. We require third-party service providers that process personal data for us to maintain privacy and security protections that are the same as or equivalent to those described in this Privacy Policy and required by applicable law, including confidentiality, purpose limitation, secure transmission, access controls, retention limits, breach notification where required, and assistance with user rights requests.
7.1 Third-Party AI Service Providers
| Provider | Service | Location | Data Shared | Collection Method | Purpose | Privacy Policy |
|---|---|---|---|---|---|---|
| OpenAI | ChatGPT API and related AI models | United States / global | Conversations / chats, including message text, prompts, uploaded files, images, videos, audio, screenshots, extracted text, generated outputs, conversation context, selected model or feature, and technical metadata needed to process the request. | Sent in real time via encrypted API requests when you use AI chat or related features. | Generate responses, understand user input, analyze uploaded content, and provide AI-powered features. | OpenAI Privacy |
| Anthropic Claude | Claude API and related AI models | United States / global | Conversations / chats, including message text, prompts, uploaded files, images, videos, audio, screenshots, extracted text, generated outputs, conversation context, selected model or feature, and technical metadata needed to process the request. | Sent in real time via encrypted API requests when you use AI chat or related features. | Generate responses, understand user input, analyze uploaded content, and provide AI-powered features. | Anthropic Privacy |
| Google Gemini | Gemini API and related AI models | United States / global | Conversations / chats, including message text, prompts, uploaded files, images, videos, audio, screenshots, extracted text, generated outputs, conversation context, selected model or feature, and technical metadata needed to process the request. | Sent in real time via encrypted API requests when you use AI chat or related features. | Generate responses, understand user input, analyze uploaded content, and provide AI-powered features. | Google Privacy |
| xAI Grok | Grok API and related AI models | United States / global | Conversations / chats, including message text, prompts, uploaded files, images, videos, audio, screenshots, extracted text, generated outputs, conversation context, selected model or feature, and technical metadata needed to process the request. | Sent in real time via encrypted API requests when you use AI chat or related features. | Generate responses, understand user input, analyze uploaded content, and provide AI-powered features. | xAI Privacy |
| DeepSeek | DeepSeek AI models | China / global | Conversations / chats, including message text, prompts, uploaded files, images, videos, audio, screenshots, extracted text, generated outputs, conversation context, selected model or feature, and technical metadata needed to process the request. | Sent in real time via encrypted API requests when you use AI chat or related features. | Generate responses, understand user input, analyze uploaded content, and provide AI-powered features. | DeepSeek Privacy |
| Seedance | AI video generation models | China / global | Conversations / chats, including message text, prompts, uploaded files, images, videos, audio, screenshots, extracted text, generated outputs, conversation context, selected model or feature, and technical metadata needed to process the request. | Sent via encrypted API requests when you generate AI video or related media content. | Generate video or related AI media content and provide AI-powered features. | Seedance Privacy |
| Flux | Black Forest Labs FLUX image models | Germany / United States / global | Conversations / chats, including message text, prompts, uploaded files, images, videos, audio, screenshots, extracted text, generated outputs, conversation context, selected model or feature, and technical metadata needed to process the request. | Sent via encrypted API requests when you generate AI images or related media content. | Generate images or related AI media content and provide AI-powered features. | Black Forest Labs Privacy |
7.2 Third-Party AI Service Platforms
| Provider | Service | Location | Data Shared | Collection Method | Purpose | Privacy Policy |
|---|---|---|---|---|---|---|
| OpenRouter | AI model routing platform | United States / global | Conversations / chats, model request data, routing information, generated outputs, and technical metadata needed to provide AI-powered features. | Sent via encrypted API requests and routed to the selected model when you use AI features. | Route AI requests, call AI models, and provide model selection or AI-powered features. | OpenRouter Privacy |
| Replicate | AI model hosting and API platform | United States / global | Conversations / chats, model request data, routing information, generated outputs, and technical metadata needed to provide AI-powered features. | Sent via encrypted API requests to hosted models when you use AI features. | Call hosted AI models, generate media or other AI outputs, and provide AI-powered features. | Replicate Privacy |
| Coze | Automation and chatbot platform | Singapore / global | Conversations / chats, model request data, routing information, generated outputs, and technical metadata needed to provide AI-powered features. | Sent via encrypted API requests when you use chatbot, automation, or workflow features. | Process chatbot, automation, workflow, and other AI-powered features. | Coze Privacy |
7.3 Data, Subscription, Analytics, Attribution, Cloud, and Infrastructure Providers
| Provider | Service | Location | Data Shared | Collection Method | Purpose | Privacy Policy |
|---|---|---|---|---|---|---|
| Mixpanel | Product analytics | United States / global | Usage events, device information, product interaction data, and analytics identifiers. | Collected automatically through an analytics SDK integrated in the App as you use it. | Understand product usage, measure app performance, analyze conversion events, and improve the App. | Mixpanel Privacy |
| Singular | Mobile attribution and campaign measurement | United States / global | Device identifiers where permitted, install events, app events, subscription or conversion events, and campaign attribution data. | Collected automatically through an attribution SDK and install/event signals as you use the App. | Attribute installs, measure advertising campaign performance, analyze subscription or conversion events, and support privacy-preserving measurement where available. | Singular Privacy |
| Stripe | Payment processing for web products | United States / global | Subscription status, transaction identifiers, product identifiers, purchase dates, payment method type, and related records. | Collected when you initiate a web subscription or payment. | Process web subscription payments where available, manage billing, and support payment-related customer service. | Stripe Privacy |
| PayPal | Payment processing for web products | United States / global | Subscription status, transaction identifiers, product identifiers, purchase dates, payment method type, and related records. | Collected when you initiate a web subscription or payment. | Process web subscription payments where available, manage billing, and support payment-related customer service. | PayPal Privacy |
| RevenueCat | Subscription management | United States / global | Subscription status, transaction identifiers, product identifiers, purchase dates, renewal status, and related records. | Collected when you make or manage a subscription through the App. | Manage subscriptions, verify entitlements, process renewals, and support customer service requests. | RevenueCat Privacy |
| Google Cloud | Cloud hosting and infrastructure | United States / global | Hosted data, service logs, and infrastructure metadata. | Processed through our hosting infrastructure when you use the App. | Provide cloud services, storage, processing, security, reliability, and product infrastructure. | Google Cloud Privacy |
| Microsoft Azure | Cloud hosting and infrastructure | United States / global | Hosted data, service logs, infrastructure metadata, and technical information needed to operate the Services. | Processed through our hosting infrastructure when you use the App. | Provide cloud services, storage, processing, security, reliability, monitoring, and product infrastructure. | Microsoft Privacy |
| Amazon Web Services (AWS) | Cloud hosting and infrastructure | United States / global | Hosted data, service logs, infrastructure metadata, and technical information needed to operate the Services. | Processed through our hosting infrastructure when you use the App. | Provide cloud services, storage, processing, security, reliability, monitoring, and product infrastructure. | AWS Privacy |
| Cloudflare | Network, security, and performance services | United States / global | IP address, network logs, security data, and performance data. | Collected automatically as your network requests pass through Cloudflare's network. | Provide network acceleration, security protection, reliability, and performance monitoring. | Cloudflare Privacy |
| Meta/Facebook | Advertising network and campaign measurement | United States / global | Attribution events, install or conversion events, and device or advertising identifiers where permitted. | Collected through an advertising SDK and conversion/attribution signals where permitted by Apple ATT and applicable law. | Measure advertising campaign performance and optimize advertising where permitted by Apple ATT and applicable law. | Meta Privacy |
| TikTok | Advertising network and campaign measurement | United States / global | Attribution events, install or conversion events, and device or advertising identifiers where permitted. | Collected through an advertising SDK and conversion/attribution signals where permitted by Apple ATT and applicable law. | Measure advertising campaign performance and optimize advertising where permitted by Apple ATT and applicable law. | TikTok Privacy |
We use analytics and attribution providers, including Mixpanel and Singular, to understand product usage, measure app performance, attribute installs, measure advertising campaign performance, and analyze subscription or conversion events. Where applicable, attribution data may be shared with advertising networks such as Meta/Facebook, TikTok, or other campaign partners to measure campaign performance and optimize advertising. Where required by applicable law (for example, in the EEA and UK), we request your consent before activating non-essential analytics or advertising technologies, including the analytics and advertising SDKs described above, and you can change or withdraw your choices at any time (see Section 18).
We do not send your Apple ID, Google account password, full payment card details, App Store subscription credentials, Google sign-in credentials, payment credentials, or advertising identifiers to third-party AI providers unless they are included by you in your conversations / chats.
We do not use your conversations / chats, uploaded files, images, videos, audio, screenshots, or AI-generated content for advertising targeting, cross-app tracking, or cross-context behavioral advertising.
8. Data Security
We implement technical and organizational measures to protect your data, including:
- Encrypted transmission: SSL/TLS encryption for sensitive data, subscription records, login identifiers, conversations / chats, and API calls.
- Encrypted storage (at rest): We use industry-standard encryption and appropriate technical safeguards for stored conversations / chats and User Memory data where applicable.
- Access control: We limit access to authorized personnel and service providers who need access for permitted business, security, support, legal, or operational purposes.
- Security reviews: We review and update security measures as appropriate to reduce the risk of unauthorized access, loss, misuse, or alteration.
No transmission or storage method is 100% secure, but we strive to protect your data.
9. Data Storage and Retention
9.1 Storage Locations
Data is stored on secure servers and service provider infrastructure. Actual storage locations may depend on your region, the feature used, the selected model, routing method, and the service providers involved. Where required by applicable law, we apply appropriate localization, transfer, contractual, technical, or organizational safeguards.
For data localization laws, see Section 4.2.
9.2 Retention Periods
- Apple / RevenueCat Subscription Records and Stripe / PayPal Web Transaction Records: Subscription status, transaction identifiers, product identifiers, purchase dates, renewal status, and related records, retained for 7 years where needed for legal, tax, accounting, financial, or dispute-resolution obligations.
- Device/Usage/Analytics/Attribution Data: 2 years for analytics, attribution, security, product improvement, and campaign measurement, or until deletion request where applicable.
- Conversations / Chats: 1 year for service continuity, or until deletion request, unless a longer period is required or permitted by law.
- Calendar Data: Calendar events accessed through AI Scheduler are retained only while you keep calendar access granted and the feature enabled, or until you revoke access in your device settings or request deletion. This describes retention within our systems; calendar event information sent to third-party AI providers as part of processed API requests is subject to the retention policies of those providers (see Section 10.4).
- User Memory Data: Retained for as long as your account is active or until you request deletion by contacting [email protected]. When you delete specific conversations / chats in the App, any memory entries derived solely from those conversations / chats will also be removed. If you delete all saved conversations / chats or request full account deletion, associated User Memory data will be deleted subject to legal, security, backup, or technical retention requirements.
- Consumer Request Records: 24 months for compliance, in a secure environment.
10. Your Rights
10.1 General Privacy Rights
Depending on your location, you may have rights to:
- Access.
- Rectification.
- Erasure.
- Restrict processing.
- Data portability.
- Object.
- Withdraw consent.
10.2 How to Exercise Your Rights
Contact us via:
- Email: [email protected].
- In-App: Settings > Contact Us (online form).
Response times:
- GDPR: Within 30 days, unless an extension is permitted by law.
- CCPA/CPRA: Within 45 days, unless an extension is permitted by law.
- Japan (APPI): Within a reasonable period required by applicable law.
- South Korea (PIPA): Without undue delay and within the period required by applicable law.
- Saudi Arabia (PDPL): Within the period required by applicable law.
If additional time is needed, we will inform you. Electronic requests receive electronic responses unless specified otherwise.
10.3 Verification Process
To protect your data, we verify requests:
- Basic Requests (e.g., opt-out): Via email or device identifier.
- Sensitive Requests (e.g., access/deletion):
- Verified through account identifiers, login provider information where available, transaction identifiers, subscription status, device identifiers, or other information you provide to help us locate your records.
- If no subscription or login record is available: Verified via device/usage details, signed declaration, or recent conversation snippets provided via [email protected].
Data access requests are provided in portable formats (e.g., CSV, JSON). No fees are charged unless requests are excessive, with prior cost estimates.
10.4 Third-Party AI Provider Data Rights
For data processed by third-party AI providers:
- Access: We provide data in our systems and details of providers who processed your conversations / chats.
- Deletion: We delete data from our systems and forward deletion requests to providers where feasible, though some may retain anonymized data.
- Limitation: Complete deletion of derivatives from AI models may not be possible.
- Direct Rights: Exercise rights directly with providers using their privacy policy contacts.
10.5 Your Rights Regarding User Memory
You have the following rights over your User Memory data. To exercise any of these rights, contact us at [email protected]:
- Access and Export: Request a copy of your User Memory data to review what information has been stored about your preferences and interaction patterns. We will provide the data in a portable format (e.g., JSON) within the applicable response timeframe (see Section 10.2).
- Deletion: Request deletion of specific memory entries or your entire User Memory. You may also delete your saved conversations / chats directly in the App, which will automatically remove any User Memory entries derived from those conversations / chats.
- Opt-Out: Request to disable User Memory generation entirely. Once disabled, no new memory entries will be created from your conversations / chats. If User Memory is enabled, relevant memory entries may be included in future AI requests sent to third-party AI providers to personalize responses. Existing memory data will be retained until you separately request its deletion or delete your saved conversations / chats.
11. Special Notice for California Residents
11.1 California Consumer Rights
Under CCPA/CPRA, you have rights to:
- Know: Categories, sources, purposes, third parties, and specific pieces of personal information collected (past 12 months).
- Delete: Request deletion, subject to exceptions.
- Correct: Request correction of inaccurate data.
- Opt-Out of Sale/Sharing: Opt out of applicable sharing of limited device, usage, analytics, attribution, advertising, subscription, or conversion data where required by law.
- Limit Sensitive Information: Limit use to necessary services.
- Non-Discrimination: No denial, price differences, or reduced service quality for exercising rights.
11.2 Authorized Agent
Use an authorized agent with written permission and direct identity verification. Contact [email protected].
11.3 Do Not Sell or Share My Personal Information
We do not sell personal information. We may share limited device, usage, subscription, analytics, attribution, and conversion data with analytics, attribution, advertising, subscription, cloud, and infrastructure providers to operate, measure, secure, improve, and market the App, as described in this Privacy Policy. We do not use conversations / chats for advertising targeting. Opt out via:
- Email: [email protected] ("Do Not Sell or Share My Personal Information").
- In-App: Settings > Contact Us.
11.4 Notice of Financial Incentive
We do not offer financial incentives for retaining or selling personal information.
12. Special Notice for EU, EEA, and UK Residents
12.1 GDPR Compliance
Under GDPR/UK GDPR, you have rights (per Section 10) plus:
- Lodge a complaint with a supervisory authority.
- Object to processing based on legitimate interests.
- Object to direct marketing.
- Rights against automated decision-making/profiling.
12.2 Data Protection Officer
Contact our DPO:
- Email: [email protected].
- Postal: Data Protection Officer, Alzor Labs Company Limited, 21/F, 14 Tai Koo Wan Road, Quarry Bay, Hong Kong.
12.3 EU Representative
For EU users (GDPR Article 27):
- EMCI Sp. z o.o., ul. Chalubinskiego 8, 00-613 Warszawa, Mazowieckie, Poland.
- Contact: Alice Hill.
- Email: [email protected].
- Phone: +48 535 040 040.
12.4 UK Representative
For UK users (UK GDPR):
- BRITCORP SOLUTIONS LTD, 167-169 Great Portland Street, London, W1W 5PF, England, United Kingdom.
- Contact: Marie Dubois.
- Email: [email protected].
- Phone: +44 7395 178678.
13. Special Notice for Asian Jurisdictions
13.1 Japan (APPI Compliance)
Where applicable, we aim to comply with applicable requirements of APPI:
- Notify purpose of use at collection.
- Limit use to necessary scope without prior consent.
- Respond to disclosure requests within 2 weeks.
- Contact: [email protected].
13.2 South Korea (PIPA Compliance)
Where applicable, we aim to comply with applicable requirements of PIPA:
- Obtain separate consent for sensitive/unique identifying information.
- Destroy data after purpose fulfillment or retention period.
- Contact: [email protected].
13.3 Singapore (PDPA Compliance)
Where applicable, we aim to comply with applicable requirements of PDPA:
- Collect/use/disclose data for reasonable purposes.
- Protect data from unauthorized risks.
- Contact: [email protected].
13.4 China (PIPL Compliance)
Where applicable, we aim to comply with applicable requirements of PIPL:
- Apply appropriate localization, transfer, contractual, technical, or organizational safeguards where required by applicable law.
- Conduct security assessments for cross-border transfers where required.
- Appointed a personal information protection officer.
- Contact: [email protected].
14. Special Notice for Middle East Jurisdictions
14.1 United Arab Emirates (UAE)
Where applicable, we aim to comply with applicable requirements of Federal Decree-Law No. 45 of 2021. UAE users may have rights to:
- Access/correct data.
- Request deletion.
- Withdraw consent.
- Object to automated decision-making.
- Contact: [email protected].
14.2 Saudi Arabia
Where applicable, we aim to comply with applicable requirements of PDPL. Saudi users may have rights to:
- Be informed about processing.
- Access/correct/delete data.
- Withdraw consent.
- Object to automated decision-making.
- Contact: [email protected].
14.3 Qatar
Where applicable, we aim to comply with applicable requirements of Data Protection Law No. 13 of 2016. Contact: [email protected].
14.4 Israel
Where applicable, we aim to comply with applicable requirements of the Protection of Privacy Law, 1981, including user rights to access and correct data. Contact: [email protected].
14.5 Cultural and Religious Sensitivities
In the UAE, Saudi Arabia, Qatar, and Israel, we take steps to protect sensitive data (e.g., religious beliefs, cultural practices) per local laws and customs. We apply appropriate safeguards where required by applicable law.
15. AI Transparency and Ethics
15.1 AI-Specific Disclosures
Chat AI 5 uses third-party AI service providers and AI service platforms, including OpenAI, Anthropic Claude, Google Gemini, xAI Grok, DeepSeek, Seedance, Flux, OpenRouter, Replicate, and Coze, to power features like conversations, file analysis, image and video generation, search, voice input, email drafting, AI Scheduler, and other AI-powered features. Conversations / chats are sent to these providers and platforms via secure APIs to generate responses, analyze uploaded content, route model requests, call AI models, and generate related AI outputs.
- Nature of AI Interaction: Responses are generated based on statistical patterns, not human understanding.
- AI Limitations: May produce inaccurate, incomplete, or biased content, dependent on third-party models; not suitable for critical decisions without oversight.
- Limited Authorized Access: We do not routinely review your conversations manually. Limited authorized access may occur only when necessary for user support, security, troubleshooting, legal compliance, or to respond to your request.
- AI Decision-Making: We use automated decisions (e.g., recommending topics based on
conversations / chats or User Memory) affecting displayed content/features, without legal/significant effects.
Rights include:
- Human intervention.
- Expressing your view.
- Contesting decisions.
- Contact: [email protected].
15.2 Conversation Processing and Protection
We route conversations / chats to the most appropriate AI model based on:
- Request type, language, and complexity.
- Selected features (e.g., conversation vs. email drafting).
- Content safety and regional availability.
- Performance optimization.
The model used may depend on the feature, selected option, availability, and routing logic. We protect sensitive information with:
- Pre-Processing Measures: We may apply automated safety, formatting, or filtering measures before transmission. These measures are best-effort and may not remove all personal or sensitive information. You should avoid including sensitive personal information in your conversations where possible.
- Transmission Controls: Secure encryption (TLS 1.2 or higher), API authentication, and periodic credential rotation.
- Safety Notices: We may provide safety notices where available.
15.3 Third-Party Provider Roles
Depending on the service and applicable law, third-party AI providers may act as processors under Data Processing Agreements (DPAs) or as independent controllers under their own privacy policies. We maintain appropriate contractual arrangements with each provider and cooperate to fulfill user rights requests.
16. Children's Privacy
The App is not intended for children. We do not knowingly collect data from children. Age thresholds may vary by jurisdiction, including under 13 in the United States and other ages where required by applicable law.
If we learn a child has provided data without required parental consent, we will delete it promptly. Contact [email protected] if you believe a child has provided data.
For California residents, we do not sell/share data of users under 16 without affirmative authorization (from users 13–16 or parents for under 13).
17. Links to Third-Party Websites/Services
The App may link to third-party sites/services. Their privacy practices may differ from ours when you access them directly. Review their policies before providing data.
18. How to Opt-Out
Opt out of data collection/processing via:
18.1 iPhone Devices and App Tracking Transparency
Where required by Apple's App Tracking Transparency framework or applicable law, we request your permission before accessing the device advertising identifier or using data to track your activity across apps and websites owned by other companies. If you deny tracking permission, we will not access the device advertising identifier for tracking purposes and will use only permitted, aggregated, or privacy-preserving measurement methods where available.
- Disable Tracking:
- Settings > Privacy & Security > Tracking.
- Turn off "Allow Apps to Request to Track."
- Disable Personalized Ads:
- Settings > Privacy & Security > Apple Advertising.
- Turn off "Personalized Ads."
18.2 In-App and Support
For non-essential processing (e.g., analytics, attribution, advertising campaign measurement, or personalization where applicable):
- In-App: Settings > Contact Us.
- Email: [email protected].
Core AI features (e.g., conversations, file analysis, image and video generation, search, voice input, email drafting, AI Scheduler, and other AI-powered features) require third-party AI processing and cannot be provided without sending the necessary conversations / chats to third-party AI providers or platforms. Non-essential requests are processed within 15 days (GDPR/UK GDPR) or 45 days (other jurisdictions).
To opt out of User Memory generation, or to request access, export, or deletion of your User Memory data, email [email protected] with the subject line "User Memory Request." You may also delete your saved conversations / chats in the App, which will automatically remove any User Memory entries derived from those conversations / chats.
18.3 Do Not Sell or Share My Personal Information
We do not sell personal information. We may share limited device, usage, subscription, analytics, attribution, and conversion data with analytics, attribution, advertising, subscription, cloud, and infrastructure providers to operate, measure, secure, improve, and market the App, as described in this Privacy Policy. We do not use conversations / chats for advertising targeting. Opt out via:
- Email: [email protected] ("Do Not Sell or Share My Personal Information").
- In-App: Settings > Contact Us.
18.4 Limit Sensitive Personal Information
Limit use to necessary services via:
- Email: [email protected] ("Limit Sensitive Personal Information").
- In-App: Settings > Contact Us.
18.5 Global Privacy Control (GPC)
Where required by applicable law and technically feasible, we honor Global Privacy Control (GPC) signals as opt-out requests for applicable sale or sharing of personal information. You may enable GPC through supported browser extensions or privacy browsers.
19. Data Breach Notification
If a data breach affects the security of your personal data, we will assess the incident and notify affected users and regulators where required by applicable law. Notice may be provided by email, in-app notification, website notice, or other reasonable means and may include information about the incident, data involved, protective steps, and contact information where appropriate.
Report suspected breaches to [email protected].
20. Dispute Resolution and Governing Law
20.1 Dispute Resolution Process
For disputes regarding your personal data:
- Initial Contact: Email [email protected].
- Escalation:
- Acknowledgment within 5 business days.
- Initial response within 15 business days.
- Resolution proposal within 30 business days.
- Alternative Dispute Resolution:
- EU/EEA: Mediation via local data protection authority.
- Others: Voluntary mediation through an independent third party.
20.2 Governing Law and Jurisdiction
- EU/EEA Residents: Claims may be brought in your country of habitual residence, work, or alleged infringement.
- Non-EU/EEA Residents: Disputes are governed by Hong Kong law, with courts in Hong Kong having non-exclusive jurisdiction, unless prohibited by local law.
21. Changes to This Privacy Policy
We may update this policy for business, product, legal, or security reasons. When required by applicable law or when changes are material, we will provide notice through reasonable means, such as in-app notice, email, or an updated posting of this Privacy Policy.