Privacy Policy

1. Information We Collect

When you access or otherwise use our Services, we may collect information from you. The types of information we collect depend on how you use our Services. Please note that we need certain types of information to provide the Services to you. If you do not provide us with such information, or if you ask us to delete that information, you may no longer be able to access or use certain Services. The information we collect may include data you directly provide to us, data we obtain automatically from your interactions with our Services, and data we obtain from other sources.

Information you provide directly to us

We may collect information directly from you. You are not required to provide us with such information, but certain features of the Services may not be accessible or available absent the provision of the requested information. Information you provide directly to us may include, but is not limited to:

(a) Account Information:

• Email address (when you sign in via Google OAuth or email sign-in)
• User name or display name
• Profile information

(b) Payment Information:

• Payment information (processed through Stripe, our payment processing vendor)
• Billing address
• Subscription details (plan type, billing cycle)

(c) Content and Optimization Data:

• The text content you submit for optimization
• The AI-generated optimized versions of your content
• Your optimization preferences and settings

(d) Communications:

• Contents of communications with us (support requests, feedback, inquiries)

Information we collect automatically

We and our third-party vendors may use cookies, web beacons, and other tracking technologies to collect information about the computers or devices (including mobile devices) you use to access the Services. We may collect and analyze information including but not limited to:

• Browser type and version
• ISP or operating system
• Domain name
• Access time and date
• Referring or exit pages
• Page views and navigation patterns
• IP address
• Unique device identifiers
• Version of our Services you're using
• Type of device that you use

We may also track when and how frequently you access or use the Services, including how you engage with or navigate our application. We use this information for analytics (including to determine which portions of the Services are used most frequently and what our users like/do not like), to evaluate the success of our features, and as otherwise described in this Policy.

We and our third-party vendors may use cookies, clear GIFs, pixel tags, and other technologies that help us better understand user behavior, personalize preferences, perform research and analytics, and improve the Services. These technologies, for example, may allow us to tailor the Services to your needs, save your preferences, track the pages you visit, help us manage content, and compile statistics about usage of our Services.

Most web browsers automatically accept cookies, but your browser may allow you to modify your browser settings to decline cookies if you prefer. If you disable cookies, you may be prevented from taking full advantage of the Services, because the Services may not function properly. As we adopt additional technologies, we may also gather additional information through other methods. For more information, see https://www.allaboutcookies.org/.

Information we collect from other sources

We may collect information about you from other parties, such as:

(a) Third-Party Authentication:

When you sign in using Google OAuth, we receive information from Google identifying your account, including your email address and basic profile information. When you use email sign-in, we collect your email address to authenticate your account.

(b) Payment Processors:

We receive payment confirmation and subscription status information from Stripe when you subscribe to our Pro plan.

(c) Analytics Services:

We may receive aggregated analytics data from third-party services to help us understand how our Services are used.

2. How We Use the Information We Collect

We may use your information for any of the following purposes:

(a) Provide and administer the Services:

• Process your content optimization requests
• Store and retrieve your optimization history
• Manage your account and subscription
• Provide customer support

(b) Improve and develop our Services:

• Analyze usage patterns and outcomes
• Train and improve our AI optimization algorithms
• Develop new features and services
• Conduct research and development

(c) Personalize the Services:

• Remember your preferences and settings
• Provide personalized optimization recommendations
• Customize your user experience

(d) Communicate with you:

• Send you service-related communications (account updates, subscription changes)
• Respond to your inquiries, comments, feedback, or questions
• Send you information about features or aspects of the Services we believe might be of interest to you
• Communicate with you about changes to our terms, conditions, or policies

(e) Security and Fraud Prevention:

• Detect and prevent fraud, criminal activity, or misuses of our Service
• Ensure the security of our IT systems, architecture, and networks
• Enforce usage limits and prevent abuse

(f) Legal Compliance:

• Comply with legal obligations and legal process
• Protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or other parties
• Enforce our Terms of Service and any other agreements

(g) Business Operations:

• Aggregate and anonymize data for business intelligence
• Conduct research and analysis
• Develop new programs and services

We may combine information that we collect from you through the Services with information that we obtain from other sources. We may also aggregate and/or de-identify information collected through the Services. We may use and disclose de-identified or aggregated data for any purpose, including without limitation for research, algorithm improvement, and marketing purposes.

3. When We Disclose the Information We Collect

We may disclose your information in any of the following circumstances:

Service Providers and Vendors:

We may disclose your information to employees, consultants, and other vendors who need access to such information to carry out work or perform services on our behalf, such as:

• Supabase: Data storage and database services (hosted in the United States)
• Stripe: Payment processing and subscription management
• Google: Authentication services (Google OAuth)
• Vercel: Application hosting and infrastructure
• Analytics providers, customer service platforms, and technology support services

Safety and Protection of Inflect and Others:

We may disclose certain information if we believe in good faith that doing so is necessary or appropriate to:

• Protect or defend Inflect or other parties, including to defend or enforce this Policy, our Terms of Service, or any other contractual arrangement
• Protect the rights, property or personal safety of Inflect, our employees, users and/or the public

Legal Requirements:

We may disclose certain information if we believe in good faith that doing so is necessary or appropriate to comply with any law enforcement, legal, or regulatory process, such as to respond to a warrant, subpoena, court order, or other applicable laws and regulations.

Business Transfers:

We may disclose certain information, in connection with or during negotiations or closing of any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

With Your Consent:

We may disclose your information to nonaffiliated third parties based on your consent to do so.

Aggregated and De-Identified Data:

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you for research, benchmarking, and business purposes.

4. Data Retention

We keep your information for the time necessary for the purposes for which it is processed. The length of time for which we retain information depends on the purposes for which we collected and use it and your choices. We may retain certain information after account deletion as required by law or for legitimate business purposes (e.g., fraud prevention, legal compliance, algorithm improvement). Some data may be converted to anonymized form for ongoing research and development.

5. Your Choices

We offer you certain choices regarding the collection, use, and disclosure of information about you.

Account Information:

You may deactivate your account through your account settings. You may also verify, correct, update, or delete certain of your information through your account settings.

Content Deletion:

You can request deletion of your optimization history and content. Please note that deletion may take up to 30 days to process, and some data may be retained as required by law or for legitimate business purposes.

Marketing Communications:

You can unsubscribe from marketing emails by following the directions in those emails. Please note that if you unsubscribe from marketing emails, we may still send you administrative emails regarding the Services, including, for example, notices of updates to our Terms of Service or this Policy.

Cookies and Analytics:

You can opt out of certain cookie-related and analytics processing by adjusting your browser settings or using browser extensions that block tracking technologies.

Rights to Information About You:

Your local law may provide you certain rights with respect to your information. Depending on your jurisdiction, you may request that we:

• Provide you with information about the categories of personal information we collect or disclose about you
• Provide access to and/or a copy of certain information we hold about you
• Prevent the processing of your information for direct-marketing purposes
• Update information which is out of date or incorrect
• Delete certain information that we are holding about you
• Restrict the way that we process and disclose certain information about you
• Transfer your information to a third-party provider of services
• Revoke your consent for the processing of your information

You may be able to designate an authorized agent to make requests on your behalf. In order for an authorized agent to be verified, you must provide the authorized agent with signed, written permission to make such requests or a power of attorney. We may also follow up with you to verify your identity before processing the authorized agent's request as permitted by applicable law.

Please note that certain information may be exempt from such requests under applicable law. For example, we may retain certain information for legal compliance and to secure our Services. We may need certain information in order to provide the Services to you; if you ask us to delete it, you may no longer be able to use the Services.

You also have the right to not be discriminated against (as provided for in applicable law) for exercising your rights.

6. Regional Privacy Disclosures

Residents of the European Economic Area and United Kingdom

Inflect is considered the "data controller" of the "personal data" (as defined under the General Data Protection Regulation) we handle under this Policy. In other words, Inflect is responsible for deciding how to collect, use, and disclose personal data, subject to applicable law. The laws of the European Economic Area and the United Kingdom require data controllers to tell you about the legal ground that they rely on for using, sharing, or disclosing your personal data. To the extent those laws apply, our legal grounds are as follows:

Contractual Commitments:

We may use, share, or disclose personal data to honor our contractual commitments to you. For example, we will process your personal data to comply with our agreements with you, and to honor our commitments in any contracts that we have with you.

With Your Consent:

Where required by law, and in some other cases, we use, share, or disclose personal data on the basis of your consent.

Legitimate Interests:

In many cases, we use, share, or disclose personal data on the ground that it furthers our legitimate business interests in ways that are not overridden by the interests or fundamental rights and freedoms of the affected individuals, such as:

• Customer service and support
• Analyzing and improving our business and Services
• Providing security for the Services
• Preventing fraud and abuse
• Managing legal issues
• Algorithm development and research (with appropriate safeguards)

Legal Compliance:

We need to use and disclose personal data in certain ways to comply with our legal obligations.

Residents of Nevada

If you are a resident of Nevada, you have the right to opt-out of the sale of certain personal information to unaffiliated parties. You can exercise this right by contacting us as described in the "Contact Us" section below with the subject line "Nevada Do Not Sell Request" and providing us with your name and the email address. We do not currently sell your personal information as sales are defined in Nevada Revised Statutes Chapter 603A.

Residents of California

Throughout this Policy, we discuss in detail the specific pieces of personal information and sensitive personal information we collect, the sources of that information, and how we disclose it. Under the California Consumer Privacy Act ("CCPA"), we also have to provide you with the "categories" of personal information and sensitive personal information we collect and disclose for business or commercial purposes (as "categories" are defined by the CCPA).

Categories of Personal Information We Collect:

• Identifiers (email address, user name, IP address)
• Commercial information (subscription details, payment information)
• Internet or other electronic network activity (usage data, optimization history)
• Content data (input text, optimized output)
• Geolocation data (IP address-based, approximate location)
• Inferences drawn from other personal information (usage patterns, preferences)

Categories of Sensitive Personal Information:

• Account login credentials (processed through Google OAuth)
• Payment information (processed through Stripe)

Business or Commercial Purposes:

We use and disclose the categories of personal information listed above for the business and commercial purposes described in Section 2 ("How We Use the Information We Collect"), including providing the Services, improving our algorithms, conducting research, and ensuring security.

Your California Privacy Rights:

If you are a California resident, you have the right to:

• Know what personal information we collect, use, disclose, and sell
• Delete personal information we have collected from you
• Opt-out of the sale or sharing of your personal information (we do not currently sell personal information)
• Non-discrimination for exercising your privacy rights

To exercise these rights, please contact us as described in the "Contact Us" section below.

7. Children's Privacy

The Services are not designed for minors under 13, and our Terms of Service prohibit use by anyone under 13 or under 16 if you are a resident of the European Economic Area. If we discover that an individual under 13 has provided us with "personal information," as defined in the Children's Online Privacy Protection Act ("COPPA"), we will close the account and delete the personal information to the extent required by COPPA. We may, where permitted by law, retain certain information internally for purposes described in this Policy.

8. Security

Inflect implements technical, administrative, and physical safeguards to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. These measures include:

• Encryption of data in transit and at rest
• Secure authentication via Google OAuth
• Regular security assessments and updates
• Access controls and employee training
• Secure payment processing through Stripe

However, no Internet or email transmission is ever fully secure or error free. Therefore, we do not promise and cannot guarantee the security of your information or communications. You use the Services at your own risk.

9. Consent to Transfer

Our services are global and your information may be stored and processed in the United States and other countries that may have data protection laws that differ from the laws in your country, and data may be accessible to law enforcement and national security authorities under certain circumstances. By using the Services, or providing us with any information, you consent to the collection, processing, maintenance, and transfer of such information in and to the United States and other applicable countries in which the privacy laws may not be as comprehensive as, or equivalent to, those in the country where you reside and/or are a citizen.

Data Storage Locations:

• Supabase: Data is stored in the United States
• Stripe: Payment data is processed and stored in accordance with Stripe's data processing agreements
• Vercel: Application hosting infrastructure may be located in various regions

10. AI Processing and Third-Party Services

AI Content Processing: When you submit content for optimization, we use Google's Gemini AI API to process and optimize your content. This means your content is transmitted to Google's servers for processing. Google's use of your content is governed by their Privacy Policy and Terms of Service. We do not control how Google processes or stores your content on their servers.

The Services may also contain links to third-party websites or services. We are not responsible for the content or practices of those websites or services. The collection, use, and disclosure of your information by third parties will be subject to the privacy policies of the third-party websites or services, and not this Policy. We urge you to read the privacy and security policies of these third parties before providing information to them.

Third-Party Services We Use:

• Google Gemini AI: For content optimization - see Google Privacy Policy and Google AI Terms
• Google OAuth: For authentication - see Google Privacy Policy
• Stripe: For payments - see Stripe Privacy Policy
• Supabase: For data storage - see Supabase Privacy Policy
• Vercel: For hosting - see Vercel Privacy Policy

11. Changes to this Policy

We may change this Policy to reflect changes in the law, our information practices or the features of the Services. We will indicate the date of the most recent update in this Policy. If we make a material change to the Policy, you will be provided with appropriate notice in accordance with legal requirements. By continuing to use the Services, you are confirming that you have read and understood the latest version of this Policy.

12. Contact Us

If you have any questions about our Privacy Policy or information practices, or if you wish to exercise your privacy rights, please contact us:

Email: hq@useinflect.ai

We will respond to your inquiry within 30 days, or as required by applicable law.