Privacy Policy

Last updated: October 31, 2024

1. Introduction and Scope

1.1. About This Policy

This Privacy Policy explains how UAB Ocansa ("HUBBA.AI", "we", "us", or "our"), registration number 306376795, address: Eduardo AndrΔ— str. 14-5, LT-02232 Vilnius, Lithuania, collects, uses, and protects your personal data when you use HUBBA.AI, a platform for chatting with virtual AI characters and generating AI-powered images (the "Service").

1.2. Acceptance of Policy

By accessing and/or using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with any part of this policy, please cease using our Service immediately.

1.3. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on our website and updating the "Last Updated" date. Your continued use of the Service after such modifications constitutes your acknowledgment of the modified Privacy Policy.

2. Information Collection

2.1. Account Information

We collect and store:

  • Email address (through direct registration or Google OAuth)
  • Authentication verification status
  • Account creation date and time
  • Last login date and time
  • IP addresses used for authentication

2.2. Service Usage Data

We collect and store:

  • Chat histories with AI companions
  • Generated images and related parameters
  • Web push notification preferences (if enabled)
  • Browser and device information (for push notifications)
  • Session data and interaction patterns
  • Service usage metrics

2.3. Payment Information

Through our payment processor (Stripe), we collect:

  • Transaction history
  • Subscription status
  • Payment method details as provided by Stripe
  • Purchase timestamps

3. Use of Information

3.1. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract performance: Processing necessary to provide the Service (chat histories, AI interactions)
  • Consent: Marketing communications and web push notifications
  • Legal obligations: Tax and accounting requirements
  • Legitimate interests: Security and fraud prevention

3.2. Primary Purposes

We use your personal data for:

  • Providing and maintaining the Service
  • Processing your payments
  • Sending push notifications about new AI companion messages (with your permission)
  • Preventing abuse and maintaining security
  • Complying with legal obligations

3.3. Marketing Communications

We will only send you marketing communications if you have explicitly opted in by checking "Receive product updates" during registration. You can withdraw this consent at any time by:

4. Data Storage and Security

4.1. Storage Location

  • Primary user data is stored on servers located in the European Union
  • Anonymized chat data may be processed in the United States for AI inference purposes

4.2. Security Measures

We implement and maintain appropriate technical and organizational security measures:

  • TLS encryption for data in transit
  • Hashing of sensitive data
  • Secure authentication processes
  • Regular security assessments

5. Third-Party Services

5.1. Service Providers

We work with the following third-party service providers:

  • Stripe (payment processing)
  • Google (authentication)
  • Sentry.io (error tracking)

5.2. Data Processing Agreements

All third-party service providers process your data in accordance with:

  • Their respective privacy policies
  • Our data processing agreements
  • Applicable data protection laws

6. Your Rights and Choices

6.1. User Rights

You have the right to:

  • Access your personal data
  • Request correction of your data
  • Request deletion of your data
  • Object to processing of your data
  • Request data portability

6.2. Exercise of Rights

To exercise these rights:

  • Email your request to [email protected]
  • Provide sufficient information to identify your account
  • Specify the right you wish to exercise
  • Allow up to 30 days for our response

7. Data Retention

7.1. Retention Periods

We retain different types of data for specific periods:

  • Account information: While account remains active
  • Chat histories: While account remains active
  • Generated images: While account remains active
  • Transaction records: As required by law (minimum 7 years)
  • Marketing preferences: Until consent withdrawal

7.2. Data Deletion

  • Account deletion requests must be sent to [email protected]
  • Upon account deletion:
    • Personal data is marked for immediate deletion
    • Technical deletion process completes within 3 months
    • Backup systems may retain data for up to 3 months
  • Payment information is retained by Stripe according to their privacy policy
  • Some information may be retained if required by law or legitimate business purposes

8. International Data Transfers

8.1. Data Processing Locations

  • Primary data processing occurs in the European Union
  • Anonymized data may be processed in the United States for AI operations
  • All international transfers comply with applicable data protection laws

8.2. Safeguards

For transfers outside the EU, we implement appropriate safeguards:

  • Data minimization and anonymization where possible
  • Encryption during transfer and storage
  • Regular security assessments

9. Children's Privacy

9.1. Age Restrictions

  • The Service is not intended for use by individuals under the age of 18
  • We do not knowingly collect personal data from children
  • Users found to be under 18 will have their accounts terminated immediately

9.2. Notification and Deletion

If we become aware that we have collected personal data from children without verification of parental consent, we will:

  • Take immediate steps to remove that information
  • Terminate the associated account
  • Delete all related personal data

10. Contact Information

10.1. Data Protection Inquiries

For specific data protection inquiries or to exercise your rights, please email [email protected] with the subject line "Data Protection Request"

10.2. Contact Details

If you have any questions about these Terms, please contact us through [email protected] or at the following address:

UAB Ocansa
Eduardo AndrΔ— str. 14-5, LT-02232 Vilnius, Lithuania