Last Updated on October, 24, 2024
Welcome to Karin AI!
This Privacy Policy explains how we collect, use, share, and protect your personal data when you use our mobile application (“App”), available on both the App Store and Google Play. Karin AI is committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
1. Information We Collect
Personal Information: We collect and process the following personal data:
Contact Information: Names and email addresses for account setup, user support, and communication.
Payment Information: Data necessary for securely processing payments (billing details, but no full card numbers stored).
User Inputs: Information you provide through text or voice interactions with the AI, saved in the chat history for continued conversation and user convenience.
Data Security: User inputs within the app remain confidential and are inaccessible to Karin AI employees. This information is securely managed and stored within GDPR-compliant protocols to ensure that it is only accessible for user-driven purposes.
Automatically Collected Data
We collect technical information, including IP addresses, device specifications, and usage statistics, to maintain secure app performance. This information is gathered using secure Firebase tools for analytics and app functionality but is anonymized and aggregated wherever possible to protect individual user identities.
2. Purpose of Data Collection and Processing
The data we collect is used for the following purposes:
User Experience Enhancement: To personalize the AI’s responses and improve app engagement.
Communication: To send newsletters, notifications, and relevant updates.
Payment Processing: To facilitate secure transactions and manage subscriptions.
Analytics and Security: To monitor usage patterns, optimize performance, and ensure a safe environment.
3. Third-Party Services
Karin AI utilizes specific third-party tools to enhance app functionality while maintaining strict data security:
Google Analytics and Meta Pixel: For app usage and performance analysis, ensuring aggregated insights without compromising user privacy.
OpenAI API: For AI-driven interactions, with strict access controls to ensure user input data remains private.
Firebase: Provides data storage, authentication, and security functions with compliance certifications under ISO 27001, ISO 27017, ISO 27018, SOC 1, SOC 2, and SOC 3 standards.
Data Processing and Security: Google, as a processor for Firebase data, complies with GDPR and CCPA, processing personal data on behalf of Karin AI. Firebase’s Data Processing and Security Terms cover their obligations and certify compliance under the EU-U.S. Data Privacy Framework.
4. User Rights
As a user of Karin AI, you have specific rights regarding your data:
Access: View any personal data, including chat history.
Data Deletion: Delete your account and associated data via the app’s settings, ensuring removal from both active and backup systems within 12 days.
Opt-Out of Analytics: For users in the EU, we offer the option to disable analytics tracking.
5. Data Security Measures
To protect your data, Karin AI utilizes Firebase’s robust security infrastructure:
Encryption: All data in transit is encrypted using HTTPS, and specific Firebase services encrypt data at rest.
Access Control: Role-based access control (RBAC) limits data access to essential personnel only, who must use two-factor authentication and sign in with Google Sign-In.
Audit Logs: Firebase logs all employee access to systems handling personal data, with regular monitoring to prevent unauthorized access.
ISO Certifications: Firebase’s compliance with ISO standards ensures rigorous data handling practices.
6. Data Retention and Deletion Policies
We retain user data based on the following timelines:
Chat History: Retained for active users, enabling seamless session continuity. Deleted immediately upon account termination.
Payment Information: Retained only as long as necessary for transaction and regulatory purposes (up to 12 months).
Firebase-Managed Data: Includes IP addresses for abuse detection and installation IDs for push notifications, retained per Firebase protocols (e.g., 180 days post-deletion request).
Data Deletion Requests: Users can delete their data and account directly within the app. Once initiated, data is removed from live systems and backup systems within 180 days, as per Firebase’s data deletion protocols.
7. Data Storage Locations and International Transfers
U.S.-Based Users: Data is processed and stored on servers located within the United States.
EU-Based Users: Data is processed and stored on servers within the European Union, complying with GDPR.
We adhere to GDPR requirements for international data transfers, using standard contractual clauses and Data Privacy Framework certification to ensure data protection across borders.
8. Policy Updates and User Notifications
We may update this Privacy Policy periodically to reflect changes in regulations or our practices. When we do, users will be notified by email. The "Last Updated" date at the top of this policy will indicate the latest revision.
9. Opt-In Controls and User Preferences
Karin AI respects user preferences regarding data collection and privacy:
Opt-In for Analytics and Tracking: Users can opt-in to data collection for analytics, providing control over their data use.
Disable Auto-Initialization: Certain Firebase features (e.g., Cloud Messaging) are disabled by default and only activated if you opt in, allowing users more control over data collection.
Changes to this Privacy Policy
We reserve the right to update or change this Privacy Policy at any time. Any changes will be posted on this page, and the effective date will be updated accordingly. We encourage you to review this Privacy Policy periodically for any updates.
Contact Us
If you have any questions or concerns about our Privacy Policy or the handling of your personal information, please contact us at eric@meetkarin.app