Privacy Policy
This policy explains what we collect, why, and the choices you have. It applies to AI Ninja OS (the “Service”). For privacy purposes, we are the data controller for your account data.
1. What we collect
- Account data: your email address, authentication identifiers, and (if you set one) your display name. If you sign in with Google or GitHub, we receive basic profile identifiers from that provider.
- Generation content: the business idea you submit and the blueprint we generate, stored so you can return to them.
- Billing data: if you subscribe, our payment processor (Stripe) handles your card details; we store a customer/subscription identifier and plan status, not your full card number.
- Usage and technical data: generation counts for quota enforcement, and standard server logs (e.g. IP address, timestamps) used for security and rate limiting.
2. How we use it and our legal bases
We use your data to:
- provide the Service and store your blueprints (performance of our contract with you);
- enforce quotas, prevent abuse, and keep the Service secure (our legitimate interests);
- process payments and manage subscriptions (performance of contract);
- comply with legal obligations.
We do not sell your personal data, and we do not use it for advertising.
3. How generation works
Blueprints are generated by sending your idea from our servers to Anthropic's Claude models. Per Anthropic's API terms, API inputs and outputs are not used to train their models. We screen input server-side to block a narrow set of prohibited content before it is sent.
4. Service providers (processors)
We share data only with providers that help us run the Service:
- Supabase — authentication and database (stores your account and blueprints).
- Anthropic — the AI model provider that generates blueprints.
- Stripe — payment processing for paid plans.
- Vercel — application hosting and server logs.
- Cloudflare — bot/abuse protection (CAPTCHA) on authentication, where enabled.
5. International transfers
These providers may process data outside your country, including in the United States. Where required, transfers rely on appropriate safeguards such as the providers' standard contractual clauses.
6. Retention
We keep your account and blueprints until you delete them or close your account. Server logs are kept for a limited period for security. When you delete your account, your profile and associated records are removed (see below).
7. Your rights and controls
Depending on your location (e.g. GDPR in the EU/UK, CCPA in California), you have rights to access, correct, export, and delete your data, and to object to or restrict certain processing. You can exercise the main rights directly in the Service:
- Export: download your profile, blueprints, and usage data from your account settings.
- Delete: permanently delete your account and associated data from your account settings.
- Correct: edit your display name and email in account settings.
For any other request, contact us using the details below.
8. Cookies and sessions
We use strictly necessary cookies to keep you signed in and to operate the Service. We don't use third-party advertising or tracking cookies.
9. Security and children
Saved blueprints are private to your account and enforced at the database level. The Service isn't directed to children under 16, and we don't knowingly collect their data.
10. Contact
Questions about privacy, or want to make a request? Reach us via iamuvin.com.