Egregora LabsEgregora Labs

Privacy Policy

Last Updated: December 22, 2024

1. Introduction

Egregora Labs ("we," "us," or "our") operates the Egregora AI platform (the "Service"). We are committed to protecting your privacy and ensuring transparency in how we collect, use, and safeguard your personal information.

This Privacy Policy complies with the General Data Protection Regulation (GDPR), the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados - LGPD), and the California Consumer Privacy Act (CCPA).

By using our Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Personal Information

When you create an account, we collect:

  • Email address
  • Name (if provided)
  • Password (encrypted)
  • Payment information (processed securely by Stripe)

2.2 Usage Data

We automatically collect information about your use of the Service:

  • AI generations (prompts, parameters, outputs)
  • Credit usage and transaction history
  • Device information (browser type, IP address, device ID)
  • Analytics data (page views, session duration, feature usage)

2.3 Cookies and Tracking

We use cookies and similar tracking technologies to:

  • Maintain your session
  • Remember your preferences (theme, language)
  • Display relevant advertisements (for free tier users)
  • Analyze site usage and improve our Service

3. How We Use Your Information

We use your personal information for the following purposes:

  • Service Provision: To provide, maintain, and improve the Egregora AI platform
  • Account Management: To create and manage your account
  • Payment Processing: To process subscriptions and credit purchases
  • Communication: To send service updates, security alerts, and support messages
  • Analytics: To understand usage patterns and improve user experience
  • Advertising: To display relevant ads to free tier users (you can opt-out via cookie settings)
  • Legal Compliance: To comply with legal obligations and enforce our Terms of Service

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your personal data based on:

  • Contract Performance: Processing necessary to provide the Service you requested
  • Consent: Where you have given explicit consent (e.g., cookie usage, marketing emails)
  • Legitimate Interests: For analytics, security, and service improvement
  • Legal Obligation: To comply with applicable laws and regulations

5. How We Share Your Information

We do not sell your personal information. We may share your data with:

  • Service Providers: AWS (hosting), Supabase (database), Stripe (payments), Replicate/Runpod (AI processing)
  • Advertising Partners: Google AdSense (for free tier users)
  • Legal Authorities: When required by law or to protect our rights
  • Business Transfers: In the event of a merger, acquisition, or sale of assets

6. International Data Transfers

Your information may be transferred to and processed in countries outside your country of residence, including the United States. We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Privacy Shield frameworks (where applicable)
  • Adequate data protection measures as required by GDPR and LGPD

7. Your Privacy Rights

7.1 GDPR Rights (EEA Users)

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a structured, machine-readable format
  • Restriction: Limit how we process your data
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent at any time (where processing is based on consent)

7.2 LGPD Rights (Brazilian Users)

  • Confirmation of data processing
  • Access to your data
  • Correction of incomplete or inaccurate data
  • Anonymization, blocking, or deletion of unnecessary data
  • Data portability to another service provider
  • Information about third parties with whom we share data
  • Revocation of consent

7.3 CCPA Rights (California Users)

  • Right to Know: What personal information we collect and how we use it
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt-out of the sale of personal information (we do not sell your data)
  • Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise any of these rights, please contact us at egregoralabs@gmail.com

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

  • Encryption in transit (HTTPS/TLS) and at rest
  • Secure authentication with encrypted passwords
  • Regular security audits and vulnerability assessments
  • Access controls and role-based permissions
  • Secure payment processing via PCI-compliant providers (Stripe)

9. Data Retention

We retain your personal information for as long as necessary to:

  • Provide the Service (active accounts)
  • Comply with legal obligations (tax, accounting records: 7 years)
  • Resolve disputes and enforce agreements

When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal purposes.

10. Children's Privacy

Our Service is not intended for children under 13 years of age (or 16 in the EEA). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at egregoralabs@gmail.com

11. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the new policy on this page with an updated "Last Updated" date
  • Sending an email notification to registered users
  • Displaying a prominent notice on the Service

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

Email: egregoralabs@gmail.com

Data Protection Officer (DPO): egregoralabs@gmail.com

For GDPR complaints: You have the right to lodge a complaint with your local supervisory authority.

For LGPD complaints: You may contact the Brazilian National Data Protection Authority (ANPD).

← Back to Home