Privacy Policy

We collect three kinds of information: (a) information you give us directly when you sign up, upload content, or contact us; (b) information your browser or device sends automatically when you visit the Service; and (c) information from third-party services we use to operate, such as our payment processor and authentication provider.

We use this information to provide the Service, process payments, communicate with you, prevent abuse, and comply with law. We do not sell your personal information and we do not use your uploaded content to train our underlying AI models without your explicit opt-in consent.

Information you provide

• Account information: name, email address, and password (managed by Clerk Inc., our authentication provider).
• Billing information: billing address and payment method, processed by Stripe Inc. We do not store full card numbers on our servers.
• Content you upload: avatar reference images, product images, scripts, voice samples, and any other inputs you submit to the platform.
• Communications: messages you send through support, surveys, or feedback forms.

Information collected automatically

• Device & log data: IP address, browser type, operating system, referring URLs, pages viewed, and timestamps.
• Usage data: number of renders, render durations, error rates, feature interactions.
• Cookies & similar technologies: see our Cookie Policy.

Information from third parties

• Authentication providers: if you sign in with Google, Apple, or another single-sign-on provider, we receive your name, email, and a unique identifier from them.
• Error monitoring: Sentry (and similar tools) may capture stack traces and request metadata when errors occur in the Service.

• To operate the Service: authenticate you, render videos from your input, store and serve your assets.
• To process payments: charge subscriptions, issue receipts, handle refunds.
• To communicate with you: transactional emails (account activity, billing, security), product announcements you have opted into, and replies to support requests.
• To improve the Service: analyze de-identified usage patterns, debug errors, measure performance.
• To prevent abuse: detect and respond to violations of our Acceptable Use Policy, including content moderation of generated output.
• To comply with law: respond to lawful requests from authorities, enforce our Terms, protect our rights.

We process your content through third-party AI providers (currently Anthropic, OpenAI, and Replicate among others) to produce your output. These providers operate under contractual terms that prohibit them from using API-submitted content to train their public models. Where we add optional features (for example, personalized model fine-tuning) that involve training on your content, those features will require explicit opt-in and will be clearly labeled.

We share information only in the limited circumstances listed below. We do not sell or rent personal information.

• Service providers and subprocessors: see the list in the next section.
• Legal compliance: when required by law, court order, or to protect the rights, property, or safety of Avirale, our users, or the public.
• Business transfers: if Avirale is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction, subject to standard confidentiality protections.
• With your consent: for any other sharing we will ask first.

We rely on the following service providers to operate the Service. Each is bound by contractual privacy and security obligations:

• Vercel Inc. — hosting, edge network, blob storage.
• Clerk Inc. — user authentication and account management.
• Stripe Inc. — payment processing and subscription billing.
• Upstash Inc. — Redis caching and rate limiting.
• Replicate Inc. — AI model inference for video generation.
• Anthropic PBC, OpenAI L.L.C. — language and image generation models.
• Functional Software, Inc. d/b/a Sentry — error monitoring and performance tracing.

This list may change. The current set is maintained here; we will update it as we add or remove providers.

We retain your information for as long as your account is active and as needed to provide the Service. When you delete your account or specific content, we delete or anonymize the associated data within 30 days, subject to:

• Standard backup retention (up to 90 days) before backups cycle out;
• Records we must keep for tax, accounting, or legal compliance (typically up to 7 years);
• Anonymized usage statistics with no personal identifiers, which we may retain indefinitely.

We use industry-standard security measures to protect your information, including encryption in transit (TLS 1.2+) and at rest, scoped access controls, audit logging, and regular security reviews. No system is perfectly secure — if we ever experience a breach affecting your personal information, we will notify affected users in accordance with applicable law.

Regardless of where you live, you may:

• Access the personal information we hold about you.
• Correct inaccurate personal information.
• Delete your account and associated content.
• Export a copy of your account data in a portable format.
• Opt out of marketing emails (transactional emails will continue while your account is active).

Submit any of these requests by emailing privacy@avirale.ai. We will respond within 30 days.

If you are a California resident, the California Consumer Privacy Act gives you additional rights, including the right to know what categories of personal information we collect, the right to delete that information, the right to correct inaccuracies, the right to limit use of sensitive personal information, and the right to opt out of sale or sharing for targeted advertising.

Avirale does not sell personal information and does not share personal information for cross-context behavioral advertising. To exercise your CCPA/CPRA rights, email privacy@avirale.ai.

If you are in the European Economic Area, the United Kingdom, or Switzerland, the GDPR (and equivalent laws) gives you the rights of access, rectification, erasure, restriction, portability, and objection. You also have the right to withdraw consent at any time where we rely on consent as the legal basis for processing.

Our legal bases for processing your personal information are: (a) performance of our contract with you (operating the Service); (b) compliance with legal obligations; (c) our legitimate interests (security, improvement, fraud prevention); and (d) consent, where applicable.

To exercise these rights, email privacy@avirale.ai. You also have the right to lodge a complaint with your local data-protection supervisory authority.

Avirale is based in the United States. When you use the Service from outside the U.S., your information will be transferred to and processed in the U.S. and other countries where our service providers operate. Where required by law, we use standard contractual clauses or equivalent mechanisms to protect international transfers.

The Service is not directed at children under 18. We do not knowingly collect personal information from anyone under 18. If you believe a child has provided personal information to us, contact us at privacy@avirale.ai and we will delete it.

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date and, where appropriate, send you an email notice. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

For privacy questions or to exercise your rights:

• Email: privacy@avirale.ai
• Mail: Avirale LLC, Arizona, USA