Privacy Policy

1. Introduction & Commitment

Your Cat Run Away ("we", "our", "us", "Company", or "Platform") is committed to protecting your privacy and ensuring you have a positive experience on our platform. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information when you use our website and mobile applications (collectively, the "Service").

Our privacy approach is built on transparency and user-centric principles. We recognize that privacy is fundamental to user trust, and we implement stringent safeguards to protect your personal information. Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Authentication Information

• OAuth Authentication Identifiers: Unique identifiers returned by third-party identity providers (e.g., Google user ID, Facebook ID, X/Twitter ID) that enable secure authentication without storing passwords.
• Session Tokens: JWT tokens and similar authentication credentials used to maintain your authenticated session and prevent unauthorized access.
• Authentication Metadata: Timestamps of login/logout events, device information, and IP addresses associated with authentication events for security monitoring.

2.2 Public Profile Information

• Display Name/Nickname: Your public username or nickname as displayed on your user profile and artwork attributions.
• Profile Avatar: Your profile picture or avatar image provided by the third-party authentication provider.
• Public Bio: Optional biography or description you choose to share publicly on your user profile.
• User Status: Information about your activity status, such as last login time (if publicly visible).

2.3 Artwork and Content Data

• Generated Artwork: Images, descriptions, and metadata associated with AI-generated artwork you create using our service.
• Content Metadata: Title, description, category/scene type, creation date, view count, and sharing preferences for each artwork.
• Content History: Records of artwork creation, modifications, deletions, and usage patterns for personalization and analytics.

2.4 Technical and Usage Data

• Device Information: Device type, operating system version, browser type, device identifiers, and mobile network information.
• Usage Analytics: Pages visited, features used, content engaged with, time spent on features, and click-through data for service optimization.
• Log Data: Server logs including request/response information, error logs, and system performance metrics.
• Cookies and Tracking: Cookies, local storage, pixel tags, and similar technologies for session persistence and analytics.
• IP Address and Location: IP address for security purposes and approximate geographic location for service localization.

2.5 Payment Information (if applicable)

• Transaction Data: Purchase history, payment amounts, subscription status, and billing frequency.
• Payment Method: Information is processed through secure third-party payment processors; we do not store full credit card details.

3. How We Use Information

3.1 Service Delivery and Authentication

• To authenticate your identity and grant access to the Service securely.
• To display your public profile information (nickname and avatar) throughout the platform.
• To maintain your authenticated session and enable seamless navigation.
• To associate generated artwork and user-created content with your account.

3.2 Service Improvement and Personalization

• To analyze usage patterns and optimize the user interface and feature prioritization.
• To personalize your experience based on preferences and historical usage.
• To recommend features, content, and improvements tailored to your interests.
• To conduct A/B testing and UX research to enhance platform functionality.

3.3 Security and Fraud Prevention

• To monitor and detect unauthorized access, fraud, abuse, and other suspicious activities.
• To implement security measures and maintain the integrity of our systems.
• To investigate and respond to security incidents and breaches.
• To comply with legal obligations and enforce our Terms of Service.

3.4 Communications

• To send you service-related notifications, updates, and account information.
• To respond to your inquiries and customer support requests.
• To send promotional materials and newsletters (with your consent, where required).

3.5 Business Operations

• To manage our business operations and internal functions.
• To generate anonymized and aggregated statistics for market research.
• To evaluate service quality, resource allocation, and business decisions.

3.6 Legal Compliance

• To comply with applicable laws, regulations, and legal processes.
• To establish, exercise, or defend against legal claims.
• To respond to lawful requests from government authorities.

Important Notice: We do NOT access, modify, or post to your original third-party accounts (Google, Facebook, X/Twitter). We do not read, collect, or use any private data from these platforms beyond what you explicitly authorize during the OAuth login process.

4. Cookies and Similar Technologies

4.1 Types of Cookies We Use

• Authentication Cookies: Store encrypted session tokens to maintain your login state across pages.
• Preference Cookies: Remember your language, theme, and UI preferences.
• Analytics Cookies: Track user behavior, page visits, and feature usage for service improvement.
• Third-Party Cookies: Allow integration with external services for analytics, advertising, and performance monitoring.

4.2 Cookie Control

You can manage cookie preferences through your browser settings. Disabling authentication cookies will prevent you from logging in. However, disabling analytics or preference cookies will not affect core functionality. Your browser may provide options to clear cookies, block cookies from specific sites, or receive warnings before cookies are set.

4.3 Similar Technologies

In addition to cookies, we use other similar technologies such as web beacons, pixel tags, local storage objects, and device identifiers. These technologies serve similar purposes and are subject to the same privacy protections as cookies.

5. Data Sharing and Disclosure

5.1 No Sale of Personal Data

We categorically do NOT sell, trade, rent, or lease your personal information to third parties for marketing purposes. Your data is not treated as a commodity and is not monetized through data sales.

5.2 Necessary Service Providers

We share data only with carefully selected service providers who perform essential functions on our behalf:

• Hosting Providers: Amazon Web Services, Google Cloud, or similar infrastructure providers.
• Payment Processors: Stripe, PayPal, or similar payment gateway providers.
• Email Service Providers: SendGrid, Mailgun, or similar services for transactional emails.
• Analytics Providers: Google Analytics, Mixpanel, or similar analytics platforms.
• Customer Support Tools: Zendesk, Intercom, or similar customer support platforms.

All service providers are contractually bound to use data only for the purposes specified and to maintain appropriate security standards.

5.3 Legal Requests and Compliance

We may disclose your information if required by law, legal process, or government request (such as subpoena or court order). We will, where legally permitted, notify you of such requests to allow you to seek appropriate legal remedy.

5.4 Business Transfers

In the event of merger, acquisition, bankruptcy, or sale of assets, your personal information may be transferred as part of that business transaction. We will provide notice of any such change and any choices regarding your data.

5.5 Aggregated and Anonymized Data

We may share aggregated, anonymized, and de-identified data with partners, researchers, and the public. This data cannot be used to identify you and is not subject to this Privacy Policy's restrictions.

6. Data Retention and Deletion

6.1 Retention Periods

• Authentication Data: Retained for the duration of your account and active use of the Service.
• Profile Information: Retained as long as your account exists; deleted upon account termination.
• Artwork Data: Retained according to your account settings; you can delete artwork at any time.
• Usage Analytics: Aggregated data retained for up to 12 months for analytics purposes.
• Backup Data: Retained for disaster recovery purposes for up to 30 days.

6.2 Account Deletion and Data Removal

You have the right to request deletion of your account and associated personal information at any time. Upon request:

• Your account credentials and authentication bindings will be permanently removed.
• Your profile information, personal data, and artwork will be deleted from our active systems.
• Your data will be removed from backup systems within 30-60 days.
• We will retain minimal anonymized data required by applicable law or for legal compliance.

To request account deletion, please contact us at xtransparrot at gmail.com with your account details.

6.3 Irretrievable Data

Once deleted, data cannot be recovered from our active systems. We recommend downloading or backing up any important data before requesting account deletion.

7. Your Privacy Rights and Choices

7.1 Access and Portability

You have the right to request a copy of your personal information in a portable, machine-readable format. Contact us at xtransparrot at gmail.com to exercise this right.

7.2 Correction and Updates

You can update or correct your profile information through your account settings. If you cannot update certain information, please contact us for assistance.

7.3 Opting Out

• Marketing Communications: You can unsubscribe from promotional emails by clicking the "Unsubscribe" link in any email or adjusting your notification preferences.
• Analytics: You can opt out of analytics tracking through your browser settings or by disabling cookies.
• Third-Party Accounts: Revoke access from your third-party provider's account settings (Google, Facebook, X/Twitter) to disconnect from our Service.

7.4 Do Not Track Signals

Some browsers include a "Do Not Track" feature. Currently, there is no industry standard for recognizing such signals. We do not currently respond to DNT signals, though we provide other privacy controls.

7.5 Jurisdiction-Specific Rights

Depending on your location, you may have additional rights under applicable privacy laws (such as GDPR in the EU, CCPA in California, LGPD in Brazil, etc.). For specific inquiries about your rights under local law, please contact us.

8. Third-Party OAuth Providers

8.1 Supported Providers

We currently support authentication through the following third-party providers:

• Google: Google Accounts provide secure OAuth 2.0 authentication.
• Facebook: Facebook Login enables social authentication.
• X/Twitter: X API provides OAuth authentication for Twitter/X users.

8.2 Provider Privacy Policies

When you authenticate through a third-party provider, their own privacy policies and terms of service apply to their handling of your data on their systems. We encourage you to review their privacy policies:

• Google Privacy Policy: policies.google.com/privacy
• Facebook Privacy Policy: facebook.com/privacy
• X Privacy Policy: twitter.com/privacy

8.3 Scope of Permissions

During OAuth authentication, the provider will request specific permissions. We only request minimal permissions necessary for authentication and profile display. You can review and modify these permissions in your OAuth provider's connected apps settings.

9. Information Security

9.1 Security Measures

We implement comprehensive security safeguards to protect your information against unauthorized access, disclosure, alteration, and destruction:

• Encryption: Data in transit is encrypted using TLS/SSL protocols. Sensitive data at rest is encrypted using AES-256 or equivalent.
• Access Controls: Strict role-based access controls limit employee access to personal information on a need-to-know basis.
• Authentication: Multi-factor authentication and strong password policies for employee accounts.
• Regular Audits: Periodic security audits, vulnerability assessments, and penetration testing.
• Monitoring: Continuous system monitoring and intrusion detection systems.
• Data Segregation: Personal information is segregated from other systems using network security practices.

9.2 Security Limitations

While we implement industry-standard security measures, no method of transmission over the Internet or electronic storage is absolutely secure. We cannot guarantee absolute security, and you use our Service at your own risk. We continuously monitor for vulnerabilities and improve our protections.

9.3 Incident Response

In the event of a data breach or security incident, we will:

• Investigate the incident promptly to assess scope and impact.
• Notify affected users where required by applicable law.
• Cooperate with law enforcement and regulatory authorities.
• Implement remediation measures to prevent recurrence.

10. Children's Privacy

Our Service is not directed to children under 13 years of age (or the minimum age required by law in your jurisdiction). We do not knowingly collect personal information from children. If we learn that we have inadvertently collected information from a child, we will delete it promptly and terminate the child's account.

Parents or guardians who believe their child has provided information to us should contact us immediately at xtransparrot at gmail.com.

11. International Data Transfers

11.1 Multi-Region Infrastructure

Our infrastructure and services may be located in multiple regions and countries. Your information may be transferred to, stored in, and processed in jurisdictions outside your country of residence, which may have different data protection laws.

11.2 Transfer Safeguards

When data is transferred across jurisdictions, we implement safeguards to ensure an adequate level of protection consistent with applicable law, including:

• Standard Contractual Clauses (SCCs) with service providers.
• Binding Corporate Rules where applicable.
• Compliance with international data transfer frameworks.

12. Legal Basis for Processing (GDPR Compliance)

For users in the European Union and other jurisdictions with similar regulations, we process your information based on the following legal bases:

• Contract Performance: Processing necessary to provide the Service and fulfill our contractual obligations.
• Legitimate Interests: Processing for our legitimate business interests in providing a safe, reliable, and improved service.
• Legal Obligation: Processing required to comply with applicable laws and regulations.
• Consent: Processing based on your explicit consent for specific purposes (e.g., marketing communications).

13. Changes to This Privacy Policy

13.1 Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Posting the updated policy on this page with an updated "Last updated" date.
• Sending an email notification if the changes significantly impact your privacy rights.
• Obtaining your consent where required by applicable law.

13.2 Your Continued Use

Your continued use of the Service after changes become effective constitutes your acceptance of the updated Privacy Policy. If you disagree with any changes, you may terminate your account.

14. Effective Date

This Privacy Policy is effective as of the date shown at the top of this page and applies to your use of the Service from that date forward. Previous versions of this policy are available upon request.

Contact Us

If you have any questions about this Privacy Policy, please contact us at xtransparrot at gmail.com.

16. Summary of Key Privacy Principles

• ✓ We use OAuth for secure authentication; we never store passwords.
• ✓ We only display public profile information with your explicit permission.
• ✓ We do NOT access, post to, or store private data from third-party accounts.
• ✓ We do NOT sell or trade your personal information.
• ✓ We implement industry-standard security safeguards.
• ✓ You can request account deletion and data removal at any time.
• ✓ We are transparent about our data practices and policies.