Privacy Policy

1. Introduction

Primaporn AI ("the Service"), operated by Tozradar ("we," "us," or "our"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this policy carefully.

2. Information We Collect

2.1 Personal Information

When you register for an account, we collect:

• Email address
• Display name and username
• Payment information (processed securely via Stripe — we never store full card numbers)
• IP address and browser user agent

2.2 Content Data

• Images, videos, and other media you upload for AI processing
• Text prompts and chat conversations with AI systems
• Generated output files stored in your Vault

2.3 Usage Data

• Pages visited, features used, and actions taken
• Generation history and credit usage
• Session duration and frequency of use

3. How We Use Your Information

We use collected information to:

• Provide, operate, and maintain the Service
• Process AI generation requests
• Process payments and manage subscriptions
• Send transactional emails (welcome, password reset, payment confirmations)
• Enforce our Terms of Service and safety policies
• Detect and prevent fraud, abuse, and illegal activity
• Improve our AI models and Service quality (using anonymized data only)
• Respond to support requests

4. Data Storage & Security

4.1 Encryption

• Vault files: All files in your encrypted Vault use zero-knowledge encryption. Your content is encrypted before storage, and decryption keys are derived from your account credentials. Neither Tozradar nor its staff can access your encrypted Vault contents.
• Passwords: Stored using bcrypt with a cost factor of 12. We never store plaintext passwords.
• Sessions: Session tokens are cryptographically random 256-bit values.
• API Communications: All data transmitted between your browser and our servers is encrypted using TLS 1.3.

4.2 Data Retention

• Account data is retained as long as your account is active.
• Generated content in your Vault is retained until you delete it or your account is terminated.
• Temporary processing files are deleted immediately after generation completes.
• Session data expires after 30 days of inactivity.
• Payment records are retained for legal/tax compliance purposes.

5. Third-Party Services

We use the following third-party services:

• Stripe: For payment processing. Stripe's privacy policy applies to payment data. We do not store full card numbers.
• OpenAI: For AI model processing. Prompts and images are sent to OpenAI's API for processing. OpenAI's data usage policy applies. We use their API, not their consumer products, meaning your data is not used to train their models by default.
• Lucide Icons: For UI icons (loaded from CDN). No user data is shared.
• Google Fonts: For typography (loaded from CDN). Google's privacy policy applies to font loading.

6. Content Processed by AI

When you use our AI tools:

• Your input images and prompts are sent to AI model providers (OpenAI) for processing.
• Processed content is returned to our servers and delivered to you.
• Input files used for processing are deleted from temporary storage after generation completes.
• We do not use your content to train our own AI models without explicit, separate consent.

7. AI Companion Conversations

Conversations with your AI companion are:

• Stored in our database to provide conversation history and memory features.
• Associated with your account and your AI companion profile.
• Never shared with other users or third parties.
• Deletable upon request — you can clear your conversation history at any time.

8. Your Rights

Under applicable data protection laws (including GDPR), you have the right to:

• Access: Request a copy of all personal data we hold about you.
• Rectification: Request correction of inaccurate personal data.
• Erasure: Request deletion of your personal data and account ("right to be forgotten").
• Portability: Request your data in a portable, machine-readable format.
• Restriction: Request limitation of processing of your personal data.
• Objection: Object to processing of your personal data for certain purposes.

To exercise these rights, contact us at support@tozradar.com.

9. Cookies

We use essential cookies for:

• Session management: A session cookie (aisnusk_session) to maintain your login state.

We do not use tracking cookies, advertising cookies, or analytics cookies.

10. Children's Privacy

The Service is strictly for users aged 18 and older. We do not knowingly collect personal information from anyone under 18. If we discover that a user is under 18, their account will be immediately terminated and all associated data deleted.

11. International Data Transfers

Your data may be processed in countries other than your country of residence. When transferring data internationally, we ensure appropriate safeguards are in place, including standard contractual clauses or equivalent mechanisms.

12. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify affected users within 72 hours of becoming aware of the breach.
• Report the breach to the relevant supervisory authority as required by law.
• Take immediate steps to contain and remediate the breach.

13. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

• Email: support@tozradar.com
• Website: tozradar.com