Privacy Policy

ACODA ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered creative platform at acoda.com (the "Service").

By using the Service, you consent to the data practices described in this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

We use your information for the following purposes:

Service Provision:

• Create and manage your account
• Process AI image and video generation requests
• Store and display your generated content and projects
• Process payments and manage subscriptions
• Provide customer support

Service Improvement:

• Analyze usage patterns to improve features
• Debug and fix technical issues
• Develop new features and services
• Monitor and ensure service quality

Communications:

• Send service-related notifications
• Respond to your inquiries and requests
• Send marketing communications (with your consent)
• Notify you of changes to our terms or policies

Security and Legal:

• Detect, prevent, and address fraud and abuse
• Enforce our Terms of Service
• Comply with legal obligations

How AI Processing Works:

When you use ACODA's AI features, your prompts and uploaded images are processed by third-party AI model providers to generate content. This processing is essential to providing the Service.

Third-Party AI Providers:

We use various AI model providers including but not limited to Google (Imagen, Veo, Gemini), Stability AI, and others. Each provider has their own data handling practices. We select providers that maintain appropriate security and privacy standards.

Your Content Rights:

• We do not use your uploaded content or generated outputs to train our own AI models
• We do not sell your content to third parties
• Your prompts may be logged for service improvement and abuse prevention
• Generated content is stored in your personal library and not shared publicly unless you choose to do so

We may share your information in the following circumstances:

Service Providers:
We share information with third-party vendors who assist in operating our Service:

• Supabase (database and authentication)
• Stripe (payment processing)
• Cloud storage providers (content hosting)
• AI model providers (content generation)
• Analytics providers (usage analysis)

Team Members:
If you use team features, your account owner and team administrators may have access to usage information and shared content.

Legal Requirements:
We may disclose information if required to:

• Comply with applicable laws, regulations, or legal processes
• Respond to lawful requests from public authorities
• Protect our rights, privacy, safety, or property
• Enforce our Terms of Service

Business Transfers:
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

Data Storage:

Your data is stored on secure servers provided by Supabase and other cloud infrastructure providers. Data may be stored and processed in various locations globally.

Security Measures:

We implement appropriate technical and organizational measures to protect your information:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure authentication mechanisms
• Regular security assessments
• Access controls and monitoring
• Secure payment processing through PCI-compliant providers

Data Retention:

We retain your information for as long as your account is active or as needed to provide services. After account deletion:

• Account data is deleted within 30 days
• Generated content may be retained in backups for up to 90 days
• Anonymized usage data may be retained for analytics
• Legal records may be retained as required by law

Depending on your location, you may have the following rights regarding your personal information:

Access and Portability:
You can access your account information and download your generated content through the Service.

Correction:
You can update your account information through your account settings.

Deletion:
You can request deletion of your account and associated data by contacting us or through account settings.

Marketing Opt-Out:
You can unsubscribe from marketing emails at any time using the link in our emails or through account settings.

Cookie Preferences:
You can manage cookie preferences through your browser settings or our cookie consent tool.

Do Not Track:
We currently do not respond to "Do Not Track" browser signals.

To exercise any of these rights, please contact us at privacy@acoda.ai.

ACODA is operated from the United Kingdom. If you access the Service from outside the UK, your information may be transferred to, stored, and processed in the UK or other countries where our service providers operate.

By using the Service, you consent to the transfer of your information to countries that may have different data protection laws than your country of residence. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws, including UK GDPR requirements.

The Service is not intended for children. The minimum age to use the Service varies by jurisdiction:

• United Kingdom and European Union: 16 years old
• United States: 13 years old (in compliance with COPPA)
• Other jurisdictions: The minimum age required by local law, or 16 years old if no specific law applies

We do not knowingly collect personal information from children under the applicable minimum age. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@acoda.ai. If we discover that we have collected personal information from a child under the applicable age, we will take steps to delete that information promptly.

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last updated" date
• Sending an email notification for significant changes

We encourage you to review this Privacy Policy periodically for any changes. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Under these laws, you have the following rights:

• Right of access: You can request a copy of the personal data we hold about you
• Right to rectification: You can request correction of inaccurate or incomplete data
• Right to erasure: You can request deletion of your personal data in certain circumstances
• Right to restrict processing: You can request we limit how we use your data
• Right to data portability: You can request your data in a machine-readable format
• Right to object: You can object to processing based on legitimate interests or for direct marketing
• Rights related to automated decision-making and profiling

If you believe we have breached data protection laws, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

If you are located in the European Economic Area (EEA), you are protected by the EU General Data Protection Regulation (GDPR). In addition to the rights listed in section 11, the following applies to EU residents:

Legal Basis for Processing:
We process your personal data based on:

• Contract: Processing necessary to provide the Service you requested
• Consent: Where you have given explicit consent (e.g., marketing communications)
• Legitimate interests: For service improvement, security, and fraud prevention
• Legal obligation: Where required by applicable law

Data Transfers Outside the EEA:
When we transfer your data outside the EEA, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission
• Transfers to countries with adequate data protection (adequacy decisions)
• Other legally approved transfer mechanisms

Supervisory Authority:
EU residents have the right to lodge a complaint with their local data protection supervisory authority. A list of EU data protection authorities can be found at edpb.europa.eu.

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Your California Privacy Rights:

• Right to Know: You can request information about the categories and specific pieces of personal information we have collected, the sources, purposes, and third parties with whom we share it
• Right to Delete: You can request deletion of your personal information, subject to certain exceptions
• Right to Correct: You can request correction of inaccurate personal information
• Right to Opt-Out of Sale/Sharing: You have the right to opt out of the sale or sharing of your personal information
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

Do Not Sell or Share My Personal Information:
ACODA does not sell your personal information. We do not share your personal information for cross-context behavioral advertising purposes.

Categories of Personal Information Collected:
In the past 12 months, we have collected the following categories: identifiers (email, name, IP address), commercial information (purchase history), internet activity (usage data), and inferences (preferences).

How to Exercise Your Rights:
California residents can submit requests by emailing privacy@acoda.ai with the subject line "California Privacy Request". We will verify your identity and respond within 45 days.

Authorized Agents:
You may designate an authorized agent to make requests on your behalf. We may require proof of authorization and identity verification.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: privacy@acoda.ai

For general inquiries: hello@acoda.ai

We will respond to your inquiry within 30 days (or 45 days for California residents exercising CCPA rights).