Privacy Policy

We collect the following types of information:

• Account information: email address, username, hashed password, and date of birth (used for age verification only)
• Usage data: conversation history (stored to enable memory and personalization features), interaction timestamps, and session metadata
• Payment information: transaction records (we do not store full card details — all payment processing is handled by Epoch)
• Technical data: IP address, browser type, and device information for security and fraud prevention
• Consent records: timestamps, IP address, and user agent of each consent action for audit purposes

We process your personal data under the following legal bases:

• Consent (Art. 6(1)(a)): You provide explicit consent at signup for data processing. Consent is freely given, specific, informed, and unambiguous.
• Performance of a contract (Art. 6(1)(b)): Processing necessary to provide the service you subscribed to, including AI conversation features and personalization.
• Legal obligation (Art. 6(1)(c)): Retention of transaction records as required by fiscal law (7 years). Age verification compliance.
• Legitimate interest (Art. 6(1)(f)): Fraud prevention, security monitoring, and service improvement using anonymized data.

• To provide and improve the service, including AI personalization
• To process payments and manage your subscription
• To enforce our Terms of Service and comply with legal obligations
• To communicate with you about your account or service updates
• To detect and prevent fraud, abuse, and unauthorized access

We do not sell your personal information to third parties for marketing purposes.

We share information with the following trusted partners to operate our service:

• Epoch (payment processing): Handles all billing and subscription management. Epoch is PCI-DSS compliant. See Epoch Privacy Policy.
• AI inference provider: Conversation messages are processed by our AI provider for response generation. Their data handling is governed by their applicable privacy policy.
• Replicate (media generation): Image and video generation prompts are sent to Replicate for processing. See Replicate Privacy Policy.
• Supabase (database & vector storage): Anonymized conversation embeddings are stored for memory/personalization. See Supabase Privacy Policy.

If you are located in the European Economic Area, you have the following rights, exercisable directly from your Settings page:

• Right of access (Art. 15): Request a copy of the personal data we hold about you — use the “Download My Data” button in Settings > Privacy & Data.
• Right to rectification (Art. 16): Correct inaccurate or incomplete data from your Profile settings.
• Right to erasure (Art. 17): Request immediate deletion of your account and all associated data — use the “Delete My Account” button in Settings > Privacy & Data.
• Right to data portability (Art. 20): Receive your data in a structured, machine-readable JSON format — use the “Download My Data” button.
• Right to withdraw consent: Revoke specific consents from Settings > Privacy & Data > Consent Management.
• Right to object (Art. 21): Object to processing based on legitimate interests by contacting us.

For requests that cannot be handled through self-service, contact us at privacy@sennsual.com. We will respond within 30 days.

• Account data: Retained while your account is active. Upon deletion, all personal data is removed immediately.
• Transaction records: Anonymized upon account deletion and retained for 7 years as required by fiscal law. Your identity is not linked to these records.
• AI debug logs: Automatically purged after 90 days.
• Conversation data: Deleted immediately upon account deletion or individual conversation deletion.

We use two categories of cookies and similar technologies:

• Essential cookies: required to maintain your session and authentication state. These are always active and cannot be disabled without breaking core functionality.
• Analytics cookies (Contentsquare): with your consent, we use Contentsquare to understand how visitors navigate the site (clicks, scrolls, page paths, anonymized session replays). This helps us identify usability issues and improve the product. Contentsquare does not use this data for advertising and applies privacy-preserving techniques such as automatic masking of form inputs. See Contentsquare Privacy & Security.

You choose whether to allow analytics cookies via the consent banner shown on your first visit. You can change your choice at any time by clicking “Cookie preferences” in the footer. Declining (or withdrawing) consent stops Contentsquare from loading on subsequent page views.

You can also disable cookies in your browser settings, though this may prevent you from logging in.

We employ industry-standard security measures including encrypted connections (TLS), secure password hashing, and rate limiting. However, no system is completely secure, and we cannot guarantee absolute security of your data.

If you are a California resident, you have the following additional rights under the CCPA:

• Right to know: You may request details about the personal information we collect and how it is used.
• Right to delete: You may request deletion of your personal information via Settings > Privacy & Data.
• Right to opt-out of sale: We do not sell personal data.
• Non-discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise your CCPA rights, use the self-service tools in Settings or contact privacy@sennsual.com.

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice on the platform. Continued use of the service after changes constitutes acceptance of the updated policy.

For privacy inquiries: privacy@sennsual.com