Privacy Policy

At Cloudforge Labs, we take your privacy seriously. This Privacy Policy explains how we collect, use, protect, and share your personal information. By using our services, you agree to the practices described here.

1. Information We Collect

Information You Provide

When you create an account or use our services, we collect:

• Account Information: Name, email address, password (encrypted), company name (optional)
• Payment Information: Processed securely by our payment partner Paddle. We don't store your full credit card details
• Profile Information: Any additional details you choose to add to your profile
• Communications: Messages you send us through support channels or email

Information We Collect Automatically

When you use our platform, we automatically collect:

• Usage Data: Features you use, prompts you access, API calls, time spent on platform
• Device Information: Browser type, operating system, device type, IP address
• Log Data: Access times, pages viewed, errors encountered
• Cookies and Similar Technologies: See our Cookie Policy section below

Information from Third Parties

We may receive information from:

• Authentication providers (Google, GitHub) if you sign in through them
• Payment processors regarding your subscription status
• Analytics services that help us understand how our platform is used

2. How We Use Your Information

We use your information to:

• Provide Our Services: Deliver the features you subscribed to, process transactions, maintain your account
• Improve Our Platform: Analyze usage patterns, fix bugs, develop new features
• Communicate With You: Send account updates, service announcements, respond to support requests
• Marketing (with consent): Send newsletters, product updates, promotional offers (you can opt out anytime)
• Security: Protect against fraud, unauthorized access, and other security threats
• Legal Compliance: Comply with applicable laws and regulations

3. Legal Basis for Processing (GDPR)

If you're in the European Economic Area (EEA), we process your data based on:

• Contract: Processing necessary to provide our services
• Consent: You've given us permission (e.g., for marketing emails)
• Legitimate Interests: Improving our services, preventing fraud, analytics
• Legal Obligation: Compliance with laws and regulations

4. How We Share Your Information

We don't sell your personal information. We may share your data with:

Service Providers

• Paddle: Payment processing and subscription management
• Cloud Hosting: Vercel, Supabase, or similar providers for infrastructure
• Email Services: For transactional emails and newsletters (Resend, SendGrid)
• Analytics: Google Analytics, PostHog (anonymized data)
• Customer Support: Tools that help us respond to your questions

AI Service Providers

When you use AI features, your prompts may be sent to third-party AI providers (OpenAI, Anthropic, Google). These services have their own privacy policies. We don't share your account information with them.

Legal Requirements

We may disclose your information if required by law, court order, or to protect our rights and safety.

Business Transfers

If Cloudforge Labs is acquired or merged, your information may be transferred to the new owners. We'll notify you of any such change.

5. Data Security

We implement industry-standard security measures to protect your data:

• Encryption: Data is encrypted in transit (HTTPS/TLS) and at rest
• Access Controls: Limited employee access on a need-to-know basis
• Regular Audits: Security assessments and vulnerability testing
• Secure Infrastructure: Hosted on reputable cloud providers with SOC 2 compliance

However, no system is 100% secure. If you discover a security vulnerability, please report it to support@ainextstudios.com immediately.

6. Data Retention

We retain your data as long as:

• Your account is active
• Needed to provide our services
• Required by law (tax records, transaction history)

After account deletion, we'll retain some data for up to 90 days for backup purposes, then permanently delete it unless required by law to retain it longer.

7. Your Rights and Choices

Access and Portability

You can access your personal data through your account dashboard. You can also request a copy of your data in a portable format (JSON/CSV).

Correction and Updates

You can update your account information at any time through your account settings.

Deletion

You can delete your account from your settings. We'll remove your personal data within 90 days, except where retention is required by law.

Marketing Communications

You can opt out of marketing emails by clicking the "unsubscribe" link in any email or adjusting your preferences in account settings. You'll still receive essential service emails.

GDPR Rights (EEA Residents)

If you're in the EEA, you have additional rights:

• Right to access your personal data
• Right to rectification (correction)
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority

CCPA Rights (California Residents)

California residents have the right to:

• Know what personal information we collect and how it's used
• Request deletion of personal information
• Opt-out of the "sale" of personal information (we don't sell your data)
• Non-discrimination for exercising these rights

8. Cookies and Tracking

We use cookies and similar technologies to:

• Essential Cookies: Required for authentication and basic functionality
• Analytics Cookies: Help us understand how you use our platform (Google Analytics, anonymized)
• Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. However, disabling essential cookies may limit functionality.

9. International Data Transfers

We're based in Bolivia, but our services use global infrastructure. Your data may be processed in the United States or other countries where our service providers operate. We ensure appropriate safeguards are in place for international transfers.

10. Children's Privacy

Our services are not intended for children under 18. We don't knowingly collect information from children. If you believe we've collected data from a child, please contact us immediately.

11. Third-Party Links

Our platform may contain links to third-party websites or services. We're not responsible for their privacy practices. Please review their privacy policies before providing them with information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We'll notify you of significant changes via email or through our platform. The "Last updated" date at the top shows when the policy was last revised.

13. Contact Us

If you have questions about this Privacy Policy or want to exercise your rights, contact us: