Privacy Policy for NiaKai, Inc.

1. Introduction

Welcome to NiaKai, Inc. ("NiaKai," "we," "us," or "our"). We respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit niakai.ai and use our artificial intelligence services, websites, applications, APIs, and related features (collectively, the "Services" or "Platform").

By using the Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, please do not access or use the Services.

2. Information We Collect

We collect various types of information to provide, maintain, and improve our Services.

2.1 Information You Provide to Us

Account and Profile Information:

• Identifiers: name, username, email address, phone number

• Account credentials: password (encrypted), security questions

• Profile information: profile picture, bio, preferences, language settings

• Professional information: company name, job title, industry, role

Payment and Billing Information:

• Payment card information (processed by third-party payment processors)

• Billing address and contact information

• Transaction history and purchase records

• Tax identification numbers (where required)

Communications:

• Messages you send to us (support requests, feedback, inquiries)

• Your responses to surveys, questionnaires, or promotional offers

• Communications preferences and settings

User Content:

• Prompts, queries, and other input you submit to the Platform ("Input")

• Files, documents, images, and other content you upload

• Output generated by our AI models in response to your Input

• Feedback, ratings, and comments on generated content

• Conversation history and interaction logs

Recruitment and Employment Information:

• Job applications: resume/CV, cover letter, work history

• References and background check information (with consent)

• Interview notes and assessments

2.2 Information Collected Automatically

Device and Technical Information:

• Device identifiers: IP address, device ID, advertising ID

• Device information: device type, operating system, browser type and version

• Network information: internet service provider, connection type

• Location information: country, region, city (derived from IP address)

Usage Data:

• Pages visited, features used, time spent on the Platform

• Search queries, navigation paths, clicks, and interactions

• API calls, request/response data, error logs

• Session data: login/logout times, session duration

• Performance metrics: load times, response times, error rates

Cookies and Similar Technologies: We use cookies, web beacons, SDKs, pixels, and similar tracking technologies to collect information about your browsing activities. These technologies help us:

• Essential operations: Authentication, security, session management, load balancing

• Analytics and performance: Understanding how users interact with our Services, identifying issues, measuring effectiveness

• Personalization and functionality: Remembering your preferences, settings, and language choices

• Advertising (where applicable): Delivering relevant advertisements and measuring campaign effectiveness

See Section 7 for more information about cookies and your choices.

2.3 AI Training and Product Improvement

We may use aggregated and de-identified data derived from your use of the Services to operate, secure, improve, and develop our AI models and Services. This helps us enhance quality, safety, performance, and user experience for all users.

Enterprise Customers: If you have an enterprise agreement, your data usage for model training will be governed by the terms of that agreement. Enterprise customers typically have the ability to opt out of model training through contractual provisions or administrative settings.

Consumer Users: Where required by law or contract, we will not use your Input (Customer Data) to train models in a manner that would allow the model to recreate your specific Input or target you individually. You may opt out of having your data used for model improvement as described in Section 11.4.

2.4 Information from Third Parties

Single Sign-On (SSO) Providers:

• When you authenticate using third-party services (Google, Microsoft, Apple, etc.)

• Profile information from those services (name, email, profile picture)

Analytics and Security Vendors:

• Usage analytics from third-party analytics platforms

• Fraud detection and security threat intelligence

• Performance monitoring and crash reporting data

Payment Processors:

• Transaction confirmation and payment status

• Fraud detection indicators

Business Partners and Integrations:

• Data from platforms you connect to our Services (with your authorization)

• Information from co-marketing partners or resellers

Public Sources:

• Publicly available information from social media profiles

• Public directories, databases, and registries

• Published research, articles, or other public content

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Provide and Maintain the Services

• Creating and managing your account

• Authenticating your identity and authorizing access

• Processing your requests and transactions

• Generating AI responses to your Input

• Storing conversation history and user preferences

• Providing customer support and technical assistance

• Managing subscriptions and billing

3.2 Improve and Develop the Services

• Analyzing usage patterns and trends

• Conducting research and development

• Testing new features and functionality

• Training and improving our AI models (subject to opt-out rights)

• Improving user experience and interface design

• Enhancing quality, accuracy, and safety of AI outputs

• Developing new products and services

3.3 Security and Abuse Prevention

• Detecting, preventing, and investigating fraud, abuse, and security incidents

• Protecting against malicious, deceptive, or illegal activity

• Enforcing our Terms of Service and Acceptable Use Policy

• Monitoring for and preventing violations of our policies

• Verifying compliance with usage limits and restrictions

• Protecting the rights, property, and safety of NiaKai, our users, and the public

3.4 Communications

• Sending service-related notices (account verification, security alerts, system updates)

• Providing technical notifications and platform status updates

• Responding to your inquiries and support requests

• Sending administrative messages about your account or transactions

• Requesting feedback through surveys or questionnaires

• Sending marketing communications (with your consent where required, and with opt-out options)

• Delivering newsletters, promotional offers, and product announcements

3.5 Legal and Contractual Obligations

• Complying with applicable laws, regulations, and legal processes

• Responding to lawful requests from public authorities

• Enforcing our Terms of Service and other agreements

• Protecting and defending our legal rights

• Fulfilling contractual obligations to enterprise customers

• Meeting regulatory requirements (e.g., tax, financial reporting, export controls)

3.6 Business Operations

• Managing corporate transactions (mergers, acquisitions, asset sales)

• Conducting internal audits and quality assurance

• Analyzing business performance and metrics

• Managing vendor and partner relationships

• Recruiting and hiring employees and contractors

4. Legal Bases for Processing (EEA/UK/Switzerland)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:

Contract Necessity: Processing is necessary to perform our contract with you (e.g., providing the Services, managing your account, processing payments).

Legitimate Interests: Processing is necessary for our legitimate interests or those of a third party, provided your rights and interests do not override those interests. Our legitimate interests include:

• Operating and improving our Services

• Ensuring security and preventing fraud

• Conducting research and development

• Marketing and promoting our Services

• Managing business operations

Legal Obligation: Processing is necessary to comply with our legal obligations under applicable law.

Consent: Processing is based on your explicit consent, which you may withdraw at any time without affecting the lawfulness of processing before withdrawal.

Vital Interests: In rare circumstances, processing may be necessary to protect vital interests (yours or another person's).

5. How We Share Your Information

We do not sell your personal information to third parties. We share information in the following circumstances:

5.1 Service Providers and Processors

We share information with third-party service providers who perform services on our behalf under confidentiality and data protection agreements. These providers are authorized to use your information only as necessary to provide services to us, including:

• Cloud hosting and infrastructure providers

• Payment processors and billing services

• Customer support and communication platforms

• Analytics and performance monitoring services

• Security and fraud prevention services

• Email and notification delivery services

• Marketing and advertising platforms

5.2 Technology Partners for De-Identified/Aggregated Data

We may share aggregated, de-identified, or anonymized data with technology partners, researchers, or other third parties for:

• AI model improvement and development

• Research and innovation

• Industry analysis and benchmarking

• Product development and testing

This data cannot reasonably be used to identify you individually.

5.3 Business Transfers

In connection with any merger, acquisition, sale of assets, financing, bankruptcy, or other business transaction, we may transfer or share your information to the acquiring or successor entity. We will notify you of such a transfer and any choices you may have.

5.4 Legal Requirements and Safety

We may disclose your information when we believe in good faith that disclosure is necessary to:

• Comply with applicable laws, regulations, legal processes, or enforceable governmental requests

• Enforce our Terms of Service, Acceptable Use Policy, or other agreements

• Detect, prevent, or address fraud, security, or technical issues

• Protect against harm to the rights, property, or safety of NiaKai, our users, or the public as required or permitted by law

• Respond to lawful requests from law enforcement or regulatory authorities

• Defend against legal claims or investigations

5.5 With Your Direction or Consent

We may share your information with third parties when you:

• Explicitly direct us to share information

• Authorize integrations with third-party services

• Participate in joint offerings or promotions with partners

• Provide consent for specific sharing purposes

5.6 California Consumer Privacy Rights (CCPA/CPRA)

No Sale or Sharing for Cross-Context Behavioral Advertising:
We do not "sell" personal information as defined under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). We do not "share" personal information for cross-context behavioral advertising purposes.

We honor Global Privacy Control (GPC) signals transmitted by your browser. If our practices change in the future to include selling or sharing personal information, we will update this Privacy Policy and provide appropriate opt-out mechanisms as required by law.

6. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention Factors:

• The type and sensitivity of the information

• The purposes for which we process the information

• Whether we can achieve those purposes through other means

• Applicable legal, regulatory, tax, accounting, or other requirements

• Your account status and activity level

• Contractual obligations (e.g., enterprise Data Processing Agreements)

Typical Retention Periods:

• Account information: Retained while your account is active, plus a reasonable period afterward to comply with legal obligations

• User content (Input/Output): Retained according to your account settings or for a limited period as necessary to provide Services

• Transaction records: Retained as required for tax, accounting, and legal compliance (typically 7 years)

• Communications: Retained as necessary to respond to inquiries and maintain records of communications

• Usage data and logs: Typically retained for 12-24 months unless required for security, fraud prevention, or legal purposes

Enterprise Customers: Retention periods for enterprise customers are governed by the applicable Data Processing Agreement or Statement of Work.

After the retention period expires, we will delete or de-identify your information in accordance with applicable law and our internal policies.

7. Cookies and Similar Technologies

7.1 Types of Cookies We Use

Essential Cookies (Required):

• Authentication and security

• Session management and load balancing

• Security features and fraud prevention

• Remembering your privacy preferences

Analytics and Performance Cookies:

• Understanding how visitors use our Services

• Measuring and improving performance

• Identifying and diagnosing technical issues

• Conducting A/B testing and experimentation

Functional and Personalization Cookies:

• Remembering your preferences and settings

• Providing personalized content and recommendations

• Enabling enhanced features and functionality

• Language and regional preferences

Advertising Cookies (Where Applicable):

• Delivering targeted advertisements

• Measuring ad campaign effectiveness

• Frequency capping and attribution

• Retargeting and remarketing

7.2 Third-Party Cookies

We may allow third-party service providers to place cookies on your device to help us with analytics, advertising, and other services. These third parties are subject to their own privacy policies.

7.3 Your Cookie Choices

Browser Controls: Most web browsers allow you to control cookies through settings. You can typically:

• Block all cookies

• Block third-party cookies

• Delete cookies after each session

• Receive notifications when cookies are set

Note that blocking or deleting essential cookies may impair your ability to use certain features of the Services.

On-Site Preferences Tool: We provide a cookie preference center accessible through our website where you can manage your cookie preferences for non-essential cookies.

Opt-Out Tools:

• Google Analytics: https://tools.google.com/dlpage/gaoptout

• Network Advertising Initiative: http://optout.networkadvertising.org/

• Digital Advertising Alliance: http://optout.aboutads.info/

Global Privacy Control (GPC): We honor GPC signals for California residents and other applicable users.

7.4 Consent

Where required by law (e.g., in the EEA, UK, or Switzerland), we obtain your consent before placing non-essential cookies through a cookie banner displayed when you first visit our website.

8. Third-Party Links and Services

The Services may contain links to third-party websites, applications, plug-ins, or services that are not owned or controlled by NiaKai. We are not responsible for the privacy practices or content of these third parties.

When you access third-party services, you are subject to their privacy policies and terms of service. We encourage you to review the privacy policies of any third-party services before providing them with your information.

9. Data Security

We take the security of your personal information seriously and employ administrative, technical, and organizational safeguards designed to protect your information.

9.1 Security Measures

Technical Safeguards:

• Encryption in transit using TLS/SSL protocols

• Encryption at rest for sensitive data (where appropriate)

• Secure authentication mechanisms

• Regular security patching and updates

• Intrusion detection and prevention systems

• Security monitoring and logging

• Vulnerability scanning and penetration testing

Administrative Safeguards:

• Access controls and principle of least privilege

• Multi-factor authentication (MFA) for privileged access

• Background checks for employees with access to sensitive data

• Regular security training and awareness programs

• Incident response and breach notification procedures

• Vendor security assessments and due diligence

Organizational Safeguards:

• Information security policies and procedures

• Data classification and handling standards

• Regular security audits and assessments

• Security governance and oversight

• Privacy by design principles

9.2 Security Limitations

While we implement reasonable security measures, please be aware that:

• No method of transmission over the internet is 100% secure

• No method of electronic storage is completely secure

• We cannot guarantee absolute security of your information

• You are responsible for maintaining the confidentiality of your account credentials

If you believe your account has been compromised, please notify us immediately at security@niakai.ai.

10. International Data Transfers

NiaKai operates primarily in the United States. We may transfer, store, and process your information in the United States and other countries where we or our service providers maintain facilities.

10.1 Transfers from the EEA/UK/Switzerland

If you are located in the European Economic Area, United Kingdom, or Switzerland, your information may be transferred to countries that do not provide an equivalent level of data protection as your home country.

When we transfer personal data from the EEA, UK, or Switzerland to other countries, we use one or more of the following legal mechanisms:

Standard Contractual Clauses (SCCs): We use European Commission-approved Standard Contractual Clauses or UK International Data Transfer Agreements/Addendums with our service providers and partners.

Adequacy Decisions: We transfer data to countries that have been deemed by the European Commission or UK authorities to provide adequate data protection.

Other Lawful Mechanisms: In some cases, we may rely on other legal bases such as your explicit consent, performance of a contract, or establishment/defense of legal claims.

10.2 Additional Safeguards

Where appropriate, we implement additional technical, organizational, and contractual safeguards to protect your information during international transfers, including:

• Encryption in transit and at rest

• Access controls and authentication

• Data minimization practices

• Regular audits and assessments of data processors

• Contractual commitments regarding data security and privacy

10.3 Cross-Border Data Transfer Impact Assessment

We have conducted transfer impact assessments where required and implemented supplementary measures to ensure adequate protection of your personal data when transferred internationally.

11. Your Privacy Rights

Your rights vary depending on your jurisdiction. Below we describe rights that may be available to you.

11.1 General Rights (Where Applicable)

Right to Access: Request access to the personal information we hold about you and receive a copy of that information.

Right to Correction: Request correction of inaccurate or incomplete personal information.

Right to Deletion/Erasure: Request deletion of your personal information, subject to certain exceptions (e.g., legal obligations, legitimate interests, defense of legal claims).

Right to Restriction of Processing: Request that we limit how we process your personal information in certain circumstances.

Right to Object: Object to our processing of your personal information based on legitimate interests or for direct marketing purposes.

Right to Data Portability: Receive your personal information in a structured, commonly used, and machine-readable format and transmit it to another controller.

Right to Withdraw Consent: Where processing is based on consent, withdraw your consent at any time without affecting the lawfulness of processing before withdrawal.

Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your privacy rights.

11.2 California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

Right to Know: Request information about the categories and specific pieces of personal information we have collected, the sources from which it was collected, the purposes for collection, and the categories of third parties with whom we share it.

Right to Access: Request a copy of the personal information we have collected about you in the preceding 12 months.

Right to Correction: Request that we correct inaccurate personal information.

Right to Deletion: Request deletion of personal information we have collected, subject to certain exceptions.

Right to Limit Use and Disclosure of Sensitive Personal Information: Request that we limit the use of your sensitive personal information to purposes necessary to provide the Services and for other specified purposes permitted by law.

Right to Opt-Out of Sale/Sharing: While we do not currently sell or share personal information for cross-context behavioral advertising, you have the right to opt out if our practices change. We honor Global Privacy Control (GPC) signals.

Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your CCPA rights.

Authorized Agents: You may designate an authorized agent to make requests on your behalf. We will require proof of authorization.

11.3 EEA/UK/Switzerland Privacy Rights (GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the rights described in Section 11.1 under the General Data Protection Regulation (GDPR) or equivalent UK data protection law.

Right to Lodge a Complaint: You have the right to lodge a complaint with your local supervisory authority (data protection authority) if you believe our processing of your personal information violates applicable law.

List of EEA Supervisory Authorities: https://edpb.europa.eu/about-edpb/about-edpb/members_en

UK Information Commissioner's Office: https://ico.org.uk/

Swiss Federal Data Protection and Information Commissioner: https://www.edoeb.admin.ch/

11.4 U.S. State Privacy Rights

Residents of certain U.S. states (including Colorado, Connecticut, Virginia, Utah, Montana, Texas, Oregon, and others) may have additional privacy rights, including:

Right to Confirm and Access: Confirm whether we process your personal data and access that data.

Right to Correction: Correct inaccuracies in your personal data.

Right to Deletion: Delete personal data you have provided.

Right to Data Portability: Obtain a copy of your personal data in a portable format.

Right to Opt Out of:

• Targeted advertising

• Sale of personal data

• Profiling in furtherance of decisions that produce legal or similarly significant effects

Right to Appeal: If we deny your privacy rights request, you have the right to appeal our decision.

11.5 How to Exercise Your Rights

To exercise any of these rights, please:

Email: privacy@niakai.ai

Subject Line: Include "Privacy Rights Request" and specify the type of request (e.g., "Access Request," "Deletion Request")

Information to Include:

• Your full name

• Email address associated with your account

• Specific right you wish to exercise

• Sufficient detail to allow us to verify your identity

Enterprise Customers: Enterprise users may also manage certain data controls and model-improvement settings through your administrator account settings or as specified in your Data Processing Agreement.

11.6 Verification Process

To protect your privacy and security, we will verify your identity before processing your request. We may request additional information to verify your identity, such as:

• Account credentials

• Email verification

• Additional identifying information

For authorized agents, we will require proof of authorization, such as a signed permission document or power of attorney.

11.7 Response Timeline

We will respond to verified requests within the timeframes required by applicable law:

• CCPA/CPRA: 45 days (with possible 45-day extension if needed)

• GDPR: 1 month (with possible 2-month extension for complex requests)

• Other state laws: As specified by applicable law

11.8 Model Training Opt-Out

Consumer Users: If you wish to opt out of having your data used for AI model training and improvement:

• Email us at privacy@niakai.ai with subject line "Model Training Opt-Out"

• Use the opt-out settings in your account dashboard (where available)

Opting out will not affect your ability to use the Services but may limit our ability to improve features and performance based on usage patterns.

12. Children's Privacy

The Services are not directed to children under the age of 13 (or under 16 in the EEA, UK, or Switzerland). We do not knowingly collect personal information from children under these ages.

If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us at privacy@niakai.ai. We will take steps to delete such information and terminate the child's account.

If we learn that we have collected personal information from a child under the applicable age without proper parental consent, we will delete that information as quickly as possible.

13. California "Shine the Light" Law

California Civil Code Section 1798.83 permits California residents to request certain information about our disclosure of personal information to third parties for their direct marketing purposes during the preceding calendar year.

To make such a request, please email privacy@niakai.ai with "California Shine the Light Request" in the subject line. Please include your name, mailing address, and email address in your request.

We will respond to one request per customer per year. Please note that we do not currently share personal information with third parties for their direct marketing purposes as defined by this law.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

14.1 Notice of Changes

We will notify you of material changes by:

• Posting the updated Privacy Policy on our website

• Updating the "Last Updated" date at the top of this Privacy Policy

• Sending notice to the email address associated with your account (for material changes)

• Displaying a prominent notice or banner on the Platform (for significant changes)

14.2 Continued Use

Your continued use of the Services after the effective date of the updated Privacy Policy constitutes your acceptance of the changes. If you do not agree to the updated Privacy Policy, you must stop using the Services and may delete your account.

14.3 Review Recommendations

We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your information.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

NiaKai, Inc.
Attn: Privacy Department
548 Market Street, PMB 298862
San Francisco, CA 94104-5401

Email: privacy@niakai.ai
Phone: 510-906-6588
Website: www.niakai.ai

15.1 Data Protection Officer

At this time, we have not appointed a Data Protection Officer (DPO). If a DPO is appointed in the future, their contact information will be provided here.

15.2 EU/UK Representative

At this time, we have not appointed an EU or UK representative. If required under applicable law, we will designate representatives and provide their contact information in this Privacy Policy.

16. Dispute Resolution

16.1 Informal Resolution

If you have concerns about how we handle your personal information, please contact us first at privacy@niakai.ai. We will make good faith efforts to resolve your concerns.

16.2 Supervisory Authority (EEA/UK/Switzerland)

If you are located in the EEA, UK, or Switzerland and are unsatisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.

16.3 U.S. Users

For U.S. users, disputes relating to privacy may be subject to the arbitration provisions and venue provisions set forth in our Terms of Service, except where prohibited by applicable law.

By using the NiaKai Services, you acknowledge that you have read, understood, and agree to this Privacy Policy.