隐私政策

本文件完整版本以下为英语版本。中文翻译即将推出。

Privacy Policy

Last updated: March 2025

Our Commitment to Privacy

At Divinci AI, we are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, process, and safeguard your information when you use our website, mobile applications (Android and iOS), and services (collectively, the “Services”).

1. Information We Collect

1.1 Information You Provide

• Account Information: Name, email address, and profile information when you create an account
• Contact Information: Name, email address, company name when you contact us or request demos
• Chat and AI Interaction Data: Messages, prompts, and content you submit when using our AI chat features
• Communication Data: Messages, feedback, and support requests
• Files and Documents: Files you upload for AI processing, including documents added to knowledge bases

1.2 Information Automatically Collected

• Website Usage Data: Pages visited, time spent, click patterns
• App Usage Data: Features used, session duration, interaction patterns within our mobile apps
• Technical Data: IP address, browser type, device information, operating system version, device identifiers
• Performance Data: App and website performance metrics, error logs, and crash reports
• Push Notification Tokens: Device tokens for delivering push notifications (if you opt in)

1.3 Information from Third-Party Services

When you choose to connect third-party services, we may collect:

• Google Account Data: Name, email, and profile information when you sign in with Google or connect Google Drive and Gmail
• Authentication Data: Tokens and identifiers from our authentication provider to manage your account securely

1.4 Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Ensure website functionality
• Analyze website and app performance
• Provide personalized experience (with your consent)

2. Third-Party Services and SDKs

Our Services integrate the following third-party services, each with their own privacy practices:

2.1 Authentication

• Auth0 (by Okta): Manages user authentication and account security. Processes email, name, and login credentials. Auth0 Privacy Policy

2.2 Analytics and Crash Reporting

• Firebase Analytics (by Google): Collects app usage data, device information, and anonymized interaction events to help us improve our Services. Firebase Privacy Information
• Firebase Crashlytics (by Google): Collects crash reports including device state, stack traces, and device identifiers to help us identify and fix issues. Data is retained for 90 days.

2.3 Push Notifications

• Firebase Cloud Messaging (by Google): Processes device tokens to deliver push notifications. You can opt out of notifications through your device settings at any time.

2.4 App Integrity

• Firebase App Check with Play Integrity (Android) / App Attest (iOS): Verifies that requests to our backend come from genuine instances of our app. Does not collect personal data.

2.5 AI Processing

• AI Language Models: Your chat messages and uploaded content are processed by AI language model providers to generate responses. We do not use your conversations to train AI models. AI-generated content may be inaccurate and should not be relied upon as professional advice.

2.6 Cloud Infrastructure

• Google Cloud Platform: Our backend services run on Google Cloud infrastructure with data processing agreements in place.

3. Legal Basis for Processing (GDPR)

We process your personal data based on:

• Consent: For analytics, marketing cookies, and optional integrations
• Legitimate Interest: For app functionality, security, and crash reporting
• Contract Performance: When providing our Services to you
• Legal Obligation: When required by law

4. How We Use Your Information

4.1 Essential Uses

• Provide, maintain, and improve our Services
• Authenticate your identity and manage your account
• Process your AI chat requests and deliver responses
• Deliver push notifications you have opted in to
• Respond to your inquiries and support requests
• Ensure app and website security and functionality
• Detect, prevent, and address technical issues

4.2 With Your Consent

• Analytics to improve our website and apps
• Marketing communications
• Personalized content recommendations
• Third-party service integrations (Google Drive, Gmail)

5. Data Sharing and Disclosure

We do not sell your personal data. We may share data with:

5.1 Service Providers

• Cloud hosting and infrastructure providers (with data processing agreements)
• Authentication service providers
• Analytics and crash reporting providers (when you consent or as described above)
• AI model providers for processing your requests
• Customer support tools

5.2 Legal Requirements

• When required by law or legal process
• To protect our rights and safety
• In connection with business transfers (mergers, acquisitions, or asset sales)

6. Data Retention

• Account Data: Retained for as long as your account is active. Upon account deletion, your personal data is deleted within 30 days, except where we are required by law to retain it.
• Chat and AI Data: Conversation history is retained while your account is active and deleted upon account deletion.
• Crash Reports: Retained for 90 days by Firebase Crashlytics.
• Analytics Data: Aggregated analytics data is retained for up to 14 months by Firebase Analytics.
• Backup Data: Backup copies may persist for up to 30 days after deletion.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS/SSL.
• Encryption at Rest: Personal data stored on our servers is encrypted at rest.
• Access Controls: Strict access controls limit who within our organization can access personal data.
• Regular Audits: We regularly review our security practices and update them as needed.

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

8. Children’s Privacy

Our Services are not directed to children under the age of 13 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at privacy@divinci.ai and we will take steps to delete such information promptly.

9. Your Rights

9.1 GDPR Rights (EEA, UK, Switzerland)

• Right of Access: Request information about your personal data
• Data Portability: Receive your data in a structured, machine-readable format
• Rectification: Correct inaccurate personal data
• Erasure: Request deletion of your personal data
• Restriction: Limit how we process your data
• Objection: Object to processing for direct marketing
• Withdraw Consent: Revoke consent at any time

9.2 CCPA Rights (California Residents)

• Right to Know: What personal information we collect and how it is used
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt out of the sale of personal information (we do not sell personal information)
• Non-Discrimination: We will not discriminate against you for exercising your rights

9.3 Apple App Store (iOS Users)

• You may request deletion of your account and all associated data directly within the app or by contacting us
• We comply with Apple’s App Store Review Guidelines regarding user privacy and data handling

9.4 Google Play Store (Android Users)

• You may request deletion of your account and all associated data directly within the app or by contacting us
• Our Data Safety disclosures in the Google Play Store accurately reflect our data practices as described in this policy

10. Your Privacy Controls

11. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including Standard Contractual Clauses where required, to protect your data in accordance with this policy and applicable law.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the “Last updated” date. Your continued use of our Services after changes constitutes acceptance of the updated policy.

Contact Information

Divinci AI Email: privacy@divinci.ai Data Protection Officer: dpo@divinci.ai

For any privacy-related requests or questions, contact us at privacy@divinci.ai with a response time of within 30 days.