Privacy Policy

Last Updated: December 6, 2024

1. Introduction

Avatarooms ("we", "us", "our", or "the Service") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered avatar generation and social media platform.

This Privacy Policy complies with:

• General Data Protection Regulation (GDPR) - Regulation (EU) 2016/679
• ePrivacy Directive (EU) 2002/58/EC
• Other applicable EU and national data protection laws

2. Data Controller

Data Controller: Novum universum, UAB

Legal Information:
Company Code: 304773257
Address: Piromonto g. 7-61, Vilnius, Lithuania

Contact Information:

• Email: privacy@avatarooms.com
• Website: https://avatarooms.com

Data Protection Officer: If you have questions about data protection, please contact us at privacy@avatarooms.com

3. Information We Collect

3.1 Information You Provide

We collect information that you provide directly to us, including:

• Account Information: Email address, password (encrypted), username, profile information
• Authentication Data: Information provided when using Google Sign-In or email/password authentication
• Content: Avatars, videos, images, text, comments, and other content you create or upload
• Profile Information: Avatar preferences, personality descriptions, generation settings
• Communications: Messages, feedback, and support requests

3.2 Information Collected Automatically

When you use our Service, we automatically collect certain information:

• Device Information: Device type, operating system, unique device identifiers
• Usage Data: Pages visited, features used, time spent, interactions
• Log Data: IP address, browser type, access times, referring URLs
• Location Data: General location information (if you provide it for avatar generation)

3.3 Information from Third Parties

We may receive information from third-party services:

• Google Sign-In: Name, email address, profile picture (if you use Google authentication)
• Firebase: Authentication and usage analytics data
• AI Service Providers: Data necessary for content generation (SDXL, Google Veo 3)

4. Legal Basis for Processing (GDPR) and EU AI Act

4.1 GDPR Legal Bases

We process your personal data based on the following legal bases:

• Consent: When you consent to specific processing activities (e.g., marketing communications)
• Contract Performance: To provide the Service and fulfill our Terms and Conditions
• Legitimate Interests: To improve our Service, ensure security, and prevent fraud
• Legal Obligation: To comply with applicable laws and regulations

4.2 EU AI Act Disclosures

In accordance with the EU AI Act's transparency requirements:

• Automated Interaction: We inform you that you are interacting with an AI system when generating avatars or videos.
• Content Generation: Personal data (such as photos or descriptions you provide) is processed by AI models (General Purpose AI models) to generate new synthetic content.
• No High-Risk AI Systems: Our current use of AI for avatar and video generation is not classified as a "High-Risk AI System" (e.g., for biometric identification, critical infrastructure, or employment screening) under the EU AI Act. It is intended for creative and entertainment purposes.

5. How We Use Your Information

We use the information we collect for the following purposes:

• Service Provision: To create and manage your account, generate avatars and videos, and provide social features
• Authentication: To verify your identity and secure your account
• Content Delivery: To store, process, and deliver your created content
• Service Improvement: To analyze usage patterns and improve our Service
• Communication: To respond to your inquiries and send service-related notifications
• Security: To detect and prevent fraud, abuse, and security threats
• Legal Compliance: To comply with legal obligations and enforce our Terms

6. Data Sharing and Disclosure

6.1 Third-Party Service Providers

We share your information with trusted third-party service providers who assist us in operating our Service:

• Firebase (Google): Authentication, database, storage, and hosting services
• Google Cloud Platform: Infrastructure and AI services (Veo 3)
• AI Service Providers: SDXL and other AI services for content generation
• Analytics Providers: To understand how our Service is used

All third-party service providers are contractually obligated to protect your data and use it only for specified purposes.

6.2 Data Transfers Outside the EU

Some of our service providers are located outside the European Economic Area (EEA). When we transfer your data outside the EEA, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by the European Commission
• Other appropriate safeguards as required by GDPR

6.3 Legal Requirements

We may disclose your information if required by law or in response to valid legal requests from government authorities.

6.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

• Account Data: Retained while your account is active and for 30 days after account deletion
• Content: Retained until you delete it or your account is deleted
• Log Data: Retained for up to 12 months for security and analytics purposes
• Legal Requirements: Some data may be retained longer if required by law

You can request deletion of your data at any time (see Section 9 - Your Rights).

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• Encryption of data in transit (HTTPS/TLS)
• Encryption of sensitive data at rest
• Secure authentication mechanisms
• Regular security assessments and updates
• Access controls and authentication requirements
• Firebase security features and compliance

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

9. Your Rights Under GDPR

If you are located in the European Union, you have the following rights regarding your personal data:

9.1 Right of Access

You have the right to obtain confirmation of whether we process your personal data and to access that data.

9.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data.

9.3 Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data in certain circumstances, including when:

• The data is no longer necessary for the original purpose
• You withdraw consent and there is no other legal basis
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed

9.4 Right to Restrict Processing

You have the right to request restriction of processing in certain circumstances.

9.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

9.6 Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

9.7 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw consent at any time.

9.8 Right to Lodge a Complaint

You have the right to lodge a complaint with your local data protection authority if you believe we have violated your data protection rights.

Find your local data protection authority: European Data Protection Board

9.9 How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@avatarooms.com. We will respond to your request within one month (or up to two months for complex requests).

10. Cookies and Tracking Technologies

10.1 Types of Cookies

We use cookies and similar tracking technologies to:

• Essential Cookies: Required for the Service to function (authentication, security)
• Analytics Cookies: To understand how users interact with our Service
• Functional Cookies: To remember your preferences and settings

10.2 Cookie Consent

For non-essential cookies, we obtain your consent before placing them on your device, in accordance with the ePrivacy Directive.

10.3 Managing Cookies

You can control cookies through your browser settings. However, disabling certain cookies may affect the functionality of the Service.

11. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information.

For users between 13 and 18, we require parental consent in accordance with applicable laws.

12. International Data Transfers

Your information may be transferred to and processed in countries outside the EEA, including the United States. We ensure appropriate safeguards are in place for such transfers, including:

• Standard Contractual Clauses
• Adequacy decisions
• Other GDPR-compliant transfer mechanisms

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated Privacy Policy on our website
• Updating the "Last Updated" date
• Sending you an email notification (if you have an account)

Your continued use of the Service after such changes constitutes your acceptance of the updated Privacy Policy.

14. Third-Party Services

Our Service integrates with third-party services that have their own privacy policies:

• Firebase (Google): Firebase Privacy Policy
• Google Sign-In: Google Privacy Policy
• Google Cloud Platform: Google Cloud Privacy

We encourage you to review these privacy policies to understand how these services handle your data.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Novum universum, UAB
Address: Piromonto g. 7-61, Vilnius, Lithuania
Email: privacy@avatarooms.com
Website: https://avatarooms.com

Data Protection Officer: privacy@avatarooms.com

16. Additional Information for EU Users

If you are located in the European Union, you have additional rights and protections under GDPR. This Privacy Policy is designed to comply with GDPR requirements.

For questions about your data protection rights or to file a complaint, you may also contact your local data protection authority.

← Back to Home