Privacy Policy

Effective Date: January 15, 2025

Your privacy is important to Exoria LLC (“Exoria,” “we,” “us,” or “our”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Exoria mobile application (the “App”) and related services (collectively, the “Services”). Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the Services.

1. Information We Collect

Personal Information You Provide to Us

When you register for an account or use our Services, we may collect the following personal information:

  • Account Information: Email address, username, first name, last name, birth date, gender, phone number
  • Profile Information: Profile pictures, character profiles, personality traits, backstories, and other information you provide when creating AI characters or personal profiles
  • Payment Information: When you make purchases, payment processing is handled by third-party payment processors (Apple App Store, RevenueCat). We do not store credit card numbers or banking information
  • Communications: Information you provide when contacting our support team or participating in surveys

Information Collected Automatically

When you use our Services, we automatically collect certain information:

  • Device Information: Device type, operating system version, unique device identifiers (IDFA), timezone, locale, and language settings
  • Usage Data: Features used, AI models selected, conversation logs, voice recordings, images and videos generated, boards created, time spent in the app, and interaction patterns
  • Location Information: General geographic location based on IP address (we do not collect precise GPS location)
  • Analytics Data: App opens, session duration, crashes, performance data, and feature usage statistics

Content You Create

  • Conversations: Text messages, voice messages, and conversations with AI assistants
  • Generated Content: Images, videos, and other creative content you generate using our AI tools
  • Boards and Posts: Content you create and organize on boards, including text, images, videos, and other media
  • Voice Data: Voice recordings when using voice chat features or text-to-speech functionality

2. How We Use Your Information

To Provide and Improve Our Services

  • Create and manage your account
  • Enable AI conversations with personalized assistants
  • Generate images, videos, and other creative content
  • Provide voice synthesis and speech recognition features
  • Sync your data across devices
  • Process transactions and manage subscriptions

To Personalize Your Experience

  • Remember your preferences and settings
  • Customize AI assistant personalities and voices
  • Provide personalized content recommendations
  • Maintain conversation context and memories

To Communicate With You

  • Send important notices about your account or changes to our Services
  • Respond to your inquiries and support requests
  • Send push notifications about group activities (with your permission)

For Safety and Security

  • Detect and prevent fraud, abuse, or violations of our Terms of Service
  • Protect the rights, property, and safety of Exoria, our users, and others
  • Enforce our Terms of Service and other policies

For Analytics and Research

  • Understand how users interact with our Services
  • Improve our AI models and features
  • Conduct research and analysis to enhance user experience
  • Monitor and analyze trends and usage patterns

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:

  • Consent: When you have given clear consent for specific processing activities
  • Contract: When processing is necessary to provide the Services you requested
  • Legal Obligation: When we must process data to comply with applicable laws
  • Legitimate Interests: When processing is necessary for our legitimate business interests, such as improving our Services, provided these interests are not overridden by your rights

4. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following circumstances:

Service Providers

We work with third-party service providers who assist us in operating our Services:

  • Cloud Infrastructure: Supabase for database hosting and real-time features
  • Authentication: Clerk for secure user authentication
  • AI Services: OpenAI, Anthropic, Google, and other AI providers for language models and content generation (only conversation content necessary for processing is shared)
  • Image/Video Generation: Fal.ai, Black Forest Labs, Luma AI, Ideogram, and other providers for creative content generation
  • Payment Processing: Apple App Store and RevenueCat for subscription management
  • Analytics: Services to help us understand app usage and improve performance
  • Push Notifications: Services to deliver notifications to your device

These providers are contractually obligated to protect your information and use it only for the services they provide to us.

Within Organizations/Groups

  • Content you create within an organization or group may be visible to other members based on the permissions set by the organization
  • Organization administrators may have access to usage statistics and content created within their organization

Legal Requirements

We may disclose your information if required to do so by law or in response to valid legal requests, including:

  • Court orders or subpoenas
  • Government investigations
  • To protect our rights, privacy, safety, or property
  • To enforce our Terms of Service

Business Transfers

If Exoria is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control.

5. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using TLS/SSL
  • Encryption of sensitive data at rest
  • Regular security assessments and updates
  • Access controls and authentication requirements
  • Secure cloud infrastructure with regular backups

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

6. Data Retention

We retain your personal information for as long as necessary to provide our Services and fulfill the purposes outlined in this Privacy Policy. Specifically:

  • Account Information: Retained as long as your account is active
  • Content: User-generated content is retained until you delete it or your account
  • Conversation History: Retained to maintain context and memories for AI assistants
  • Analytics Data: Typically retained for 24 months
  • Legal Compliance: Some data may be retained longer if required by law

When you delete your account, we will delete or anonymize your personal information within 30 days, except where retention is necessary for legal obligations or legitimate business purposes.

7. Your Privacy Rights

Rights for All Users

Regardless of your location, you have the following rights:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information
  • Portability: Receive your data in a structured, machine-readable format
  • Opt-out: Opt out of certain communications or data processing activities

Additional Rights for EEA, UK, and Swiss Residents

If you are located in the EEA, UK, or Switzerland, you also have the right to:

  • Object: Object to processing based on legitimate interests
  • Restrict: Request restriction of processing in certain circumstances
  • Withdraw Consent: Withdraw consent where processing is based on consent
  • Lodge a Complaint: File a complaint with your local data protection authority

Additional Rights for US Residents

If you are a resident of California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Nevada, Delaware, Iowa, New Hampshire, New Jersey, Nebraska, Tennessee, Minnesota, or Montana, you have additional rights under state privacy laws:

  • Right to Know: Request information about the categories of personal information we collect and how it’s used
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt out of the “sale” of personal information (we do not sell personal information)
  • Right to Non-Discrimination: Not be discriminated against for exercising your privacy rights

California residents may also request information about categories of personal information shared with third parties for direct marketing purposes (we do not share information for such purposes).

How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@exoria.app. We will respond to your request within the timeframe required by applicable law (generally within 30 days). We may need to verify your identity before processing your request.

8. Children’s Privacy

Exoria is not intended for children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children under these ages. If we learn that we have collected personal information from a child under the applicable age without parental consent, we will take steps to delete that information promptly. If you believe we have collected information from a child under the applicable age, please contact us immediately.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States where many of our service providers are located. These countries may have data protection laws that differ from the laws of your country.

When we transfer personal data from the EEA, UK, or Switzerland to other countries, we implement appropriate safeguards, such as:

  • Standard contractual clauses approved by the European Commission
  • Ensuring recipients are certified under approved data protection frameworks
  • Obtaining your explicit consent for the transfer

10. Third-Party Links and Services

Our Services may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

11. Push Notifications

With your consent, we may send push notifications to your device to provide updates about group activities, new features, or other relevant information. You can disable push notifications at any time through your device settings.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the new Privacy Policy in the App and updating the “Effective Date” at the top. For significant changes, we may also notify you via email or push notification.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

Exoria LLC

5900 Balcones Drive Suite 100

Austin, TX 78731

United States

Email: privacy@exoria.app

Support: support@exoria.app

For users in the European Economic Area, you may also contact your local data protection authority if you have concerns about our handling of your personal information.

14. Accessibility

We are committed to ensuring this Privacy Policy is accessible to all users. If you need this policy in an alternative format, please contact us at accessibility@exoria.app.

15. SMS Messaging and Mobile Information

When you use our social invite system, we may collect and use your mobile phone number to send SMS messages. We take your privacy seriously and handle your mobile information with the following practices:

Information Collection and Use

- We collect phone numbers only when you explicitly provide them for our social invite system - Phone numbers are used solely to send invitation messages to the contacts you specify - We do not sell, rent, or share your mobile information with third parties for their marketing purposes - We may share information with service providers who assist us in operating our SMS services, but only for that limited purpose

SMS Consent and Opt-Out

- By providing your phone number, you consent to receive SMS messages from Exoria - Message and data rates may apply depending on your mobile carrier plan - You can opt-out of SMS messages at any time by replying STOP to any message - For help, reply HELP to any message or contact us at support@exoria.ai

Data Security

- We implement appropriate technical and organizational measures to protect your mobile information - Phone numbers are encrypted and stored securely - We retain phone numbers only as long as necessary to provide our services