Privacy Policy

1. Introduction

SkyAIApp, Inc. ("we," "us," or "SkyAIApp") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your information when you visit our website, use our platform services, or interact with us. By using our Services, you agree to the practices described in this Privacy Policy.

2. Information We Collect

2.1 Information You Provide

• Account information: name, email, company name, job title provided during registration
• Billing information: payment method, billing address, tax information (we do not directly store full credit card numbers; handled by third-party payment processors)
• Communications: information you send us through support, email, or feedback channels
• User content: prompts, input data, and configurations submitted through the Services (may be logged for debugging and evaluation based on your settings)

2.2 Information Collected Automatically

• Usage data: API request counts, latency, error rates, routing decisions, cache hit rates, token usage, and other operational metrics
• Device information: IP address, browser type, operating system, device identifiers
• Log data: access times, pages viewed, clickstream, referring URLs
• Cookies and similar technologies: for session management, preferences, and analytics (see Cookie Policy section)

2.3 Information from Third Parties

• Single Sign-On (SSO) providers: when you use Google, GitHub, or other third-party login, we may receive your basic profile information
• Business partners: contact information from referral or integration partners
• Public sources: publicly available information for business development purposes

3. How We Use Your Information

We use the information we collect for the following purposes:

• Provide Services: operate, maintain, and improve the SkyAIApp platform
• Account Management: create and manage your account, process transactions, send service-related notices
• Customer Support: respond to your requests, questions, and feedback
• Security and Compliance: detect and prevent fraud, abuse, and security threats; comply with legal obligations
• Analytics and Improvement: analyze usage patterns to improve service performance and user experience
• Communications: send product updates, marketing messages (you can opt out anytime), and important announcements
• Legal Purposes: establish, exercise, or defend legal claims

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), UK, or Switzerland, we process your personal data based on the following legal bases:

• Contract Performance: processing necessary to provide the services you requested
• Legitimate Interests: for operating and improving services, preventing fraud, etc., where not overridden by your rights
• Legal Obligation: compliance with applicable laws and regulations
• Consent: where applicable, based on your explicit consent (which you may withdraw at any time)

5. Information Sharing and Disclosure

We do not sell your personal information. We may share information in the following circumstances:

• Service Providers: with third-party vendors who help us operate the Services (e.g., cloud infrastructure, payment processing, analytics), bound by contracts to process data only as instructed
• AI Model Providers: when you use our Services to call third-party AI models, your prompts and input data are sent to the respective model providers (e.g., OpenAI, Anthropic, Google), subject to their privacy policies
• Business Transfers: in the event of a merger, acquisition, or asset sale, your information may be transferred as part of the transaction
• Legal Requirements: when we believe in good faith that disclosure is necessary to comply with law, protect our rights, investigate fraud, or respond to government requests
• With Your Consent: with other parties when you give us explicit permission
• Aggregated or Anonymized Data: we may share aggregated or anonymized information that cannot reasonably identify you

6. Data Retention

We retain data according to the following principles:

• Account Data: retained while your account is active, deleted within 30 days after account closure (unless legally required to retain longer)
• Usage Metrics: retained longer for reliability and billing purposes (typically 12-24 months)
• Content Traces (prompt/output logs): retained according to your configuration, default 30 days, you can choose shorter retention or disable entirely
• Audit Logs: retained per compliance requirements, typically 1-7 years
• Anonymized Data: may be retained indefinitely for analytics and service improvement

7. Data Security

We implement industry-standard technical and organizational measures to protect your data:

• Encryption in Transit: all data transmission uses TLS 1.2+ encryption
• Encryption at Rest: databases and storage use AES-256 encryption
• Access Control: role-based access control (RBAC), least privilege principle, multi-factor authentication
• Infrastructure Security: hosted on cloud providers with SOC 2, ISO 27001 certifications
• Security Monitoring: 24/7 security monitoring, intrusion detection, regular security audits
• Incident Response: documented incident response procedures, commitment to notify affected users within 72 hours of discovering a serious security incident

⚠️ While we take reasonable measures to protect your data, no system is 100% secure. You are responsible for keeping your account credentials secure.

8. International Data Transfers

SkyAIApp is headquartered in the United States. If you access our Services from the European Economic Area, UK, Switzerland, or other countries, your data may be transferred to the United States or other countries where data protection laws may differ from your country. We ensure appropriate data protection through: Standard Contractual Clauses (SCCs), adherence to the EU-U.S. Data Privacy Framework where applicable, and data processing agreements with service providers.

9. Cookie Policy

We use the following types of cookies and similar technologies:

• Essential Cookies: required for basic website functionality and security, cannot be disabled
• Functional Cookies: remember your preferences (e.g., language, theme)
• Analytics Cookies: help us understand website usage and improve services (e.g., Google Analytics)
• Marketing Cookies: used to track visitors for relevant advertising (you can opt out)

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect website functionality.

10. Your Rights

10.1 All Users

• Access and export your data
• Correct inaccurate information
• Delete your account and associated data
• Opt out of marketing communications

10.2 EEA/UK/Switzerland Residents (GDPR)

• Data Portability: receive your data in a structured, machine-readable format
• Restrict Processing: limit our processing of your data in certain circumstances
• Object: object to processing based on legitimate interests
• Withdraw Consent: where processing is based on consent
• Lodge Complaints: file a complaint with a data protection supervisory authority

10.3 California Residents (CCPA/CPRA)

• Right to Know: learn the categories of personal information we collect, use, and share
• Right to Delete: request deletion of your personal information
• Right to Non-Discrimination: exercising privacy rights will not result in discriminatory treatment
• Right to Opt-Out of Sale: we do not sell personal information, but you may still submit a do-not-sell request

To exercise these rights, contact hello@skyaiapp.com. We will respond within 30 days (extendable as permitted by law).

11. Children's Privacy

Our Services are not directed to children under 16. We do not knowingly collect personal information from children under 16. If you believe we may have collected information from a child, please contact us immediately, and we will take steps to delete that information.

12. Third-Party Links

Our Services may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third party before providing personal information to them.

13. Do Not Track Signals

There is currently no uniform technology standard for recognizing and processing "Do Not Track" (DNT) signals. Accordingly, we do not currently respond to DNT browser signals.

14. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you by posting a notice on our website, sending an email, or providing an in-service notification. Changes are effective immediately upon posting. We encourage you to review this Policy periodically. Continued use of the Services constitutes acceptance of the updated Policy.

15. Contact Us

If you have any questions, comments, or requests regarding this Privacy Policy, please contact:

For EU residents, if you believe we have not handled your personal data properly, you have the right to lodge a complaint with the data protection supervisory authority in your country.