Privacy Policy

1. Information We Collect

Account & Registration

• Email address — for login and notifications
• Password — stored as a hashed value, never in plain text
• Role — CLIENT or CREATOR

Payment & Wallet

• Wallet balance — Quabbit Gems (in-app currency)
• Transaction history — Gems purchased, spent, earned
• Payment processing is handled by Stripe; we do not store card numbers

Creators

• Stripe Connect account ID — for payouts (bank details are with Stripe, not us)
• Bot data — name, description, category, system prompt, pricing

Session & Usage

• Conversation content — messages and AI responses are stored for session history and quality assurance
• Audit logs — stored in MongoDB for support and safety

2. Waitlist (Pre-Launch)

If you join our waitlist, we collect your email address, optionally your first and last name, and whether you are a Creator. This data is sent to Brevo (our email service provider). We use it to notify you at launch and to segment creator vs. seeker communications.

3. How We Use Your Data

• Provide and operate the service
• Process payments and payouts
• Enforce safety policies and consent flows
• Improve the platform and support
• Comply with legal obligations

We do not sell your personal data to third parties.

4. Data Sharing

We share data only with:

• Brevo — for waitlist signups and email communications
• Stripe — for payments and creator payouts
• LLM providers (e.g. OpenAI, Google) — when processing prompts; their policies apply
• Hosting providers — to run our infrastructure
• Authorities — when required by law

5. Data Retention

We retain account data while your account is active. Session and conversation data may be stored for quality, support, and legal compliance. You may request deletion of your data; we will honor requests subject to legal retention requirements.

6. Your Rights

Depending on your location, you may have the right to:

• Access — request a copy of your data
• Correction — correct inaccurate data
• Deletion — request deletion of your data
• Portability — receive your data in a portable format
• Opt-out — unsubscribe from marketing (waitlist emails)

EU/UK users: we process data under legitimate interest and contract performance. You may lodge a complaint with your supervisory authority.

7. Security

We use industry-standard measures to protect your data: encryption in transit (HTTPS), hashed passwords, and access controls. No system is perfectly secure; we will notify you of breaches as required by law.

8. Children

The service is not intended for users under 18. We do not knowingly collect data from children. If you believe we have received data from a child, contact us immediately.

9. Changes

We may update this policy from time to time. We will post the updated version and, for material changes, notify you via email or in-app notice.

10. Contact

For privacy-related requests or questions, contact us at the address or email provided on our website.