Effective date: February 1, 2025 — Last updated: February 11, 2025
This Privacy Policy ("Policy") describes how Elyvie ("we," "us," or "our") collects, uses, stores, shares, and protects information obtained from users ("you" or "your") of the Elyvie platform, including the website, web application, application programming interfaces, and all related services (collectively, the "Service"). By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Policy. If you do not agree with any part of this Policy, you must immediately discontinue use of the Service. This Policy applies to all users of the Service, regardless of geographic location. Where local data protection laws impose additional requirements (including but not limited to the European Union General Data Protection Regulation, the California Consumer Privacy Act, and Taiwan's Personal Data Protection Act), we will comply with those requirements as applicable to you.
We collect the following categories of information: (a) Account Information. When you create an account, we collect your email address (if you sign in via Google OAuth) or your public blockchain wallet address (if you sign in via cryptocurrency wallet). If you authenticate through Google, we may also receive your display name and profile photo as provided by Google's OAuth API. (b) Conversation Data. We collect and store the text content of messages you exchange with AI characters on the Service, including user-submitted messages and AI-generated responses. This data is used to maintain conversation history, enable the character memory feature, and provide continuity across sessions. (c) User-Uploaded Content. If you use features such as face swap or image upload, we collect the images and files you submit. These files are processed for the specific feature requested and may be stored temporarily or persistently as described in this Policy. (d) Payment and Transaction Data. When you purchase credits, we process payment through on-chain blockchain transactions on supported networks (including but not limited to Polygon and Binance Smart Chain). We store the blockchain transaction hash, the amount of credits purchased, and the associated wallet address. We do not collect or store private keys, seed phrases, or other wallet credentials. (e) Automatically Collected Technical Data. When you access the Service, we automatically collect certain technical information, including: your Internet Protocol (IP) address; browser type and version; operating system; device type and screen resolution; referring URL; pages visited and features used within the Service; date, time, and duration of your sessions; and language preferences. (f) Cookies and Local Storage. We use cookies and browser local storage mechanisms to maintain authentication state, store session identifiers, and remember user preferences. For further details, see Section 8 (Cookies and Tracking Technologies) below. (g) AI Interaction Metadata. We collect metadata about your interactions with AI characters, including message timestamps, conversation identifiers, character identifiers, relationship stage progression, and media files sent or received within conversations.
We process your personal data on the following legal bases: (a) Contractual Necessity. Processing of account information, conversation data, and payment data is necessary for the performance of the contract between you and Elyvie (i.e., providing the Service you have requested). (b) Legitimate Interests. We process technical data, usage analytics, and AI interaction metadata for our legitimate interests in maintaining the security, stability, and performance of the Service; preventing fraud and abuse; and improving the user experience. These interests are balanced against your rights and freedoms. (c) Consent. Where required by applicable law, we obtain your consent before processing certain categories of personal data. You may withdraw your consent at any time by contacting us, though withdrawal does not affect the lawfulness of processing performed prior to withdrawal. (d) Legal Obligation. We may process personal data as necessary to comply with applicable legal obligations, including responding to lawful requests from government authorities.
We use the information we collect for the following purposes: (a) Service Delivery. To create and manage your account; to authenticate your identity; to provide AI-powered conversation features including character memory and relationship progression; to generate images based on your requests; to process credit purchases and maintain your credit balance; and to deliver media content within conversations. (b) Service Improvement. To analyze usage patterns and identify areas for improvement; to monitor and optimize the performance, reliability, and availability of the Service; to develop new features and functionality; and to conduct internal research and analytics. (c) Security and Fraud Prevention. To detect, investigate, and prevent fraudulent transactions, unauthorized access, and other illegal activities; to enforce our Terms of Service; to monitor for abuse of free credit systems; and to protect the rights, property, and safety of Elyvie, our users, and the public. (d) Communication. To send you Service-related notifications, including account verification, payment confirmations, and important updates about the Service. We do not send marketing emails unless you have explicitly opted in. (e) Legal Compliance. To comply with applicable laws, regulations, legal processes, or governmental requests; to establish, exercise, or defend legal claims; and to enforce our agreements and policies.
The Service uses third-party artificial intelligence models to generate conversational responses and images. The following data practices apply to AI-generated content: (a) No Training on User Data. We do not use your conversations, uploaded images, or any other user-generated content to train, fine-tune, or otherwise improve AI models. Your data is used solely for the purpose of providing the Service to you. (b) Character Memory System. The Service employs a memory system that extracts and stores key facts from your conversations (such as your stated preferences, interests, and biographical details you choose to share) to enable AI characters to maintain continuity across sessions. This memory data is strictly scoped to your account and the specific character — it is never shared with other users or across characters. (c) Conversation Summarization. For longer conversations, the Service generates compressed summaries of older messages to maintain context while managing data efficiently. These summaries are stored in association with your conversation record. (d) Temporary Processing. Content you submit for AI image generation is transmitted to third-party AI model providers for processing. We do not control the data retention practices of these providers, and we encourage you to review their respective privacy policies. (e) Content Deletion. You may delete individual conversations or your entire conversation history at any time through the Service interface. Upon deletion, associated conversation data, memory records, and summaries will be permanently removed from our active systems within a reasonable timeframe, subject to any backup retention periods described in Section 7.
We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your information in the following limited circumstances: (a) Third-Party Service Providers. We engage third-party service providers to perform functions on our behalf, including: cloud hosting and database services (Supabase); authentication services (Google OAuth); blockchain transaction processing; AI model inference (for conversation generation and image generation); and content delivery networks. These providers are contractually obligated to use your information only for the purposes of providing services to us and in accordance with this Policy. (b) Blockchain Transactions. When you make a payment using cryptocurrency, the transaction is recorded on the applicable public blockchain. Blockchain transactions are inherently public and immutable. We have no ability to delete, modify, or restrict access to information recorded on a public blockchain. (c) Legal Requirements. We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or if we believe in good faith that disclosure is necessary to: comply with a legal obligation; protect and defend our rights or property; prevent fraud or other illegal activity; protect the personal safety of users or the public; or protect against legal liability. (d) Business Transfers. In the event of a merger, acquisition, reorganization, bankruptcy, or other similar event, your information may be transferred as part of the transaction. We will notify you via the Service or by email of any such change in ownership or control of your personal data. (e) With Your Consent. We may share your information with third parties when you have given us explicit consent to do so.
We retain your personal data for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law. (a) Account Data. Your account information is retained for the duration of your account's existence. If you delete your account, we will delete or anonymize your account data within thirty (30) days, except as required for legal compliance or legitimate business purposes. (b) Conversation Data. Conversation history, character memories, and conversation summaries are retained for the duration of your account unless you delete them earlier through the Service interface. (c) Payment Records. Transaction records, including blockchain transaction hashes and credit purchase history, are retained for a minimum of five (5) years for financial record-keeping and legal compliance purposes. (d) Technical Logs. Server logs, access logs, and error logs containing technical data are retained for a maximum of ninety (90) days, after which they are automatically purged. (e) Backup Copies. Backup copies of data may persist in our backup systems for up to thirty (30) days after deletion from active systems. Backups are encrypted and access-controlled.
We use the following cookies and similar technologies: (a) Essential Cookies. We use strictly necessary cookies to maintain your authentication session and to remember your language preference. These cookies are required for the Service to function and cannot be disabled without impairing core functionality. Specifically, we set an HTTP-only, secure authentication cookie upon sign-in that contains an encrypted session token. (b) Local Storage. We use browser local storage to persist non-sensitive preferences, such as UI state and dismissed notification flags. This data is stored locally on your device and is not transmitted to our servers. (c) No Advertising or Analytics Cookies. We do not use third-party advertising cookies, social media tracking pixels, or third-party analytics services that track your activity across other websites. We do not participate in cross-site behavioral advertising. You may configure your browser to refuse cookies or to alert you when cookies are being sent. However, disabling essential cookies will prevent you from using authenticated features of the Service.
We implement and maintain reasonable administrative, technical, and physical safeguards designed to protect your personal data from unauthorized access, use, alteration, and destruction. These measures include but are not limited to: (a) Encryption in transit using TLS 1.2 or higher for all communications between your browser and our servers. (b) Encryption at rest for all stored personal data, including database records and file storage. (c) HTTP-only and Secure-flagged authentication cookies to prevent cross-site scripting (XSS) attacks and man-in-the-middle interception. (d) Role-based access controls limiting internal access to personal data to authorized personnel on a need-to-know basis. (e) Regular security assessments and monitoring of our systems and infrastructure. Notwithstanding the foregoing, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee its absolute security. You are responsible for maintaining the confidentiality of your account credentials and for any activity that occurs under your account.
The Service is operated from servers that may be located in various jurisdictions. If you access the Service from outside the jurisdiction in which our servers are located, your information may be transferred to, stored in, and processed in a jurisdiction that may not provide the same level of data protection as your home jurisdiction. By using the Service, you consent to such transfers. Where required by applicable law, we will ensure that appropriate safeguards are in place to protect your personal data in connection with any international transfer.
Depending on your jurisdiction, you may have the following rights with respect to your personal data: (a) Right of Access. You may request a copy of the personal data we hold about you. (b) Right of Rectification. You may request that we correct any inaccurate or incomplete personal data. (c) Right of Erasure. You may request that we delete your personal data, subject to certain exceptions (such as data retained for legal compliance). (d) Right to Restrict Processing. You may request that we restrict the processing of your personal data under certain circumstances. (e) Right to Data Portability. You may request that we provide your personal data in a structured, commonly used, and machine-readable format. (f) Right to Object. You may object to our processing of your personal data based on legitimate interests. (g) Right to Withdraw Consent. Where processing is based on consent, you may withdraw your consent at any time. To exercise any of these rights, please contact us using the information provided in Section 14. We will respond to your request within the timeframe required by applicable law (typically thirty (30) days). We may require verification of your identity before processing your request. You may also delete your conversation history and associated character memories directly within the Service at any time without needing to contact us.
The Service is not directed to individuals under the age of eighteen (18). We do not knowingly collect personal data from children under 18. If we become aware that we have collected personal data from a child under 18, we will take immediate steps to delete such data from our systems. If you believe that a child under 18 has provided us with personal data, please contact us immediately using the information provided in Section 14.
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by updating the "Last updated" date at the top of this Policy and, where appropriate, by providing additional notice through the Service interface. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised Policy. We encourage you to review this Policy periodically to stay informed about how we protect your information.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: Run Labs LLC (Elyvie) 30 N Gould St Ste R, Sheridan, WY 82801 Email: jenny@elyvie.ai We will endeavor to respond to all legitimate inquiries within a reasonable timeframe. If you are not satisfied with our response, you may have the right to lodge a complaint with your local data protection authority.
The Service may contain links to or integrations with third-party websites, services, or applications that are not operated or controlled by us. This Privacy Policy does not apply to any third-party services. We are not responsible for the privacy practices, content, or security of any third-party services. We encourage you to review the privacy policies of any third-party services before providing them with your personal data. Our use of third-party services includes, but is not limited to: (a) Authentication providers (Google OAuth, blockchain wallet providers). (b) AI model providers for chat, image generation, and content analysis. (c) Blockchain networks for payment processing. (d) Analytics services for improving the Service. Each of these third parties has its own privacy policy governing how it handles your data.
Some web browsers transmit "Do Not Track" (DNT) signals to websites. Because there is no universally accepted standard for how to respond to DNT signals, the Service does not currently respond to or alter its practices when it receives DNT signals from your browser. However, you may manage your cookie preferences and tracking settings as described in Section 8 of this Policy.
If you are a resident of California or another US state with applicable privacy legislation (such as the California Consumer Privacy Act, as amended by the CPRA, or similar laws in Virginia, Colorado, Connecticut, or other states), you may have additional rights regarding your personal data, including: (a) The right to know what personal data we collect, use, disclose, and sell or share. (b) The right to request deletion of your personal data. (c) The right to opt out of the sale or sharing of your personal data. We do not sell your personal data. (d) The right to non-discrimination for exercising your privacy rights. (e) The right to correct inaccurate personal data. To exercise these rights, please contact us using the information provided in Section 14. We will verify your identity before processing your request. You may also designate an authorized agent to make a request on your behalf.
If you are located in the European Union, European Economic Area, or the United Kingdom, you have specific rights under the General Data Protection Regulation (GDPR) or the UK GDPR, as outlined in Section 11 of this Policy. In addition: (a) Legal Basis. We process your personal data only when we have a valid legal basis, as described in Section 3. (b) Data Protection Officer. You may contact us regarding data protection matters using the information in Section 14. (c) Supervisory Authority. You have the right to lodge a complaint with your local data protection supervisory authority if you believe our processing of your personal data violates applicable law. (d) Cross-Border Transfers. When we transfer your personal data outside of the EU/EEA or UK, we ensure that appropriate safeguards are in place, as described in Section 10.
This Privacy Policy shall be governed by and construed in accordance with the laws of the Republic of China (Taiwan), without regard to its conflict of law provisions. Any disputes arising out of or relating to this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of Taiwan, unless otherwise required by applicable data protection law in your jurisdiction.
If any provision of this Privacy Policy is found to be invalid, illegal, or unenforceable by a court of competent jurisdiction, such invalidity, illegality, or unenforceability shall not affect the remaining provisions of this Policy, which shall continue in full force and effect. The invalid or unenforceable provision shall be modified to the minimum extent necessary to make it valid, legal, and enforceable while preserving its original intent as closely as possible.