Alphane.ai Privacy Policy

Effective Date: January 29, 2026
Version: 1.3

📌 Important Notice

Please read this Privacy Policy carefully. By using Alphane.ai services, you agree to our processing of your personal information in accordance with this policy.

Part 1: Information Collection

1. Types of Information We Collect

1.1 Information You Provide

1.1.1 Account Registration Information

Information Type	Collection Purpose	Required
Email Address	Account verification, communication	✅ Required
Password (encrypted)	Account security	✅ Required
Date of Birth	Age verification	✅ Required
Username	Account identification	⭕ Optional
Phone Number	Two-factor authentication	⭕ Optional
Profile Picture	Personalization	⭕ Optional
Gender	Personalized recommendations	⭕ Optional

1.1.2 Identity Verification Information

Type: Government-issued ID
Collection Scenarios:
- Legal requirements in certain regions
- Access to Unfiltered content area
- Creator certification application
Processing Method:
- Processed through third-party verification services
- Only verification results retained after verification
- Original documents not stored beyond 24 hours

1.1.3 User Content

Conversation Records
- All text interactions with AI characters
- Voice messages (stored as text)
- Images sent (if applicable)
Creative Content
- Character card designs (personality, background, dialogue examples)
- Story card configurations
- Community posts and comments
Memory Capsules
- Actively stored personal information
- Preference settings
- Important dates and events

1.1.4 Payment Information

Directly Collected: Billing address, payment method selection
Third-party Processed:
- Credit card information (processed by Stripe, PayPal, etc.)
- PayPal account (processed by PayPal)
- Cryptocurrency addresses (supporting USDC, USDT, and other currencies supported by payment providers)
Security Note: We do not directly store credit card numbers or CVV

1.1.5 Virtual Economy System Information

Virtual Currency
- Alphane balance
- Endora balance
- Serotile balance
- Oxytol balance
Virtual Items
- Purchase records
- Owned items
- Usage records

1.1.6 Creator Earnings Information

Creator Credits Data
- Credits ledger
- Redemption records
- Display application records
- Points rule eligibility signals
Earnings Data
- Character card play counts
- User subscription revenue share
- Virtual gift tips
- Settlement records
Withdrawal Information
- Bank account (encrypted storage)
- Tax information

1.2 Automatically Collected Information

1.2.1 Device and Technical Information

Device Information:

Device type (phone/tablet/computer)
Operating system and version
Device model
Unique device identifiers
Screen resolution

Network Information:

IP address
ISP (Internet Service Provider)
Approximate geographic location (city level)

Browser Information:

Browser type and version
Language settings
Time zone
Plugin information

1.2.2 Usage Behavior Data

Interaction Data
- Login time and frequency
- Feature usage statistics
- Clickstream data
- Page dwell time
- Search queries
AI Interaction Analysis
- Conversation rounds and duration
- Preferred character types
- Interaction time patterns
- Emotional feedback (likes/dislikes)
Performance Data
- App crash reports
- Error logs
- Load times
- API response times

1.3 Cookies and Similar Technologies

1.3.1 Cookie Types Explained

Cookie Type	Example Names	Purpose	Validity	Can Disable
Essential Cookies	session_id, auth_token	Maintain login status	Session/30 days	❌ Cannot
Functional Cookies	theme, language, preferences	Remember user settings	1 year	⭕ Optional
Analytics Cookies	_ga, _gid (Google Analytics)	Usage statistics	13 months	✅ Can disable
Performance Cookies	perf_metrics	Performance optimization	7 days	✅ Can disable
Marketing Cookies	fbp, _gcl (ad platforms)	Personalized advertising	90 days	✅ Can disable

1.3.2 Other Tracking Technologies

Local Storage: Store user preferences and temporary data
Session Storage: Store temporary information during sessions
Device Fingerprinting: Used for security and fraud prevention

1.4 Third-party Source Information

1.4.1 Social Media Login

When you use social accounts to log in, we may obtain:

Basic profile (name, avatar)
Email address
Friend list (requires additional authorization)

1.4.2 Third-party Services

Payment Processors: Transaction confirmation, refund status
Age Verification Services: Verification results (pass/fail)
Analytics Services: Aggregated usage data
Customer Service Tools: Support ticket history

Part 2: Information Use

2. Purpose and Legal Basis for Information Use

2.1 Core Service Provision

2.1.1 Account and Access Management

Purpose:

Create and maintain user accounts
Verify user identity
Provide personalized experience
Manage membership benefits

2.1.2 AI Conversation Service

Purpose:

Provide AI character interactions
Personalize AI responses
Memory capsule functionality
Sentiment analysis and feedback

2.2 Service Improvement and Development

2.2.1 AI Model Training

⚠️ Important Notice: AI Training Data Use

We may use your conversation data to train and improve AI models. This includes:

Data Processing Flow:

Original Conversations
De-identification Processing
- Remove personal identity information
- Replace sensitive data (phone numbers, addresses, etc.)
- Anonymization processing
Data Cleaning
- Filter inappropriate content
- Quality assessment
- Format standardization
Model Training
- Language understanding improvement
- Emotion recognition optimization
- Response quality enhancement

Protection Measures:

All training data is de-identified
Automatic identification and removal of sensitive information
Regular manual review of samples
Application of differential privacy techniques

Opt-out: You can opt out in [Settings→Security&Privacy→Share Usage Data]

2.2.2 Product Analysis and Optimization

Purpose:

Analyze feature usage
Identify technical issues
Optimize user experience
A/B testing

Data Used:

Aggregated usage statistics
Performance metrics
Error reports
User feedback

2.3 Security and Compliance

2.3.1 Security Protection

Purpose and Measures:

Fraud Detection: Abnormal login detection, payment fraud prevention
Account Security: Password strength check, two-factor authentication
Content Moderation: Violation detection, automatic filtering
DDoS Protection: Traffic monitoring, rate limiting

2.3.2 Legal Compliance

Scenarios:

Age verification (legal requirement)
Content moderation (community safety)
Tax reporting (income related)
Law enforcement cooperation (lawful requests)

2.4 Communication and Marketing

2.4.1 Communication Types

Communication Type	Content	Frequency	Can Unsubscribe
Service Notifications	Password reset, security alerts	As needed	❌ Cannot
Transaction Information	Order confirmation, billing	Per transaction	❌ Cannot
Product Updates	New features, important changes	Monthly	⭕ Partially
Marketing Promotions	Offers, recommendations	Weekly	✅ Can unsubscribe
Research Invitations	User surveys, feedback	Quarterly	✅ Can unsubscribe

2.5 Personalization and Recommendations

2.5.1 Personalization Mechanism

User Profile Building:

Basic Attributes
- Age group
- Language preferences
- Active time periods
Interest Tags
- Preferred character types
- Interaction styles
- Content preferences
Behavior Patterns
- Usage frequency
- Feature preferences
- Payment tendencies

Application Scenarios:

Character recommendations
Content sorting
Personalized homepage
Targeted offers

2.6 Virtual Economy System Data

2.6.1 Virtual Currency Management

Purpose:

Manage four virtual currencies (Alphane, Endora, Serotile, Oxytol)
Track transaction records
Prevent fraud and abuse
Provide gamification experience

2.6.2 Creator Earnings Management

Purpose:

Calculate creator earnings (dynamically adjusted based on membership level, creative performance, etc.)
Calculate non-cash Creator Credits and internal reward eligibility
Process settlements and withdrawals
Provide earnings reports
Tax compliance

Part 3: Information Sharing

3. Information Sharing and Disclosure

3.1 Our Commitment

🔒 Core Commitment: We will never sell your personal information to third parties.

3.2 Information Sharing Scenarios

3.2.1 Service Providers

We share necessary information with the following types of service providers:

Service Type	Provider Examples	Information Shared	Purpose
Cloud Services	AWS, Google Cloud	All user data (encrypted)	Data storage and processing
Payment Processing	Stripe, PayPal, Coinbase	Transaction info, billing address	Payment processing
Email Services	Gmail	Email, username	Send notifications
Analytics Tools	Google Analytics	Anonymous usage data	Usage analysis
CDN Services	Cloudflare, Google Cloud CDN, AWS CloudFront	IP address, request data	Content distribution

Protection Measures:

Sign Data Processing Agreements (DPA)
Regular security audits
Principle of least privilege
Encrypted transmission

3.2.2 Legal Disclosure

Mandatory Disclosure Scenarios:

Court Orders: Valid court subpoenas or judgments
Law Enforcement Requests: Investigation needs following legal procedures
National Security: Lawful requests from government security departments
Emergency Situations: Prevent serious personal injury

Transparency Commitment:

Notify users within legally permitted scope
Publish annual transparency reports
Challenge unreasonable requests

3.2.3 Business Transfers

Your information may be transferred in the following situations:

Mergers or Acquisitions: As part of assets
Bankruptcy Reorganization: According to court orders
Asset Sales: Specific business line transfers

Protection Measures:

30-day advance notice to users
Require recipients to comply with this privacy policy
Provide data deletion options

3.2.4 User-Consented Sharing

Public Content:

Public character cards
Community posts and comments
Profile information (parts you choose to make public)

User-to-User Sharing:

Friend system (if implemented)
Collaborative creation
Social features

3.3 Anonymous and Aggregated Data

We may share data that cannot identify individuals:

Uses:

Industry research reports
Public usage statistics
Academic research cooperation
Product improvement analysis

Examples:

"60% of users prefer gentle AI characters"
"8-10 PM is peak usage time"
"Average conversation duration is 15 minutes"

Part 4: Data Security

4. Data Storage and Security

4.1 Data Storage

4.1.1 Storage Locations

Global Data Center Distribution:

Primary Data Center
- Japan (Tokyo)
Backup Centers
- United States (Oregon)
- Other regions
CDN Nodes
- Global distribution (Cloudflare, AWS CloudFront, GCP Cloud CDN, etc.)

Legal Basis for Cross-border Data Transfer:

Standard Contractual Clauses (SCC): EU data transfer
APEC CBPR System: Asia-Pacific data flow
Adequacy Decisions: Qualifying jurisdictions

4.1.2 Storage Period

Data Type	Explorer (Free)	Pass/Diamond/Infinity (Paid)
Account Information	Account validity; 30 days after deactivation	Account validity; 30 days after deactivation
Conversation Records	14 days after inactivity	Continuously saved during membership; 30 days after cancellation
Memory Capsules	100 capacity	400/1500/5000 capacity
Transaction Records	-	7 years
Log Files	30 days	90 days
Backup Data	30 days	30 days

4.2 Security Measures

4.2.1 Technical Security

Encryption Standards:

Transmission Encryption:

TLS 1.3 (mandatory)
HSTS enabled
Certificate pinning
Perfect forward secrecy

Storage Encryption:

AES-256-GCM (database)
Key Management Service (KMS)
Hardware Security Module (HSM)
Full disk encryption

Access Control:

Multi-factor authentication (MFA)
Role-based access control (RBAC)
Principle of least privilege
Regular permission audits

Security Monitoring:

24/7 Security Operations Center (SOC)
Intrusion Detection System (IDS)
Anomaly behavior detection
Real-time threat intelligence

4.2.2 Organizational Security

Personnel Security:

Background checks
Confidentiality agreements
Security training
Regular security awareness testing

Physical Security:

Biometric access control
24/7 video surveillance
Environmental monitoring
Redundant power and cooling

Compliance Certifications:

ISO 27001
SOC 2 Type II
PCI DSS (payments)
GDPR compliance

4.3 Data Breach Response

4.3.1 Response Process

Incident Response Timeline:

Incident Occurs → Within 24 hours: Initial Assessment
- Confirm incident nature
- Assess impact scope
- Initiate emergency response
Within 72 hours: User Notification
- Email notification to affected users
- In-app notification
- Website announcement
Within 7 days: Remediation Measures
- System repair
- Security hardening
- User support
Within 30 days: Follow-up
- Detailed report
- Improvement plan
- Regulatory reporting

4.3.2 User Notification Content

Breach notifications will include:

Time of incident occurrence
Types of affected data
Possible impacts
Measures we have taken
Actions users should take
Contact information

Part 5: Your Rights

5. Your Privacy Rights

5.1 Universally Applicable Rights

Regardless of your location, you have the following rights:

5.1.1 Right to Access

You can request:

Whether we process your personal information
Obtain copies of personal information
Understand processing purposes and methods

How to exercise: Send email to [email protected]

Response time: Within 30 days

5.1.2 Right to Correction

Applicable scenarios:

Information is inaccurate
Information is incomplete
Information is outdated

Correction methods:

Direct modification in account settings
Contact customer service for assistance

5.1.3 Right to Deletion

You can request deletion of:

Information no longer needed
Information after consent withdrawal
Illegally processed information

Exceptions:

Legal retention requirements
Contract fulfillment needs
Public interest
Legal claims

5.1.4 Right to Restrict Processing

Applicable scenarios:

During accuracy verification period
Illegal processing but you object to deletion
We don't need it but you request retention

5.1.5 Right to Data Portability

You can:

Obtain data in machine-readable format
Request direct transfer to other service providers

Applicable data:

Data you provided
Data processed based on consent or contract

5.2 Methods to Exercise Rights

5.2.1 Self-Service

Account Settings: Directly manage most privacy options
Privacy Center: One-stop privacy management
Automated Tools: Instant processing of common requests

5.2.2 Contact Us

Email: [email protected]

5.2.3 Identity Verification

To protect your information, we may require:

Account login
Answer security questions
Provide identity proof (sensitive requests)

5.2.4 Response Time Commitment

Request Type	Automated Processing	Manual Processing	Maximum Time Limit
Data Download	Instant	24 hours	7 days
Information Correction	Instant	48 hours	14 days
Account Deletion	-	72 hours	30 days
Data Access	Instant	24 hours	30 days
Privacy Complaints	-	48-hour response	30-day resolution

Part 6: Region-Specific Provisions

6. Region-Specific Privacy Rights

6.1 🇪🇺 European Union/European Economic Area (GDPR)

6.1.1 Additional Rights

In addition to universal rights, you also have:

Right to Object:

Object to processing based on legitimate interests
Object to direct marketing
Object to research/statistical purposes (specific situations)

Automated Decision-Making:

Not subject to purely automated decisions
Request human intervention
Express views and objections

Right to Complain:

Complain to supervisory authorities
Preferred: Irish Data Protection Commission (DPC)
Or data protection authority in your country

6.1.2 Legal Basis Explanation

Processing Activity	Legal Basis	Description
Account Creation	Contract Performance	Necessary for service provision
AI Training	Legitimate Interest	Service improvement (can object)
Marketing	Consent	Requires explicit consent
Security	Legitimate Interest	Protect users and platform
Legal Compliance	Legal Obligation	Comply with applicable laws

6.1.3 Cross-border Transfer

Safeguards:

Standard Contractual Clauses (SCC)
Adequacy decisions
Binding Corporate Rules (BCR)

6.2 🇺🇸 United States

6.2.1 California (CCPA/CPRA)

Your Rights:

Right to Know: Understand categories of personal information collected
Right to Access: Obtain information from past 12 months
Right to Delete: Request deletion of personal information
Right to Opt-Out: Opt out of information "sale" (we don't sell)
Right to Non-Discrimination: Exercise rights without discrimination
Right to Correction: Correct inaccurate information
Right to Limit Use: Limit use of sensitive information

Sensitive Personal Information:

Precise geolocation
Race or ethnicity
Health information
Sexual orientation

6.2.2 Other State-Specific Rights

Virginia (VCDPA):

Rights similar to CCPA
Additional data portability rights

Colorado (CPA):

Opt out of targeted advertising
Opt out of sale
Opt out of profiling

Connecticut (CTDPA):

Combines CCPA and GDPR features
Emphasizes minor protection

6.3 🇨🇳 China (PIPL)

6.3.1 Special Requirements

Separate Consent: The following require separate consent (cannot be bundled):

Processing sensitive personal information
Providing to third parties
Cross-border transfer
Making personal information public

Sensitive Personal Information:

Biometric identification
Religious beliefs
Specific identity
Medical health
Financial accounts
Location tracking

6.3.2 Notification Obligations

Pre-processing Notification:

Processing purpose and methods
Information types
Storage period
Methods to exercise rights

Response Time:

General requests: 15 working days
Refusal must provide reasons

6.3.3 Cross-border Transfer

Requirements:

Pass security assessment or
Obtain professional institution certification or
Sign standard contract

User Rights:

Obtain overseas recipient information
Understand protection measures
Ways to exercise rights

6.4 🇯🇵 Japan (APPI)

6.4.1 Purpose of Use Notification

Clearly inform purpose of use
Purpose changes require relevance
Consent required beyond purpose

6.4.2 Third-party Provision

Situations requiring consent:

Provision to third parties (with exceptions)
Cross-border transfer to countries with inadequate protection

Exceptions (no consent required):

Entrusted processing
Business succession
Joint use (requires notification)

6.4.3 Retained Personal Data Rights

Right to disclosure request
Right to correction request
Right to cessation of use request

Part 7: Other Important Information

7. Cookie Policy

7.1 What are Cookies

Cookies are small text files stored on your device that help us:

Remember your login status
Save your preference settings
Analyze service usage
Provide personalized experiences

7.2 Cookies We Use

7.2.1 Cookie Classification Details

First-party vs Third-party Cookies:

First-party: Set directly by Alphane.ai
Third-party: Set by our partners

Session vs Persistent Cookies:

Session: Deleted after browser closes
Persistent: Retained for specified time

7.3 Managing Cookies

7.3.1 Browser Settings

All major browsers allow you to:

View cookies
Delete cookies
Block cookies
Set cookie preferences

Common Browser Settings Paths:

Chrome: Settings → Privacy and security → Cookies
Safari: Preferences → Privacy
Firefox: Settings → Privacy & Security
Edge: Settings → Privacy, search, and services

7.3.2 Our Cookie Controls

Cookie Preference Center:

☐ Essential Cookies (cannot be disabled)
☐ Functional Cookies
☐ Analytics Cookies
☐ Performance Cookies
☐ Marketing Cookies

[Save Preferences]

7.3.3 Opt-Out Links

Google Analytics: https://tools.google.com/dlpage/gaoptout
Facebook: https://www.facebook.com/ads/preferences
Network Advertising Initiative: https://optout.networkadvertising.org

8. Children's Privacy

8.1 Age Restrictions

Alphane.ai strictly prohibits use by users under 18 years old. This platform contains adult content and strictly prohibits access by minors.

8.2 Age Verification Measures

Must provide real date of birth during registration
System automatically calculates and verifies age
Enhanced verification may be required based on regional laws (ID documents, third-party verification, etc.)
False declaration will result in permanent account ban

8.3 Content Zone Management

Filtered Zone (Default)

Safe area with content filtering
Sensitive content removed or blurred
Suitable for general adult users

Unfiltered Zone (Requires Additional Verification)

Contains unfiltered adult content
Requires secondary age verification
Requires explicit consent to access
May be restricted by regional laws

8.4 Handling Discovered Minor Users

If we discover a user is under 18:

Immediately suspend account
Require age proof within 48 hours
Permanent ban if unable to provide
Delete all conversation records and personal information
Retain necessary compliance records

8.5 Parent/Guardian Responsibilities

If you discover your child using our service:

Contact immediately: [email protected]
Provide relevant information
We will handle immediately

If you are a parent or guardian, you are responsible for:

Restricting minors' access to your devices
Protecting your account credentials
Supervising minors' online activities

9. Third-party Links

9.1 External Websites

Our service may contain third-party website links:

Social media platforms
Payment services
Partner websites

9.2 Disclaimer

We do not control third-party websites
Not responsible for their privacy practices
Recommend reviewing their privacy policies

9.3 Third-party Integration

Some features involve third-party services:

Social login
Sharing features
Embedded content

10. Data Retention

10.1 Retention Principles

We retain data based on the following principles:

Necessity: Only retain for necessary periods
Purpose: Delete after achieving purpose
Legal: Comply with legal requirements
Security: Secure storage and deletion

10.2 Deletion Process

Deletion Request Processing Flow:

User requests deletion
Identity verification
Evaluate request
- Deletable data → Delete within 30 days
- Legally required retention → Notify user of reasons

10.3 Account Deactivation

After account deactivation:

Immediately: Stop service access
30 days: Retention recovery period
After the recovery period: Delete personal information
Permanently retained: Anonymized statistical data, legally required records

11. International Data Transfer

11.1 Transfer Necessity

As a global service, we need cross-border data transfer for:

Providing unified services
Technical support
Backup and recovery
Global team collaboration

11.2 Protection Measures

Technical Measures:

Transmission encryption
Access control
Audit logs

Legal Measures:

Standard contractual clauses
Adequacy decisions
Internal data agreements

11.3 Your Rights

Understand data transfer destinations
Understand protection measures
Object to transfer in certain circumstances

12. Privacy Policy Changes

12.1 Change Notifications

Notification Methods:

📧 Email notification (major changes)
📱 In-app notification
🌐 Website announcement
📅 Change log

12.2 Change Types

Change Type	Notification Time	Effective Time
Major Changes	30 days in advance	After notice period
General Changes	14 days in advance	After notice period
Clarifying Changes	Upon publication	Immediately
Legal Requirements	As soon as possible	As legally required

12.3 Disagreeing with Changes

If you disagree with changes:

Can stop using before effective date
Can request data deletion
Some changes can be opted out

13. Contact Us

13.1 Email Contact

General Support: [email protected]

Business Cooperation: [email protected]

13.2 Regulatory Authorities

If dissatisfied with our privacy practices, you can contact:

Singapore:

Personal Data Protection Commission (PDPC)

EU:

Irish Data Protection Commission (primary)
Your country's data protection authority

United States:

Federal Trade Commission (FTC)
State Attorney General's Office

China:

Cyberspace Administration of China
Local cybersecurity departments
Note: In accordance with relevant regulations, we do not provide adult restricted content to users located in mainland China, even if they are adults

Other Regions:

Please check your local data protection authority

Appendix A: Glossary of Terms

Term	Definition
Personal Information/Data	Any information that can identify a natural person
Processing	Any operation performed on personal data
Data Controller	Entity that determines processing purposes and methods
Data Processor	Entity that processes data on behalf of controller
Consent	Free, specific, informed expression of will
Anonymization	Permanently removing identifiable information
Pseudonymization	Replacing identity identifiers
Encryption	Converting data to ciphertext
Data Breach	Security incident resulting in accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data

Appendix B: Record of Processing Activities

Processing Activity	Data Type	Purpose	Legal Basis	Retention Period	Recipients
Account Management	Name, email, password	Service provision	Contract	Account validity; 30 days after deactivation	Cloud service providers
AI Conversations	Conversation content	AI interaction	Contract	14 days after inactivity; during membership with 30 days after cancellation	AI service providers
Payment Processing	Payment information	Transaction processing	Contract	7 years	Payment processors
Marketing	Email, preferences	Send marketing	Consent	Until consent withdrawal	Email service providers
Security	IP, device info	Security protection	Legitimate interest	90 days	Security service providers
Creator Earnings	Work data, earnings calculation	Earnings settlement	Contract	7 years	Tax authorities

Appendix C: Detailed Cookie List

Cookie Name	Type	Purpose	Validity	Provider
session_id	Essential	Session management	Session	Alphane.ai
auth_token	Essential	Authentication	30 days	Alphane.ai
theme	Functional	Theme preference	1 year	Alphane.ai
language	Functional	Language setting	1 year	Alphane.ai
_ga	Analytics	Google Analytics	13 months	Google
_fbp	Marketing	Facebook Pixel	90 days	Facebook

Language Versions

This Privacy Policy is available in the following languages:

🇨🇳 中文（简体）
🇺🇸 English
🇯🇵 日本語

In case of conflict, the Chinese version shall prevail.

Last Updated: January 29, 2026