This Privacy and Cookies Policy describes the privacy practices relating to information that Skitto AI Sub. (“Skitto AI”, “we,” “us,” “our”) collects and uses on our websites that link to this policy, such as www.skittoai.com website where this policy is displayed (collectively, our “Site”), as well as through our analytics technology services that our clients use on their websites and their mobile applications (our “Services”). We process your data in accordance with applicable laws and regulations, following industry best practices for data protection and AI safety. This Privacy Policy is designed to help you understand how we collect, use, share, and protect your information.
Purpose and Scope
This Privacy Policy applies to information we collect:
- Through our Services (websites, apps, extensions, APIs)
- When you interact with us on third-party sites
- Through other offline interactions
This policy does NOT apply to:
- Third-party websites linked from our Services
- Information collected by our Users about their own customers
- Services provided by third parties
Information We Collect
Information You Provide Directly
Account Information: When you create an account, we collect your name, email address, and account credentials.
User Content: We collect the content you provide when using our Services, including:
- Text inputs, prompts, and queries you submit
- Documents, images, and files you upload
- Conversation history with our AI models
- Feedback and ratings you provide
Payment Information: When you purchase subscriptions or services, we collect payment details (processed securely through third-party payment processors).
Communications: Information you provide when you contact our support team or participate in surveys.
Information We Collect Automatically
Usage Information: We collect information about how you interact with our Services, including:
- Features used and actions taken
- Time spent on different parts of the Services
- Frequency and duration of use
- Performance metrics and error reports
Device Information: We collect:
- Device type, operating system, and browser type
- IP address and approximate location
- Device identifiers and advertising IDs
- Network and connection information
Cookies and Similar Technologies: We use cookies, web beacons, and similar technologies to collect information about your browsing activities. See our Cookie Policy below for details.
Information from Third Parties
- OAuth Providers: When you sign in using Google, Apple, or other OAuth providers, we receive basic profile information.
- Cloud Storage Services: When you connect cloud storage accounts (e.g., Google Drive, Dropbox), we access only the files you choose to process.
- Analytics Providers: We receive aggregated analytics data about Service usage from our analytics partners.
How We Use Your Information
We use the information we collect to:
Provide and Improve Our Services
- Process your requests and provide AI-generated responses
- Personalize your experience and remember your preferences
- Develop, test, and improve our AI models and Services
- Analyze usage patterns to enhance functionality
Communicate with You
- Send service-related notifications and updates
- Respond to your inquiries and provide customer support
- Send marketing communications (with your consent where required)
- Inform you about new features and offerings
Ensure Safety and Security
- Detect, prevent, and address fraud, abuse, and security issues
- Monitor and enforce compliance with our Terms of Service
- Protect our users, employees, and the public
Business Operations
- Process transactions and payments
- Provide customer support
- Conduct business analytics
- Manage our business relationships
Comply with Legal Obligations
- Respond to legal requests and prevent harm
- Comply with applicable laws and regulations
- Establish, exercise, or defend legal claims
Lawful Bases for Processing
We process your personal data only when permitted under applicable data protection laws. Our processing activities are based on one or more of the following lawful grounds:
Consent
We rely on your freely given, specific, informed, and unambiguous consent to process your data for:
- Sending marketing or promotional communications
- Personalizing advertisements (interest-based advertising)
- Using optional cookies and similar technologies. You may withdraw your consent at any time by adjusting your preferences in account settings or by contacting us.
Performance of a Contract
We process your data to provide the Services you request under our Terms of Service, including:
- Creating and managing your user account
- Providing access to AI models and processing your content (e.g., prompts, files)
- Managing subscriptions and transactions
Legal Obligation
We may process your data to comply with applicable legal obligations, such as:
- Tax and accounting requirements
- Responding to lawful data access requests from regulators or authorities
Legitimate Interests
We process your data when it is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. This includes:
- Improving and securing our Services
- Detecting and preventing fraud, abuse, or misuse
- Aggregating usage patterns to refine AI models
- Ensuring network and information security
Establishment, Exercise, or Defence of Legal Claims
Where necessary, we may process your data in connection with the exercise or defence of legal claims, including dispute resolution or investigations.
How We Share Your Information
We do not sell your personal information. We share information in the following circumstances:
Service Providers
We share information with third-party service providers who help us operate our Services, including:
- Cloud Hosting and Infrastructure Providers — We use third-party cloud hosting and infrastructure providers to operate and maintain our website and services. These providers store and process data on secure servers in various regions to ensure availability, scalability, and performance.
- Payment Processors (Stripe) — If you make a purchase, your payment information is processed securely by third-party payment providers. We do not store full credit/debit card details on our servers.
- Analytics and Monitoring Services — We use analytics and monitoring tools to understand how our website is used, identify performance issues, and improve user experience.
- Customer Support Tools (Tawk.to) — We use Tawk.to for real-time assistance. When you use the chat feature, Tawk.to may collect your IP address, browser details, and any information you voluntarily provide.
- Email Service Providers — We use third-party email services to send account-related emails and optional newsletters (with consent).
- jsDelivr (CDN) — We use jsDelivr to serve static assets like JavaScript libraries and stylesheets quickly from servers closest to the user.
- Twitter (X) — Our website includes a link to our profile on Twitter (X). No personal data is transferred simply by visiting our website.
- YouTube — We may embed YouTube videos. When you view them, Google may collect your IP address, device type, and interaction history.
- Google APIs — We use various Google APIs (e.g., Google Fonts) to enhance functionality. These APIs may collect technical information such as browser version.
- Cloudflare — We use Cloudflare for content delivery, DDoS protection, and speed optimization. Cloudflare may log anonymized IP address and security headers.
- Vercel — Our website is hosted on Vercel. When you visit our site, Vercel may log access data (e.g., IP address, browser type, date/time).
API and Integration Partners
If you connect third-party services, we may share data as necessary to provide integrated functionality.
Legal Requirements
We may disclose information if required to do so by law or in response to valid legal requests from public authorities.
Business Transfers
If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
Safety and Protection
- Prevent fraud, abuse, or illegal activities
- Protect our users, employees, and the public
- Enforce our Terms of Service
Consent
We may share your information with your explicit consent or at your direction. Where we rely on your consent to process personal data, you may withdraw that consent at any time by updating your account settings or contacting us at https://discord.com/invite/3HZmRKHBM
Aggregated or De-identified Information
We may share aggregated or de-identified information that cannot reasonably be used to identify you. Access to your information is limited to authorized employees, contractors, and service providers who require it to perform their duties.
Data Retention
We retain your information for as long as necessary to:
- Provide our Services to you
- Comply with legal obligations
- Resolve disputes and enforce agreements
- Improve our Services and AI models
Specific retention periods:
- Account Information: Retained until account deletion plus any legally required period
- User Content: Retained for 30 days after deletion request (unless required by law to retain longer)
- Usage Data: Retained for up to 2 years
- Marketing Data: Retained until you unsubscribe
Your Rights and Choices
Data Security
We implement appropriate technical and organizational measures to protect your information, including:
- Encryption in transit and at rest
- Access controls and authentication
- Regular security assessments
- Employee training on data protection
However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security. In the event of a data breach affecting your personal information, we will notify you and any applicable regulators within the timelines prescribed by law.
International Data Transfers
Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers, including:
- Standard contractual clauses
- Adequacy decisions
- Other mechanisms approved by the relevant authorities
Sensitive Information
We do not intentionally collect sensitive personal information (e.g., health data, religious beliefs, political opinions). If you provide such information in prompts or content, you do so at your own discretion.
Children’s Privacy
Our Services are not intended for children under 16 (or applicable age of digital consent in your jurisdiction). We do not knowingly collect information from children. If we learn we have collected information from a child without proper consent, we will delete it promptly. Parents or guardians who believe we may have collected information from their child should contact us immediately.
Account Registration and Login
We offer users the ability to register and log in to our platform either by creating a dedicated account or by using a third-party authentication provider such as Google.
Standard Registration
When registering using the standard form, the following personal data is collected:
- Name* – Used to personalize your account and communications.
- Email Address* – Used for account identification, communication, and password recovery.
- Password* – Used to securely access your account. Passwords are stored in an encrypted form and cannot be accessed by us.
These data fields are mandatory in order to create and maintain a secure user account.
Login via Google (OAuth)
As an alternative, you may choose to log in using your existing Google account. If you do so, we will receive certain information from Google, specifically:
- Your full name
- Email address
- Google profile picture (optional)
This data is used solely for authentication and account creation/login purposes. We do not gain access to your Google password or any other data beyond what is explicitly authorized.
Data Retention
We retain your registration data for as long as your account remains active. You may request deletion of your account at any time.
Third-Party Links and Services
Our Services may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing them with personal information.
Social Media Links (Twitter/X, LinkedIn, Instagram, YouTube)
Our website includes icons or buttons that link to our official profiles on social media platforms, including:
- X (formerly Twitter)
- YouTube
These buttons function solely as external links. When you click on one of these icons, you are redirected to the respective platform. No personal data is transferred to these platforms simply by visiting our website.
Please note that once you are on these external sites, their own privacy policies and terms of service apply. We do not control how these platforms collect or process your personal data.
Updates to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes through the Services or by email. The ‘Effective Date’ at the top indicates when this Policy was last revised.
AI-Specific Privacy Practices
Your AI Content
- You retain ownership of your input prompts and any original content you provide.
- AI-generated outputs are provided under our Terms of Service.
- We do not claim ownership of AI outputs generated for you.
- You are responsible for reviewing and using AI outputs appropriately.
- AI-generated outputs may sometimes be factually inaccurate or inappropriate. You are solely responsible for verifying AI responses before relying on them for decision-making.
- While you retain ownership of your inputs, you are solely responsible for ensuring your use of our AI tools complies with applicable laws and does not infringe third-party rights.
AI Safety and Ethics
We are committed to responsible AI development and deployment:
- Regular safety testing and evaluation.
- Bias mitigation efforts.
- Transparency about AI capabilities and limitations.
- User education about responsible AI use.
Data Processing for Business Users
If you use our Services on behalf of an organization:
- Your organization may have additional policies governing your use.
- We may share your information with your organization’s administrators.
- Your organization is responsible for its own privacy practices.
For enterprise customers, we offer Data Processing Agreements (DPAs). Contact https://discord.com/invite/3HZmRKHBM to request a DPA.
Marketing and Advertising
We may use your information for marketing purposes:
- Direct Marketing: With your consent, we send promotional emails about new features, services, and offers.
- Interest-Based Advertising: We may show you targeted ads based on your activity using tracking technologies and behavioral signals via platforms such as Google or Facebook. You can opt out through Ad Settings shared in our cookie policy.
- Referral Programs: If you participate, we process data necessary to track referrals.
You can opt out of marketing at any time through your account settings or by clicking ‘unsubscribe’ in our emails.
Automated Decision Making
We use automated systems for:
- Fraud detection and prevention.
- Content moderation.
- Service personalization.
- Determining service eligibility.
You have the right to request human review of significant automated decisions that affect you. If you disagree with our decision on any request, you may appeal by contacting us at https://discord.com/invite/3HZmRKHBM within 30 days of communication of such a decision to you.
Impact Assessment
We conduct privacy and data protection impact assessments where required by law, particularly for high-risk features involving automated decision-making or large-scale processing.
Data Captured on Our Mobile Apps
We capture the following data across our mobile apps (Skitto AI):
- Firebase Analytics – Helps us understand how users interact with our website by collecting information about mouse movements, clicks, and scrolling behavior.
- Facebook Events – Helps us measure, optimize, and build audiences for our advertising campaigns. It allows us to track conversions from Facebook ads and remarket to qualified leads.
- TikTok Events – Helps us measure, optimize, and build audiences for our advertising campaigns on TikTok.
- Microsoft Clarity – Helps us understand how users interact with our website by collecting information about mouse movements, clicks, and scrolling behavior.
California (CCPA)
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):
- Right to Know: Request information about categories and specific pieces of personal information collected.
- Right to Delete: Request deletion of personal information (subject to exceptions).
- Right to Opt-Out: We do not sell personal information.
- Right to Non-Discrimination: Not be discriminated against for exercising privacy rights.
End User License Agreement (EULA)
Your use of our applications may be governed by platform-specific End User License Agreements:
- iOS App: Apple Standard EULA.
- Android App: Google Play Terms of Service.
- Browser Extensions: Respective browser store terms.