Privacy Policy

Service Provision

• Provide and maintain the NarodGPT platform and services
• Process AI chat requests and generate responses using your knowledge base
• Manage user accounts, authentication, and access control
• Handle billing, subscription management, and payment processing
• Enable integrations with third-party services (Crisp, Google Calendar, etc.)

Communication and Support

• Send important service updates, security alerts, and notifications
• Respond to support requests, inquiries, and feedback
• Provide customer support and technical assistance
• Send verification emails and account-related communications

Service Improvement and Analytics

• Analyze usage patterns to improve service performance and features
• Monitor system performance and identify technical issues
• Develop new features and enhance existing functionality
• Conduct research and analytics to improve AI responses

Legal and Security

• Ensure platform security and prevent abuse, fraud, or unauthorized access
• Comply with legal obligations, regulatory requirements, and court orders
• Protect our rights and the rights of our users, including intellectual property rights
• Investigate and prevent violations of our Terms of Service
• Detect and prevent billing fraud, subscription abuse, and payment disputes
• Maintain audit trails for compliance with financial regulations (SOX, PCI DSS)
• Enforce rate limits and prevent abuse of our systems
• Respond to law enforcement requests and subpoenas as required by law

Third-Party Service Providers

We work with trusted third-party providers to deliver our service. These providers have access to your information only to perform specific tasks on our behalf and are obligated not to disclose or use it for other purposes:

• OpenAI: AI model processing for generating responses (subject to their privacy policy)
• Stripe: Payment processing and billing management
• Google: Calendar integration and OAuth authentication
• Railway: Cloud hosting and infrastructure services
• Email Service Providers: Transactional email delivery

Business Transfers

If NarodGPT is involved in a merger, acquisition, or asset sale, your personal information may be transferred. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy.

Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

We Never Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes. Your data is only shared as necessary to provide our service or as required by law.

Security Measures

• Encryption: Data encrypted in transit using TLS/SSL and at rest using AES-256
• Access Controls: Role-based access controls, multi-factor authentication, and user verification
• Infrastructure Security: Secure cloud infrastructure with regular security updates and monitoring
• Fraud Detection: Advanced fraud detection systems monitor billing and subscription activities
• Rate Limiting: Automated systems prevent abuse and protect against unauthorized access
• SQL Injection Prevention: Input validation and parameterized queries protect against injection attacks
• Monitoring: 24/7 security monitoring, intrusion detection, and automated threat response
• Audits: Regular security audits, vulnerability assessments, and compliance reviews
• Employee Training: Security awareness training and background checks for all team members
• Incident Response: Comprehensive incident response plan and breach notification procedures

Data Retention

• Account Data: Retained while your account is active and for 30 days after deletion
• Chat Conversations: Retained for service improvement, anonymized after 90 days
• Knowledge Base Content: Retained until you delete it or close your account
• Billing Records: Retained for 7 years as required by law and regulatory compliance
• Security Audit Logs: Retained for 3 years for fraud detection and compliance purposes
• Billing Operation Logs: Retained for 7 years for financial audits and dispute resolution
• Log Data: Retained for 12 months for security, debugging, and compliance purposes
• Fraud Detection Data: Retained as long as necessary for ongoing fraud prevention and legal compliance

Data Breach Response

In the event of a data breach, we will notify affected users within 72 hours and provide details about the incident, potential impact, and steps being taken to address the issue.

Data Access and Control

• Access: Request a copy of your personal data we hold
• Correction: Update or correct inaccurate personal information
• Deletion: Request deletion of your account and associated data
• Portability: Export your data in a machine-readable format
• Restriction: Request limitation of processing of your personal data
• Objection: Object to processing of your personal data for certain purposes

Communication Preferences

• Opt out of marketing communications (service communications will continue)
• Control notification settings in your account dashboard
• Manage email preferences and frequency

Account Deletion

You can delete your account at any time through your account settings or by contacting support. Upon deletion, we will remove your personal data within 30 days, except for data we are required to retain by law.

Types of Cookies We Use

• Essential Cookies: Required for basic site functionality, authentication, and security
• Preference Cookies: Remember your settings and preferences
• Analytics Cookies: Help us understand how you use our service to improve it
• Security Cookies: Detect suspicious activity and prevent fraud

Managing Cookies

You can control cookies through your browser settings. However, disabling certain cookies may limit your ability to use some features of our service.

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data in accordance with this privacy policy and applicable data protection laws.

For transfers outside the European Economic Area (EEA), we use Standard Contractual Clauses approved by the European Commission or other appropriate safeguards.

Our service is not intended for children under 16 years of age (or 13 in the United States). We do not knowingly collect personal information from children under these ages. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

European Union (GDPR)

If you are located in the EU, you have additional rights under the General Data Protection Regulation (GDPR), including the right to lodge a complaint with a supervisory authority.

California (CCPA)

California residents have specific rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected and the right to delete personal information.

Other Jurisdictions

We comply with applicable data protection laws in all jurisdictions where we operate.

We may update this privacy policy from time to time. We will notify you of any material changes by posting the new privacy policy on this page and updating the "Last updated" date. For significant changes, we will provide additional notice via email or prominent notice on our service.

Your continued use of the service after any changes indicates your acceptance of the updated privacy policy.

Security Incident Response

NarodGPT, LLC maintains comprehensive security measures and incident response procedures. In the event of any security incident:

• We will investigate and respond promptly according to our incident response plan
• Affected users will be notified within 72 hours as required by applicable law
• We will take immediate steps to contain and remediate any security issues
• Law enforcement will be contacted if criminal activity is suspected

Limitation of Liability for Data Breaches

While we implement industry-standard security measures, no system is 100% secure. By using our service, you acknowledge that:

• NarodGPT, LLC's liability for any data breach is limited to the maximum extent permitted by law
• Our total liability for data security incidents shall not exceed the amount you paid us in the 12 months prior to the incident
• We are not liable for breaches caused by third-party services (Stripe, OpenAI, Google, etc.) beyond our control
• Users are responsible for maintaining the security of their own accounts and passwords

User Responsibilities

• Use strong, unique passwords and enable two-factor authentication when available
• Report suspected security issues or unauthorized access immediately
• Do not share account credentials or access with unauthorized individuals
• Review account activity regularly and report suspicious transactions

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Company: NarodGPT, LLC
• Email: [email protected]
• Support: [email protected]
• Data Protection Officer: [email protected]
• Legal: [email protected]
• Address: 8004 NE 163rd Ave, Vancouver, WA 98682