MobyDick AI
================================================================================
PRIVACY POLICY
================================================================================
Last Updated: December 15, 2025
Version: 1.1
This Privacy Policy explains how MobyDick AI ("we," "us," "our," or the
"Platform") collects, uses, stores, and protects your personal information
when you use our AI-powered content generation service.
This policy is designed to comply with applicable data protection laws,
including the EU General Data Protection Regulation (GDPR) and the California
Consumer Privacy Act (CCPA).
================================================================================
PLAIN LANGUAGE SUMMARY
================================================================================
Before the legal details, here's what you need to know in plain English:
1. WHAT WE COLLECT: Your email, name, the content you create, and basic
usage data. We don't collect data we don't need.
2. WHY WE COLLECT IT: To provide the service, process payments, and
improve the product. That's it.
3. AI PROCESSING: When you generate content, your inputs go to Google's
AI services. We can't control how Google handles that data.
4. COOKIES: We use essential cookies to keep you logged in. No tracking
cookies, no advertising cookies.
5. YOUR RIGHTS: You can access, export, or delete your data anytime.
Just email us or use the account settings.
6. WE DON'T SELL YOUR DATA: Period. Never have, never will.
7. DATA AVAILABILITY: We're building fast. While we do our best, data might
occasionally be lost during updates. Download your PDFs to be safe.
Now, the full Policy:
================================================================================
SECTION 1: WHO WE ARE (DATA CONTROLLER)
================================================================================
MobyDick AI is the data controller for the personal information we collect
through our Platform.
Contact Information:
Email: support@mobydickai.com
For privacy-related inquiries, contact us at the email above with the subject
line "Privacy Request."
================================================================================
SECTION 2: INFORMATION WE COLLECT
================================================================================
2.1 INFORMATION YOU PROVIDE DIRECTLY
When you use our Platform, you may provide:
(a) ACCOUNT INFORMATION
- Email address (required for registration)
- Display name (required)
- Password (stored securely, never in plain text)
(b) PROFILE & BRAND INFORMATION
- Company/brand name
- Industry and business description
- Target audience information
- Brand voice and tone preferences
(c) CONTENT YOU CREATE
- Brain dumps and content ideas
- Generated posts, carousels, and images
- Feedback and critique requests
(d) PAYMENT INFORMATION
- Processed securely by Stripe
- We do NOT store complete credit card numbers
- We receive: last 4 digits, card type, billing address
(e) COMMUNICATIONS
- Support requests
- Feedback submissions
- Newsletter subscriptions
2.2 INFORMATION COLLECTED AUTOMATICALLY
When you use our Platform, we automatically collect:
(a) USAGE DATA
- Features used and actions taken
- Credit consumption per operation
- Content generation history
- Login timestamps
(b) TECHNICAL DATA
- IP address
- Browser type and version
- Device type (desktop/mobile)
- Operating system
- Referral source
(c) COOKIES AND SIMILAR TECHNOLOGIES
- See Section 7 (Cookie Policy) for details
2.3 INFORMATION FROM THIRD PARTIES
We may receive information from:
(a) AUTHENTICATION PROVIDERS
- If you sign in via Google (Firebase Auth), we receive your email
and display name
(b) PAYMENT PROCESSOR
- Stripe provides transaction confirmations and subscription status
(c) URL DATA EXTRACTION
- If you use our "Extract from URL" feature, we analyze the public
content of websites you provide
================================================================================
SECTION 3: HOW WE USE YOUR INFORMATION
================================================================================
3.1 LAWFUL BASES FOR PROCESSING (GDPR)
We process your personal data under the following legal bases:
| Purpose | Legal Basis |
|---------|-------------|
| Providing the service | Contract performance |
| Processing payments | Contract performance |
| Account security | Legitimate interest |
| Service improvements | Legitimate interest |
| Legal compliance | Legal obligation |
| Marketing (with consent) | Consent |
3.2 SPECIFIC USES
We use your information to:
(a) PROVIDE THE SERVICE
- Create and manage your account
- Generate AI content based on your inputs
- Process your credit usage
- Display your content and history
(b) PROCESS TRANSACTIONS
- Handle subscription payments via Stripe
- Apply credits to your account
- Send billing notifications
(c) COMMUNICATE WITH YOU
- Respond to support requests
- Send service-related notifications
- Notify you of terms or policy changes
(d) IMPROVE THE PLATFORM
- Analyze usage patterns (aggregated, anonymized)
- Fix bugs and improve features
- Develop new functionality
(e) PROTECT THE SERVICE
- Prevent fraud and abuse
- Enforce our Terms and Conditions
- Comply with legal requirements
3.3 WHAT WE DO NOT DO
We do NOT:
- Sell your personal data
- Share your data for third-party advertising
- Use your content for AI training without explicit consent
- Profile you for automated decision-making that significantly affects you
================================================================================
SECTION 4: AI PROCESSING & THIRD-PARTY SHARING
================================================================================
4.1 AI SERVICE PROVIDERS
To power our content generation features, we use third-party AI services:
GOOGLE GEMINI (Primary AI Provider)
- Purpose: Text generation, content creation, image generation
- Data shared: Your prompts, brand information, content inputs
- Data NOT shared: Your email, password, payment information
- Google's privacy policy: https://policies.google.com/privacy
IMPORTANT: When your content is processed by Google Gemini:
- We send only the minimum data necessary for generation
- We do not share your account information with AI providers
- We cannot control how Google retains or processes this data
- Google may use data to improve their AI services per their policies
- We recommend reviewing Google's AI data policies
4.2 OTHER SERVICE PROVIDERS
We use the following third-party services:
(a) FIREBASE (Google)
- Purpose: Authentication, data storage, hosting
- Data: Account credentials, user data, generated content
- Privacy: https://firebase.google.com/support/privacy
(b) STRIPE
- Purpose: Payment processing
- Data: Payment method, billing address, transaction history
- Privacy: https://stripe.com/privacy
- Note: Stripe is PCI-DSS compliant; we never see full card numbers
(c) UNSPLASH
- Purpose: Background images for visual content
- Data: Image search queries (not linked to your account)
- Privacy: https://unsplash.com/privacy
(d) GOOGLE CLOUD PLATFORM
- Purpose: Infrastructure hosting
- Data: All platform data is hosted on Google Cloud
- Privacy: https://cloud.google.com/terms/cloud-privacy-notice
4.3 DATA TRANSFER (INTERNATIONAL)
Our services are hosted in the United States. If you are located outside
the US (including the EU), your data will be transferred to and processed
in the US.
For EU users: We rely on Standard Contractual Clauses (SCCs) and the
service providers' certifications (where applicable) as the legal
mechanism for data transfers.
================================================================================
SECTION 5: DATA RETENTION
================================================================================
We retain your data for the following periods:
| Data Type | Retention Period | Reason |
|-----------|------------------|--------|
| Account data | Until deletion + 30 days | Service provision |
| Generated content | 12 months after creation | User access |
| Usage logs | 24 months | Security, analytics |
| Payment records | 7 years | Legal/tax requirements |
| Support tickets | 3 years | Quality assurance |
| Backup copies | 90 days after deletion | Disaster recovery |
After retention periods:
- Data is permanently deleted or anonymized
- Anonymized data may be retained indefinitely for analytics
- Certain data may be retained if required by law
5.1 DATA AVAILABILITY
We do our best to keep your data safe, but we're also moving fast to build
the best possible platform for you.
Sometimes, rapid development means breaking changes. New features, system
improvements, or unexpected issues may occasionally affect your stored data.
If something goes wrong, we'll try to recover it — but recovery isn't always
possible.
To protect your important work:
- Download your PDFs and carousels after creating them
- Save copies of content that matters to your business
Think of the Platform as a powerful creation tool rather than a permanent
archive. By using it, you understand that occasional data loss is a
possibility as we iterate and improve — and you're choosing to be part of
that journey with us.
See Section 6.5 of the Terms and Conditions for additional details.
================================================================================
SECTION 6: YOUR RIGHTS
================================================================================
6.1 RIGHTS FOR ALL USERS
Regardless of your location, you have the right to:
(a) ACCESS your personal data
(b) CORRECT inaccurate data
(c) DELETE your account and data
(d) EXPORT your data in a portable format
(e) WITHDRAW consent where processing is based on consent
6.2 ADDITIONAL RIGHTS FOR EU/UK USERS (GDPR)
If you are in the EU or UK, you also have the right to:
(a) RESTRICTION of processing in certain circumstances
(b) OBJECT to processing based on legitimate interests
(c) LODGE A COMPLAINT with your local data protection authority
(d) NOT BE SUBJECT to automated decision-making with legal effects
6.3 ADDITIONAL RIGHTS FOR CALIFORNIA USERS (CCPA)
If you are a California resident, you have the right to:
(a) KNOW what personal information we collect and how we use it
(b) DELETE your personal information
(c) OPT-OUT of the sale of personal information (we don't sell data)
(d) NON-DISCRIMINATION for exercising your rights
6.4 HOW TO EXERCISE YOUR RIGHTS
To exercise any of these rights:
- Email: support@mobydickai.com with subject "Privacy Request"
- Specify which right you wish to exercise
- We will respond within 30 days (or sooner where required by law)
- We may need to verify your identity before processing requests
Account Deletion:
- Go to Settings > Account > Delete Account
- Or email us requesting deletion
- Content is deleted within 30 days; backups within 90 days
Data Export:
- Contact us to request a copy of your data
- We will provide it in a machine-readable format (JSON)
================================================================================
SECTION 7: COOKIE POLICY
================================================================================
7.1 WHAT ARE COOKIES
Cookies are small text files stored on your device when you visit websites.
We use cookies and similar technologies to operate our Platform.
7.2 COOKIES WE USE
| Cookie Type | Purpose | Duration | Required? |
|-------------|---------|----------|-----------|
| Session | Keep you logged in | Session | Yes |
| Authentication | Verify your identity | 14 days | Yes |
| CSRF Protection | Security against attacks | Session | Yes |
| Preferences | Remember your settings | 1 year | No |
7.3 THIRD-PARTY COOKIES
Our third-party service providers may set cookies:
FIREBASE (Google)
- Purpose: Authentication
- Cookies: __session, firebase auth tokens
- Required for login functionality
STRIPE
- Purpose: Payment processing, fraud prevention
- Cookies: Set only on payment pages
- Required for secure payments
7.4 WHAT WE DO NOT USE
We do NOT use:
- Advertising cookies
- Cross-site tracking cookies
- Social media tracking pixels
- Third-party analytics cookies (as of this version)
7.5 MANAGING COOKIES
You can control cookies through your browser settings:
- Most browsers allow you to block or delete cookies
- Blocking essential cookies will prevent login and core functionality
- See your browser's help documentation for instructions
Note for EU users: Because we only use essential cookies required for the
service to function, we do not require cookie consent under the ePrivacy
Directive. However, you can still manage cookies via your browser.
================================================================================
SECTION 8: DATA SECURITY
================================================================================
8.1 SECURITY MEASURES
We implement appropriate technical and organizational measures:
(a) ENCRYPTION
- All data transmitted over HTTPS (TLS 1.2+)
- Passwords hashed using industry-standard algorithms
- Sensitive data encrypted at rest
(b) ACCESS CONTROL
- Role-based access for team members
- Authentication required for all data access
- Regular access reviews
(c) INFRASTRUCTURE
- Hosted on Google Cloud Platform
- Regular security updates and patches
- Automated backups
(d) MONITORING
- Logging of security-relevant events
- Incident response procedures
- Regular security assessments
8.2 DATA BREACH NOTIFICATION
In the event of a data breach that affects your personal data:
- We will notify affected users within 72 hours (per GDPR requirements)
- We will notify relevant authorities as required by law
- We will provide information about the breach and remediation steps
8.3 YOUR SECURITY RESPONSIBILITIES
You are responsible for:
- Maintaining the confidentiality of your password
- Using a strong, unique password
- Notifying us of any unauthorized access to your account
- Logging out from shared devices
================================================================================
SECTION 9: CHILDREN'S PRIVACY
================================================================================
Our Platform is not intended for children under 18 years of age. We do not
knowingly collect personal information from children under 18.
If you believe we have collected information from a child under 18, please
contact us immediately at support@mobydickai.com. We will delete such
information promptly.
================================================================================
SECTION 10: CHANGES TO THIS POLICY
================================================================================
10.1 HOW WE UPDATE THIS POLICY
We may update this Privacy Policy from time to time. When we do:
- We will update the "Last Updated" date at the top
- We will update the version number
- Material changes will be communicated via email
10.2 NOTIFICATION OF CHANGES
For material changes affecting your rights:
- We will email you at your registered email address
- We will post a notice on the Platform
- We may require re-acknowledgment for significant changes
10.3 YOUR CONTINUED USE
Your continued use of the Platform after changes indicates acceptance of
the updated policy. If you disagree with changes, you may close your
account and request data deletion.
================================================================================
SECTION 11: CONTACT US
================================================================================
For any privacy-related questions, concerns, or requests:
Email: support@mobydickai.com
Subject Line: "Privacy Request" or "Privacy Question"
We aim to respond to all privacy inquiries within 5 business days.
For EU users: If you are not satisfied with our response, you have the
right to lodge a complaint with your local data protection authority.
================================================================================
SECTION 12: ADDITIONAL INFORMATION
================================================================================
12.1 DO NOT TRACK
Some browsers have a "Do Not Track" feature. Our Platform does not
currently respond to DNT signals, as we do not engage in cross-site
tracking.
12.2 LINKS TO OTHER WEBSITES
Our Platform may contain links to third-party websites. We are not
responsible for the privacy practices of those websites. We encourage
you to read their privacy policies.
12.3 BUSINESS TRANSFERS
If we are involved in a merger, acquisition, or sale of assets, your
personal data may be transferred. We will notify you before your data
is transferred and becomes subject to a different privacy policy.
================================================================================
VERSION HISTORY
================================================================================
Version 1.1 (December 15, 2025)
- Added Section 5.1: Data Availability Disclaimer
- Clarified that data may be deleted and may not be recoverable
- Added recommendation for users to export and backup content
Version 1.0 (December 10, 2025)
- Initial release
- GDPR and CCPA compliant
- Integrated cookie policy
================================================================================
END OF PRIVACY POLICY
================================================================================