Privacy Policy

Welcome to MyGang.ai (the “Service”, “Platform”, “Application”, or “App”), operated by Altcorp (“Company”, “we”, “us”, or “our”). This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you access or use our web application at https://mygang.ai and any related services, features, or content (collectively, the “Service”).

MyGang.ai is an AI-powered group chat application where users interact with artificial intelligence personas in a simulated group chat environment. By using the Service, you acknowledge that your messages and interactions are processed by AI systems, and you consent to the data practices described in this Privacy Policy.

Please read this Privacy Policy carefully. By accessing or using the Service, you agree to the collection, use, and disclosure of your information as described herein. If you do not agree with the terms of this Privacy Policy, you must not access or use the Service.

We use the information we collect for the following purposes:

• Service Delivery: To provide, maintain, and operate the core functionality of MyGang.ai, including generating AI persona responses to your messages.
• Personalization: To customize your experience, including maintaining conversation context through user memories and embeddings, and remembering your persona and gang preferences.
• Authentication and Security: To verify your identity, manage your account, prevent fraud, and protect against unauthorized access.
• Service Improvement: To analyze usage patterns, diagnose technical issues, develop new features, and improve the overall quality of the Service.
• Communications: To respond to your support inquiries, send service-related notices, and, where permitted, inform you about updates or changes to the Service.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
• Safety and Integrity: To detect and prevent abuse, fraud, spam, and violations of our terms of service.

This is an important disclosure regarding how your data is processed.

MyGang.ai relies on third-party artificial intelligence providers to generate AI persona responses. When you send a message in the Service, the following occurs:

• Your message content, along with relevant conversation context (including prior messages in the session and extracted user memories), is transmitted to third-party AI model providers, including but not limited to OpenRouter and Google (Gemini), for the purpose of generating AI persona responses.
• These third-party providers process your data in accordance with their own privacy policies and data processing agreements. We encourage you to review their respective privacy policies.
• We select AI providers that offer commercially reasonable data protection practices, but we cannot guarantee how third-party providers handle data once transmitted to their systems.
• AI providers may use data transmitted to them for their own purposes, including model improvement, subject to their respective terms of service and privacy policies. We endeavor to use API configurations that minimize such secondary usage where available.

By using the Service, you expressly acknowledge and consent to your messages and associated context being transmitted to and processed by third-party AI providers. Do not share sensitive personal information, financial details, health information, or any data you would not want processed by third-party AI systems.

We use the following technologies to operate the Service:

• Cookies: Small data files stored on your device that help us maintain your session, remember your preferences, and provide security features. Essential cookies are required for the Service to function. We may also use analytics cookies to understand usage patterns.
• Local Storage: We use browser local storage to cache user preferences, theme settings, session tokens, and certain application state to improve performance and user experience.
• Session Tokens: Authentication tokens stored in your browser to maintain your logged-in session. These tokens are managed by our authentication provider (Supabase Auth).

You may configure your browser to reject cookies or clear local storage. However, doing so may impair or prevent your ability to use certain features of the Service, including maintaining a logged-in session.

We do not sell your personal information. We may share your information in the following limited circumstances:

• Third-Party AI Providers: As described in Section 4, your message content and conversation context are transmitted to AI providers for response generation.
• Infrastructure and Service Providers: We use third-party services for hosting (Vercel), database and authentication (Supabase), and analytics. These providers access your data solely to perform services on our behalf and are contractually obligated to protect your information.
• Authentication Providers: If you choose to sign in via Google OAuth, certain account information is shared between Google and the Service as part of the authentication process.
• Dodo Payments: Our payment processor. Processes payment card data, UPI identifiers, and billing information necessary to complete transactions. Data is handled according to Dodo Payments’ privacy policy.
• Legal Requirements: We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a law enforcement request.
• Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or other sale of all or a portion of our assets, your personal information may be transferred as part of that transaction.
• With Your Consent: We may share your information for any other purpose disclosed to you at the time we collect the information or pursuant to your consent.

We retain your personal information for as long as your account is active or as needed to provide you with the Service. Specific retention practices include:

• Account Data: Retained for the duration of your account and deleted upon account deletion, subject to legal retention requirements.
• Chat History and Memories: Retained for the duration of your account. You may delete individual conversations or memories within the Service. Upon account deletion, all associated chat history and memories are permanently deleted.
• Embeddings: Deleted when the associated content or account is deleted.
• Analytics Data: Aggregated and anonymized analytics data may be retained indefinitely for statistical purposes, even after account deletion.
• Backup Copies: Deleted copies of your data may persist in our backup systems for a reasonable period (up to 90 days) after deletion, after which they are permanently purged.

Account Deletion: You may request deletion of your account and all associated personal data at any time by using the account deletion feature within the Service or by contacting us at pashaseenainc@gmail.com. We will process deletion requests within thirty (30) days, subject to any legal obligations requiring us to retain certain data.

Please note that data previously transmitted to third-party AI providers (as described in Section 4) is subject to those providers’ own retention and deletion policies and may not be deletable by us.

We implement commercially reasonable administrative, technical, and physical security measures designed to protect your personal information from unauthorized access, disclosure, alteration, and destruction. These measures include:

• Encryption of data in transit using TLS/SSL protocols.
• Encryption of sensitive data at rest, including password hashing using industry-standard algorithms.
• Row-level security (RLS) policies enforced at the database level to ensure users can only access their own data.
• Secure authentication mechanisms, including OAuth 2.0 integration and secure session token management.
• Regular security assessments and monitoring of our infrastructure.

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. You use the Service at your own risk.

The Service is not directed to, and we do not knowingly collect personal information from, children. The minimum age to use the Service is:

• United States: 13 years of age (in compliance with the Children’s Online Privacy Protection Act, “COPPA”).
• European Economic Area: 16 years of age (or the applicable minimum age in your member state under the GDPR, which may be as low as 13 in certain jurisdictions).
• All Other Jurisdictions: The greater of 13 years of age or the minimum age required by applicable local law.

If we learn that we have collected personal information from a child below the applicable minimum age without verifiable parental consent, we will take steps to delete that information as quickly as possible. If you believe that a child has provided us with personal information, please contact us at pashaseenainc@gmail.com.

MyGang.ai is operated from infrastructure that may be located in the United States and other countries. If you access the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States or other jurisdictions where our service providers operate.

These jurisdictions may have data protection laws that are different from (and potentially less protective than) the laws of your home jurisdiction. By using the Service, you consent to the transfer of your information to jurisdictions outside your country of residence, including the United States.

Where required by applicable law (including the GDPR), we rely on appropriate legal mechanisms for international data transfers, such as Standard Contractual Clauses (SCCs), adequacy decisions, or your explicit consent.

The following disclaimers are material terms of your use of the Service:

• All responses generated by AI personas within the Service are produced by artificial intelligence models and do not represent the views, opinions, or statements of Altcorp or any of its affiliates, employees, or agents.
• AI-generated content may be inaccurate, incomplete, misleading, offensive, or otherwise objectionable. AI personas are fictional characters and their outputs should not be relied upon for any factual, legal, medical, financial, or professional advice.
• We make no representations or warranties, express or implied, regarding the accuracy, reliability, completeness, or suitability of any AI-generated content for any purpose.
• You acknowledge that AI-generated content is provided “as is” and that you use such content at your own risk.
• User-Generated Content: You are solely responsible for any content you submit to the Service. You must not submit content that is unlawful, infringing, defamatory, threatening, or otherwise objectionable. We reserve the right to remove any user-generated content that violates our terms.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW:

• ALTCORP, ITS OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, AND AFFILIATES SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, DATA, USE, GOODWILL, OR OTHER INTANGIBLE LOSSES, ARISING OUT OF OR IN CONNECTION WITH YOUR USE OF OR INABILITY TO USE THE SERVICE, ANY AI-GENERATED CONTENT, OR ANY CONDUCT OR CONTENT OF ANY THIRD PARTY ON THE SERVICE.
• WE DO NOT GUARANTEE THAT THE SERVICE WILL BE AVAILABLE AT ALL TIMES, UNINTERRUPTED, SECURE, OR ERROR-FREE. THE SERVICE IS PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED.
• OUR TOTAL AGGREGATE LIABILITY FOR ANY CLAIMS ARISING UNDER OR IN CONNECTION WITH THIS PRIVACY POLICY OR YOUR USE OF THE SERVICE SHALL NOT EXCEED THE GREATER OF (A) THE AMOUNT YOU HAVE PAID TO US IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM, OR (B) ONE HUNDRED U.S. DOLLARS (USD $100.00).
• WE SHALL NOT BE LIABLE FOR ANY LOSS OR DAMAGE ARISING FROM YOUR FAILURE TO MAINTAIN THE CONFIDENTIALITY OF YOUR ACCOUNT CREDENTIALS, OR FROM ANY UNAUTHORIZED ACCESS TO YOUR ACCOUNT.

We do not guarantee that the Service will be available at any particular time or that access will be continuous, uninterrupted, or error-free. We reserve the right to modify, suspend, or discontinue the Service (or any part thereof) at any time, with or without notice, and without liability to you.

The Service depends on third-party infrastructure, including AI model providers, hosting services, and authentication systems. Outages, degradations, or changes to any of these third-party services may affect the availability or functionality of the Service, and we shall not be liable for any such disruptions.

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have certain rights under applicable data protection legislation, including:

• Right of Access: You have the right to request a copy of the personal data we hold about you.
• Right to Rectification: You have the right to request correction of inaccurate or incomplete personal data.
• Right to Erasure: You have the right to request deletion of your personal data, subject to certain legal exceptions.
• Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
• Right to Object: You have the right to object to the processing of your personal data for certain purposes, including direct marketing.
• Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in the EEA member state of your habitual residence, place of work, or place of the alleged infringement.

Legal Bases for Processing: We process your personal data on the following legal bases: (a) your consent; (b) performance of a contract (i.e., providing the Service to you); (c) compliance with legal obligations; and (d) our legitimate interests (e.g., improving the Service, preventing fraud), balanced against your rights and freedoms.

To exercise any of these rights, please contact us at pashaseenainc@gmail.com. We will respond to your request within thirty (30) days, or as required by applicable law.

If you are a California resident, you have the following rights under the California Consumer Privacy Act (as amended by the California Privacy Rights Act, “CPRA”):

• Right to Know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share your personal information.
• Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
• Right to Correct: You have the right to request correction of inaccurate personal information.
• Right to Opt-Out of Sale: We do not sell your personal information. If this practice changes, we will provide you with a clear opt-out mechanism.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

Categories of Personal Information Collected: Identifiers (email, username, IP address); internet or electronic network activity information (usage data, chat messages); inferences drawn from the foregoing (user memories, embeddings).

To exercise your CCPA rights, please contact us at pashaseenainc@gmail.com or pashaseenainc@gmail.com. We will verify your identity before processing your request and respond within forty-five (45) days as required by law.

If you are located in India, you have certain rights under the Digital Personal Data Protection Act, 2023 (“DPDPA”). This section outlines how we comply with the DPDPA.

This notice is provided in English.

In the event of a personal data breach:

• We will notify the Data Protection Board of India as required under the DPDPA.
• Affected users will be notified via email within 72 hours of becoming aware of the breach.
• Notifications will include: the nature of the breach, the data affected, steps we have taken, and remedial actions available to you.

We reserve the right to update or modify this Privacy Policy at any time at our sole discretion. When we make material changes, we will:

• Update the “Last Updated” date at the top of this page.
• Make reasonable efforts to notify you of material changes, which may include posting a notice within the Service, sending an email to the address associated with your account, or other means we deem appropriate.

Your continued use of the Service following the posting of changes constitutes your acceptance of such changes. We encourage you to review this Privacy Policy periodically for any updates. If you do not agree with the revised Privacy Policy, your sole remedy is to discontinue use of the Service and delete your account.

The Service may contain links to third-party websites, services, or resources that are not owned or controlled by us. We are not responsible for the privacy practices, content, or security of any third-party sites or services. This Privacy Policy applies solely to information collected through the Service. We encourage you to review the privacy policies of any third-party services you access.

Some browsers transmit “Do Not Track” (DNT) signals to websites. Because there is no universally accepted standard for how to respond to DNT signals, we do not currently respond to DNT browser signals. We will update this Privacy Policy if and when we adopt a standard for responding to DNT signals.

This Privacy Policy and any disputes arising out of or related to it or the Service shall be governed by and construed in accordance with the laws of the jurisdiction in which Altcorp is organized, without regard to conflict of law principles. Any legal action or proceeding arising under this Privacy Policy shall be brought exclusively in the courts of competent jurisdiction in that location, and you hereby irrevocably consent to the personal jurisdiction and venue therein.

If any provision of this Privacy Policy is held to be invalid, illegal, or unenforceable by a court of competent jurisdiction, that provision shall be enforced to the maximum extent permissible, and the remaining provisions of this Privacy Policy shall remain in full force and effect.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: