Privacy Policy

Effective Date: 25 March 2025

This Privacy Policy explains how Charley AI (“we,” “us,” or “our”) collects, uses, stores, shares, and protects personal data when you access or use our Service available at https://charley.ai. We are committed to ensuring your privacy is protected and to being transparent about our practices. This document is intended to help you understand our privacy practices and your rights regarding your personal data.

1. Introduction

Charley AI, operating from 112 Tynte Street, North Adelaide, 5006, South Australia, Australia, provides our users with an engaging and secure digital service. This Policy applies to all users accessing our website, mobile applications, and other platforms (collectively “Service”). We respect your privacy and believe that protecting your personal data is a fundamental aspect of trust and transparency. This expanded policy details the nature of data we collect, why we collect it, and how we safeguard it, in compliance with Australian law and international privacy standards.

2. Information We Collect

We collect various types of data necessary to provide, secure, and improve our Service. The data we collect falls into several categories:

2.1. Identification Information

User Credentials: Email addresses and securely hashed passwords used for account registration, authentication, and recovery.
IP Addresses: Collected primarily for security purposes, fraud detection, and performance monitoring. These addresses are used solely to enhance the integrity and security of our Service.
Device Identifiers: Unique identifiers from devices accessing our Service to help manage sessions and secure accounts.

2.2. User-Generated Content

Textual Content: Essays, reports, creative writings, research papers, technical documents, and other content provided by users during interactions with our Service.
Multimedia Uploads: Files including images, videos, transcriptions, and other uploaded materials. This data is processed to improve the user experience and support user-driven projects.
Collaborative Content: Contributions from users in forums, comments, or other interactive features provided within the Service.

2.3. Usage and Technical Data

Engagement Metrics: Detailed records of time spent on the platform, pages viewed, documents accessed, and frequency and duration of visits.
Technical Diagnostics: Information such as browser type, browser version, device type, operating system, and geographic location, as well as referral URLs that assist in troubleshooting and performance enhancement.
Analytics Data: Aggregated and anonymized data for research and analysis to understand usage patterns, optimize features, and enhance overall Service quality.

2.4. Payment Information

Transaction Data: Payments processed via Stripe, including transaction amounts, currency, and timestamps. No credit card or banking details are stored directly by us.
Third-Party Payment Processing: All payment transactions are conducted via Stripe, which adheres to strict PCI DSS standards. For further details, please refer to Stripe’s Privacy Policy.

3. How We Use Your Information

We use the collected personal data to ensure the optimal operation, security, and improvement of our Service. Our primary purposes include:

Service Delivery: To provide and operate our Service, ensuring that it is secure, functional, and continually improved to meet your needs.
Account Management: To create, maintain, and manage user accounts; handle registrations; and facilitate authentication, password resets, and other account-related functions.
Customer Support: To respond to inquiries, provide assistance, and deliver customer support services.
Communication: To send newsletters, promotional offers, product updates, technical notices, and security alerts through email (via Resend) and other channels, ensuring that you stay informed about Service updates.
Analytics and Research: To conduct internal analytics and research that help us understand user behavior, optimize our Service, and develop new features.
Compliance and Legal Purposes: To ensure compliance with applicable laws, resolve disputes, enforce our terms, and protect our legal rights.
Fraud Prevention and Security: To detect and prevent fraudulent activities, unauthorized access, and misuse of our Service.
Personalization: To customize and enhance your experience by tailoring content and advertisements based on your preferences and usage patterns, while offering opt-out mechanisms where applicable.

4. Data Storage and Security

We take the security of your personal data seriously. Our security measures include:

Secure Data Hosting: All data is stored securely using Supabase, which implements industry-standard encryption protocols both in transit and at rest.
Access Controls: Strict access control measures ensure that only authorized personnel have access to personal data, which is regularly reviewed.
Regular Backups: Data is backed up regularly to protect against loss or corruption, with restoration procedures in place to minimize downtime.
Firewalls and Intrusion Detection: Comprehensive firewall systems and intrusion detection measures are employed to protect against unauthorized access and cyber threats.
Encryption Practices: Sensitive information is encrypted using robust algorithms, and secure authentication methods are implemented across all access points.
Continuous Monitoring: We perform regular audits, vulnerability assessments, and penetration tests to identify and rectify potential security risks.

5. Third-Party Sharing

We share personal data with trusted third-party service providers only when necessary for delivering our Service. These relationships are governed by strict contractual agreements to ensure your data is handled securely and in accordance with applicable laws.

5.1. Service Providers

Supabase: For data hosting, authentication, and secure data storage.
Stripe: For secure processing of payments without storing sensitive banking information on our servers.
Google Analytics: For collecting website analytics and usage data to improve Service functionality and user experience.
Resend: For sending email communications, including newsletters, alerts, and other updates.

5.2. Third-Party Policy References

We encourage you to review the privacy policies of our third-party partners:

5.3. Future Integrations

Should we integrate additional third-party services, we will update this policy accordingly and ensure that any data sharing is conducted with strict adherence to legal requirements and transparency standards.

6. Cookies and Tracking Technologies

Cookies and similar tracking technologies are essential for providing a seamless and personalized user experience. We use these tools for the following purposes:

6.1. Types of Cookies

Essential Cookies: Required for the basic functioning of the Service, enabling secure access and navigation.
Performance Cookies: Used to collect information on how visitors interact with our website, such as page visits and error logs, which help us improve performance.
Functional Cookies: Enable the Service to remember your preferences and settings, providing a more personalized experience.
Marketing Cookies: Track browsing habits and preferences to display targeted advertising that aligns with your interests. These cookies may also be used to measure the effectiveness of marketing campaigns.

6.2. Consent and Control

Explicit Consent: We provide a clear, upfront cookie consent banner when you first visit our website. You are required to give explicit consent for the use of non-essential cookies.
Cookie Management: Users can manage their cookie preferences through our settings interface. Detailed instructions on how to disable cookies or adjust settings are provided in our help documentation.
Opt-Out Options: For marketing cookies, users can opt out of targeted advertising at any time. We also honor "Do Not Track" signals where applicable.

7. User Responsibilities

Your cooperation is critical in maintaining a secure and trustworthy Service. By using our Service, you agree to adhere to the following responsibilities:

Account Security: Maintain the confidentiality of your account information and passwords. Do not share your login details or allow others to access your account.
Legal Compliance: Ensure that your use of the Service complies with all relevant local, national, and international laws and regulations.
Appropriate Content: Only upload or share content that you have the rights to use and that does not infringe on the intellectual property or privacy rights of others.
Parental Consent: If you are under 18, ensure that you have obtained appropriate parental or guardian consent before using our Service.
Avoid Prohibited Actions: Do not engage in data scraping, unauthorized automation, or any activity intended to compromise the integrity of our Service. Violations may lead to account suspension or legal actions.
Reporting Issues: Promptly report any suspected breaches of security, unauthorized access, or other concerning activity to our support team at support@charley.ai.

8. User Content Rights

Your content is your property. We respect your rights regarding content you generate, upload, or store on our Service. However, there are conditions to maintain the integrity of our Service:

Content Ownership: You retain full ownership and control of all content you submit, including creative and technical works.
License for Operation: By uploading content, you grant us a non-exclusive, royalty-free, worldwide license to use, store, process, and display your content for the purpose of providing and improving our Service.
Prohibited Uses: You agree not to use our Service to create products or services that directly compete with Charley AI through automation, data scraping, or other methods.
Content Moderation: We reserve the right to review, flag, or remove content that violates our policies, is harmful, or poses legal risks. In doing so, we aim to maintain a safe and secure environment for all users.
Data Portability: You have the right to request a copy of your data in a structured, commonly used, and machine-readable format.

9. Data Retention and Account Deletion

We store your personal data only for as long as necessary to provide our Service and to meet legal and operational requirements.

9.1. Retention Periods

Operational Necessity: Your data is retained for the duration of your active account and as long as it is needed to fulfill the purposes described in this Policy.
Legal Obligations: In cases where retention is required by law, your data will be maintained securely until the legal obligation expires.

9.2. Account Deletion Process

User-Initiated Requests: You may request account deletion and the removal of your personal data by contacting us at support@charley.ai. We commit to processing your request within 30 days.
Residual Data: Please note that while active data will be removed, some residual data stored in backups may remain for up to 60 days before being permanently deleted.
Confirmation: Once deletion is complete, we will notify you that your data has been purged, except for data that we are legally required to retain.

10. Children's Privacy and COPPA Compliance

We are committed to protecting the privacy of children and comply fully with the Children's Online Privacy Protection Act (COPPA) and applicable international regulations.

Age Restrictions: Our Service is not intended for children under 13. We do not knowingly collect personal data from children under this age.
Parental Consent: For users aged 13 to 17, explicit parental or guardian consent is required before any data collection occurs. We have implemented verification processes to ensure compliance.
Reporting and Remediation: If you believe that we have inadvertently collected data from a child without proper consent, please contact us immediately at support@charley.ai so that we can promptly address the issue and remove the data.
Educational Resources: We provide additional resources and guidance on our website to help parents understand online safety and privacy practices.

11. International Data Transfers

Because Charley AI is accessible globally, personal data may be transferred and processed outside of your country of residence. We ensure that all international data transfers comply with strict legal safeguards.

Transfer Mechanisms: Data transfers are governed by Standard Contractual Clauses (SCCs) or other legally recognized instruments ensuring that international transfers meet the requirements of Australian privacy laws and international standards.
Data Hosting Locations: Data may be stored in secure facilities located in Australia, the United States, and within the European Union.
Legal Compliance: We continuously review our data transfer practices to ensure they align with evolving international regulations and best practices for data protection.

12. Liability Limitations

While we are committed to providing a secure and reliable Service, there are certain risks inherent in any online service. Accordingly, our liability is limited as follows:

Service Interruptions: We are not liable for temporary or prolonged downtimes that may occur due to maintenance, technical failures, or unforeseen circumstances beyond our control.
Data Loss: In the unlikely event of data loss or corruption due to system failures, natural disasters, or cyberattacks, we take all reasonable steps to recover your data. However, Charley AI is not liable for any loss of data.
User Negligence: We are not responsible for unauthorized access to your account resulting from your failure to safeguard login credentials or other account information.
Indirect Damages: Our liability does not extend to indirect, consequential, or incidental damages arising from the use or inability to use our Service.
Legal Rights: These limitations do not affect your statutory rights under Australian Consumer Law or other applicable consumer protection regulations.

13. Compliance with Laws and User Rights

Charley AI adheres to all relevant privacy and data protection regulations, including but not limited to the Australian Privacy Act, the European Union's GDPR, and the California Consumer Privacy Act (CCPA).

13.1. Your Rights

Access: You have the right to request details on what personal data we have collected about you.
Rectification: If you believe any of your personal data is inaccurate or incomplete, you can request correction.
Erasure: Also known as the "right to be forgotten," you can request deletion of your personal data, subject to legal or contractual constraints.
Objection and Restriction: You may object to or request restrictions on the processing of your data for specific purposes.
Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

13.2. Exercising Your Rights

To exercise any of these rights, please contact us at support@charley.ai or legal@charley.ai. We will verify your identity before processing your request to ensure that your data remains secure and is handled in accordance with applicable laws.

14. Changes to Privacy Policy

We reserve the right to update or modify this Privacy Policy as our practices evolve and as required by law.

Notification of Changes

For substantial changes that affect your rights or the way we process your personal data, we will provide advance notice via email or through a prominent notice on our website at least 30 days prior to implementation.

Review and Acceptance

Continued use of our Service after changes to this Policy constitutes your acceptance of the updated terms. We encourage you to periodically review this document to stay informed of how your data is protected.

Version Control

The effective date at the top of the policy will reflect the most recent update. Previous versions may be archived and made available upon request.

15. Dispute Resolution

We strive to resolve disputes fairly and expeditiously. In the event of a disagreement related to privacy matters, the following process will apply:

Initial Mediation

Disputes should first be addressed through our internal support channels. We encourage you to contact support@charley.ai with any privacy concerns.

Arbitration and Mediation

If the dispute cannot be resolved through initial contact, it will be subject to mediation or arbitration within South Australia, in accordance with local legal requirements.

Legal Proceedings

Should mediation or arbitration fail, unresolved disputes may be brought before the courts in South Australia. International users are advised that they may have rights under their local jurisdictions which will not be waived by this agreement.

Cost and Confidentiality

Dispute resolution processes are intended to be cost-effective and confidential, ensuring minimal disruption to both parties.

16. Contact Information

Your questions and concerns regarding this Privacy Policy or our data practices are important to us. For further clarification or to address any issues, please reach out using the contact information below:

Email for Support: support@charley.ai
Email for Legal Inquiries: legal@charley.ai
Phone: +61 4 84 068 606
Postal Address: Charley AI, 112 Tynte Street, North Adelaide, SA 5006, Australia

We commit to responding to your inquiries in a timely manner and ensuring that your rights are respected.