Privacy Policy

1. Introduction

Welcome to Aletheia (referred to as "we", "us", or "the Service"). We value your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, store, and protect your information.

By using Aletheia, you agree to the practices described in this Privacy Policy. If you do not agree with this policy, please do not use our Service.

2. Information We Collect

2.1 Account Information

When you log in via Google OAuth, we collect:

• Your Google account email address
• Your name (if provided in your Google account)
• Your profile picture (if provided in your Google account)

2.2 Usage Data

To provide our services, we collect:

• Selected text content (only when you actively request an explanation)
• Contextual information of the text (to provide more accurate explanations)
• URLs of web pages you visit (to provide context-relevant explanations)
• Usage statistics (such as quota usage, request counts)
• Your preference settings (such as language, AI model selection, MBTI type)

2.3 Technical Information

• Browser type and version
• Device information
• IP address (for security and abuse prevention)
• Cookies and similar technologies

3. How We Use Your Information

We use the collected information for:

• Service Provision: Processing your text explanation requests and generating AI responses
• Account Management: Managing your account, subscriptions, and quotas
• Personalization: Customizing the service experience based on your preferences
• Service Improvement: Analyzing usage patterns to improve features and performance
• Security: Detecting and preventing abuse, fraud, and security threats
• Communication: Sending service-related notifications and updates
• Compliance: Complying with legal obligations and enforcing our terms

4. Data Sharing and Third-Party Services

4.1 AI Service Providers

To generate text explanations, we send your selected text to the following AI service providers:

• Google Gemini API
• OpenAI API (if you choose)
• Anthropic Claude API (if you choose)
• MiniMax API (if you choose)

These service providers have their own privacy policies, and we recommend reviewing them.

4.2 Authentication

We use Google OAuth for authentication. Your login credentials are managed by Google, and we do not store your password.

4.3 Payment Processing

Subscription payments are processed by Creem. We do not store your credit card information.

4.4 Hosting Services

Our service is hosted on Vercel, and our database is hosted on Vercel Postgres.

5. Data Storage and Security

We implement reasonable technical and organizational measures to protect your data:

• Data transmission uses HTTPS encryption
• Database access is strictly controlled
• Regular security audits and updates
• Principle of least privilege

Important Note: Your selected text content is not permanently stored. We only use this data temporarily while processing your request.

6. Data Retention

• Account Information: Retained while your account is active
• Usage Statistics: Retained for 12 months for analysis and improvement
• Text Content: Not retained, only used temporarily during request processing
• Log Data: Retained for 30 days for troubleshooting and security

7. Your Rights

Under applicable data protection laws, you have the following rights:

• Right to Access: Request access to personal data we hold about you
• Right to Rectification: Request correction of inaccurate personal data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Request restriction of processing your personal data
• Right to Data Portability: Request to receive your data in a structured, commonly used format
• Right to Object: Object to processing of your personal data
• Right to Withdraw Consent: Withdraw your consent at any time

To exercise these rights, please manage your account through the settings page or contact our support team.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Maintain your login session
• Remember your preference settings
• Analyze service usage
• Enhance security

You can manage cookie preferences through your browser settings, but this may affect the availability of certain features.

9. Children's Privacy

Our service is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we may have collected information from a child, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and processed on servers outside China. We take appropriate measures to ensure your data is handled securely in accordance with this Privacy Policy.

11. Changes to Privacy Policy

We may update this Privacy Policy from time to time. We will post the new Privacy Policy on this page and update the "Last Updated" date. For significant changes, we will notify you via email or in-service notification.

12. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us:

• Email: huwangsq@gmail.com
• Website: https://parerga.xyz

13. GDPR Compliance (EU Users)

If you are located in the European Economic Area (EEA), we process your personal data in accordance with GDPR. Our legal bases for processing data include:

• Performance of contract (providing services)
• Your consent (for certain processing activities)
• Legitimate interests (service improvement, security)
• Legal obligations

14. CCPA Compliance (California Users)

If you are a California resident, under CCPA, you have the right to:

• Know the categories of personal information we collect
• Request deletion of your personal information
• Opt-out of the "sale" of personal information (we do not sell personal information)
• Not be discriminated against for exercising these rights