Qrowd.ai Privacy Policy

Effective Date: October 15, 2025
Last Updated: October 15, 2025

1. Introduction

QrowdAI, Inc. ("Qrowd," "we," "us," or "our") respects your privacy and is committed to protecting your personal data.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use Qrowd.ai and its related services (the "Platform").

Our Core Principle: Your data stays within your group by design. We never share your room content outside your invited members, except as required to operate, maintain, or secure the Platform, or as required by law.

2. Information We Collect

2.1 Information You Provide

Account Information: Email address, name, and password
Waitlist Information: Email address and optional name for early access notifications
Room Content: Messages, files, images, documents, and other materials shared in rooms
Profile Information: Display name, profile picture, and preferences
Payment Information: Billing details and payment method (processed securely by third-party payment processors -- we do not store full payment card numbers)

2.2 Information Collected Automatically

Usage Data: Room activity, feature usage, interaction patterns, session duration, and timestamps
Device Information: Browser type and version, operating system, IP address, device identifiers, and language preferences
Cookies and Tracking: Session cookies, preference cookies, and analytics cookies (see Section 12 for details)

2.3 Information from AI Interactions

Conversation History: All messages exchanged with AI personas within rooms
AI Model Selection: Which AI models (ChatGPT, Claude, Gemini, etc.) you choose to interact with
Integration Data: Content processed through AI-native integrations (Perplexity, Fal, Beautiful.ai, ElevenLabs, etc.)

3. How We Use Information

We process your information for the following purposes:

3.1 Service Delivery (Legal Basis: Contract Performance)

Provide core Platform functionality
Enable room creation and management
Facilitate AI interactions and responses
Maintain persistent memory within rooms
Process authentication and authorization

3.2 Payment Processing (Legal Basis: Contract Performance)

Handle subscriptions and billing
Process payments through secure third-party processors
Generate invoices and receipts

3.3 Platform Improvement (Legal Basis: Legitimate Interests)

Analyze usage patterns to enhance features
Optimize performance and user experience
Develop new features and services
Conduct internal research and analytics

3.4 Communications (Legal Basis: Legitimate Interests or Consent)

Send service updates and feature announcements
Provide security alerts and important notices
Respond to support requests
Send waitlist updates (with consent, which can be withdrawn)

3.5 Security and Compliance (Legal Basis: Legitimate Interests & Legal Obligation)

Detect and prevent fraud and abuse
Investigate security incidents
Enforce our Terms of Service
Comply with legal obligations and court orders

Legal Basis Summary (EU/UK Users):

Contract Performance: To provide the services you've signed up for
Legitimate Interests: To improve and secure the Platform
Consent: For marketing communications (which you can withdraw anytime)
Legal Compliance: When required by law

4. How AI Processing Works

4.1 Third-Party AI Providers

When you interact with an AI persona in a room, your messages are processed as follows:

You send a message in a Qrowd room
Your message is transmitted to the selected AI provider (e.g., OpenAI, Anthropic, Google)
The provider processes your request and generates a response
The response is returned to your room
The conversation is stored in your room's persistent memory

4.2 Data Processing by AI Providers

Each AI provider processes your data according to their own privacy policies:

OpenAI (ChatGPT): https://openai.com/privacy
Anthropic (Claude): https://www.anthropic.com/privacy
Google (Gemini): https://policies.google.com/privacy

4.3 Data Retention by AI Providers

AI providers may temporarily cache or retain data according to their own policies. We select providers with strong privacy commitments and configure services to minimize data retention where possible.

4.4 No Training on Your Data

We do not use your conversations to train our own AI models or allow third parties to train on your data without your explicit consent. We use API-based AI services that do not train on customer data (per provider policies as of the effective date).

5. Information Sharing and Disclosure

5.1 Within Your Room

Room content is accessible to all members invited to that specific room. When you share information in a room, all room members can view it.

5.2 Third Parties We Share With

We may share limited information with:

AI Service Providers:

OpenAI, Anthropic, Google, and other AI model providers
To process your AI interaction requests
Governed by their respective privacy policies

Infrastructure and Hosting Partners:

Cloud storage and computing services
To securely host and operate the Platform

Payment Processors:

Stripe, PayPal, or other payment service providers
To handle billing and subscriptions securely
We do not store full payment card numbers

Analytics Services:

To understand Platform usage (anonymized where possible)
For performance monitoring and improvement

Legal and Safety:

Law enforcement or government agencies when legally required
To comply with court orders, subpoenas, or legal processes
To protect our rights, safety, or property

5.3 What We DON'T Do

We do NOT:

Sell your personal information
Share room content with other Qrowd users outside your room
Share room content with third parties for their marketing purposes
Use your conversations for advertising
Provide access to your data beyond what's necessary to operate the service

6. Data Security

We implement industry-standard security measures to protect your information:

Technical Safeguards:

Encryption in Transit: TLS/SSL encryption for all data transmission
Encryption at Rest: Sensitive personal data encrypted in storage
Access Controls: Role-based access restrictions for employee access
Authentication: Secure password requirements and session management
Secure Infrastructure: Hosting with reputable cloud providers with strong security practices

Organizational Safeguards:

Periodic security and vulnerability assessments
Employee training on data protection
Incident response procedures
Third-party security reviews

Important Note: No method of transmission over the internet is 100% secure. While we implement strong security measures, we cannot guarantee absolute security.

7. Data Retention

Active Data:

Active Rooms: Room data is retained while the room exists and the subscription is active
Account Data: Retained while your account is active

Deleted Data:

Deleted Rooms: Scheduled for permanent removal from active systems within 30 days
Backup Retention: Purged from backup systems within 90 days of deletion
Account Closure: Account data retained for 90 days after voluntary closure, then permanently deleted

Legal Requirements:

Some data may be retained longer to comply with:

Tax and accounting obligations (typically 7 years)
Legal holds or pending litigation
Fraud prevention and security purposes

8. Your Privacy Rights

8.1 Rights Available to All Users

Access: Request a copy of your personal data
Correction: Update inaccurate personal information
Deletion: Request deletion of your personal data (subject to legal retention requirements)
Export: Download room data in machine-readable format
Unsubscribe: Opt out of marketing communications at any time

8.2 European Union / United Kingdom Rights (GDPR)

If you are in the EU or UK, you have additional rights:

Right to Restriction: Limit how we process your data
Right to Object: Object to processing based on legitimate interests
Right to Data Portability: Receive your data in a structured format
Right to Withdraw Consent: Withdraw consent for processing (where consent is the legal basis)
Right to Lodge a Complaint: File a complaint with your local data protection authority

8.3 California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have rights under the California Consumer Privacy Act:

Right to Know:

Categories of personal information collected (see Section 2)
Sources from which information is collected
Business purposes for collecting information (see Section 3)
Categories of third parties we share with (see Section 5)

Right to Delete:

Request deletion of personal information (subject to legal exceptions)

Right to Opt-Out:

We do not sell personal information, so no opt-out is required

Right to Non-Discrimination:

We will not discriminate against you for exercising your rights

Right to Limit Use of Sensitive Personal Information:

Shine the Light Law:

Request information about data sharing for direct marketing (we do not share for this purpose)

8.4 Other Jurisdictions

Additional rights may apply based on your location. Contact us at privacy@qrowd.ai for region-specific information.

8.5 How to Exercise Your Rights

To exercise any privacy rights:

Email: privacy@qrowd.ai
Include your name, email address, and specific request
We will verify your identity and respond within 30-45 days (depending on jurisdiction)

9. Children's Privacy

Qrowd.ai is not intended for children under 13 years old (or 16 in the EU). We do not knowingly collect personal information from children.

If you believe we have collected information from a child, contact us immediately at privacy@qrowd.ai and we will promptly delete it.

10. International Data Transfers

QrowdAI, Inc. operates in the United States. Your data may be transferred to, stored, and processed in:

The United States
Other countries where our service providers operate

Safeguards for International Transfers:

Standard Contractual Clauses (SCCs): For transfers from the EU/UK
Adequacy Decisions: Where applicable (e.g., EU-approved countries)
Other Lawful Mechanisms: As required by applicable law

We ensure appropriate safeguards are in place to protect your data during international transfers.

11. Cookies and Tracking Technologies

11.1 Types of Cookies We Use

Essential Cookies (Required):

Session authentication and login
Platform functionality and security
Load balancing and performance

Analytics Cookies (Optional):

Usage statistics and patterns
Feature performance monitoring
Platform improvement insights

Preference Cookies (Optional):

User settings and preferences
Interface customization
Language selection

11.2 Managing Cookies

You can control cookies through:

Browser Settings: Most browsers allow you to refuse cookies
Cookie Consent Manager: Available on our website
Opt-Out Links: For specific analytics services

Note: Disabling essential cookies may affect Platform functionality.

11.3 Third-Party Cookies

Some third-party services (AI providers, analytics) may set their own cookies. We do not control these cookies; refer to their privacy policies.

12. Do Not Track Signals

Some browsers include "Do Not Track" (DNT) features. Our Platform does not currently respond to DNT signals, as there is no industry standard for how to interpret them.

You can control tracking through:

Browser cookie settings
Our cookie consent manager
Opting out of analytics services

13. Third-Party Links and Services

The Platform may contain links to third-party websites or integrate with third-party services. We are not responsible for:

Their privacy practices
Their content or services
Your interactions with them

Review their privacy policies before providing information to third parties.

14. Changes to This Privacy Policy

14.1 Updates

We may update this Privacy Policy periodically to reflect:

Changes in our practices
New legal requirements
Platform feature updates

14.2 Notification of Changes

We will notify you of material changes via:

Email to your registered address
Prominent notice on the Platform
In-app notification

14.3 Effective Date

Changes become effective:

Immediately for new users
30 days after notice for existing users

Continued use after changes constitutes acceptance of the updated policy.

15. Contact Information

Data Controller:

QrowdAI, Inc.
131 Continental Dr, Suite 305
Newark, DE 19713, USA

Contact Emails:

Privacy Questions & Rights Requests:
Email: privacy@qrowd.ai

General Inquiries:
Email: q@qrowd.ai

Data Protection Officer (if applicable):
Email: dpo@qrowd.ai

EU/UK Representative (if applicable):

[To be designated if regular processing of EU/UK resident data]

Response Time:

We aim to respond to privacy inquiries within:

30 days for general inquiries
45 days for complex requests
As required by applicable law for rights requests

16. Additional Information for Specific Regions

16.1 European Economic Area (EEA) and United Kingdom

Data Controller: QrowdAI, Inc.
Legal Basis: See Section 3 for detailed legal basis information
Data Protection Authority: You may lodge a complaint with your local supervisory authority
International Transfers: Protected by Standard Contractual Clauses

16.2 California

Categories of Information Collected: See Section 2
Business Purposes: See Section 3
Third-Party Sharing: See Section 5
Sale of Information: We do NOT sell personal information
Retention Periods: See Section 7

16.3 Other U.S. States

We comply with applicable state privacy laws, including those in Virginia, Colorado, Connecticut, and Utah. Contact us to exercise rights under your state's privacy law.

Your Privacy Matters

At Qrowd, we believe AI should work for groups without compromising individual privacy. Our "your data stays in your group" commitment means we build features that respect your privacy while enabling powerful collaboration.

We're here to answer questions and help you understand how we protect your information. Don't hesitate to reach out.