1. Introduction

This Privacy Policy explains how personal data and personal information is collected, used, disclosed, and protected when you use naffe.ai (the "Service"), an AI-powered software and application generation platform.

naffe.ai is a service operated by a separate legal entity (the "Company", "we", "us", or "our"), which acts as the data controller under EU law and the business under US privacy laws.

This Privacy Policy applies globally, including users located in the European Union, United States, and California.

2. Scope

This Policy applies to:

Users of the naffe.ai platform
Website visitors and waitlist users
Customers, trial users, and subscribers
Communications with us

It does not apply to third-party services not operated by us.

3. Personal Information We Collect

3.1 Identifiers

Name
Email address
Account credentials
IP address

3.2 Commercial Information

Subscription status
Billing records
Transaction references

3.3 Internet Activity

Log files
Usage data
Device and browser data

3.4 User-Provided Content

Prompts, configurations, uploaded materials
Support communications

We do not knowingly collect sensitive personal information unless provided directly by the user.

4. How We Use Personal Information

We use personal information to:

Operate and deliver the Service
Generate AI-based outputs
Manage accounts, billing, and subscriptions
Provide customer support
Improve performance and features
Detect fraud and misuse
Comply with legal obligations

We do not sell personal information.

We do not share personal information for cross-context behavioral advertising.

5. Legal Bases

EU / GDPR

Processing is based on:

Contract performance
Legitimate interests
Legal obligations
Consent where required

US / CCPA–CPRA

Processing is based on business purposes, including service delivery, security, and internal operations.

6. AI Processing

User inputs may be processed by AI systems to generate outputs
We do not use private customer content to train public AI models without explicit agreement
AI outputs may contain errors
Users are responsible for validating outputs

7. Disclosure of Personal Information

We may disclose personal information to:

Service providers and processors
Payment providers
Infrastructure and analytics providers
Authorities where legally required
Corporate successors in a transaction

All service providers are contractually restricted from using data for their own purposes.

8. International Transfers

Data may be processed outside your jurisdiction. Where required, we use appropriate safeguards, including Standard Contractual Clauses.

9. Data Retention

We retain personal information only as long as reasonably necessary to fulfill operational, legal, and contractual purposes.

10. Security

We apply appropriate technical and organizational safeguards. No system is completely secure.

11. Your Rights

EU Users

You have rights to access, rectification, deletion, restriction, objection, portability, and complaint to a supervisory authority.

US and California Users (CCPA/CPRA)

You have the right to:

Know what personal information we collect
Access your personal information
Request deletion
Request correction
Opt out of sale or sharing (not applicable as we do not sell or share)
Limit use of sensitive personal information (if applicable)
Not be discriminated against for exercising your rights

Requests can be submitted via the contact details below.

12. Contact

Email: privacy@naffe.ai