Privacy Policy

1. Introduction

This Privacy Policy describes how Infinee s. r. o. ("we", "our", or "us") collects, uses, and protects your personal information when you use ViralSky, our AI-powered viral content generation platform.

Data Controller: Infinee s. r. o., a Slovak limited liability company, is the data controller responsible for your personal information.

By using our service, you agree to the collection and use of information in accordance with this policy. We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR).

2. Information We Collect

We collect information that you provide directly to us, including:

• Account Information: Email address, name, and password (hashed and encrypted)
• Content Data: Topics, prompts, and content you generate using our service
• Payment Information: Processed securely through Stripe (we do not store credit card details)
• Subscription Data: Subscription tier, billing period, and payment history
• Usage Data: Analytics, feature usage, and interaction patterns
• Technical Data: IP address, browser type, device information, and access logs

We may also collect information automatically through cookies and similar tracking technologies as described in Section 7.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: Provide, maintain, and improve our AI content generation services
• Account Management: Create and manage your account, process subscriptions, and handle billing
• Payment Processing: Process transactions securely through Stripe
• Communication: Send technical notices, support messages, and respond to inquiries
• Service Improvement: Analyze usage patterns to improve our AI models and service features (data anonymized where possible)
• Legal Compliance: Comply with legal obligations and protect our rights
• Security: Detect and prevent fraud, abuse, and security issues

Legal Basis for Processing (GDPR): We process your personal data based on: (1) your consent when you create an account, (2) contract performance to provide our services, (3) legitimate interests for service improvement and security, and (4) legal obligations for compliance purposes.

4. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction, including:

• Encryption of data in transit (HTTPS/TLS) and at rest
• Secure password hashing and authentication
• Regular security assessments and updates
• Access controls and limited data access on a need-to-know basis
• Secure payment processing through Stripe (we never store credit card details)

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

5. Third-Party Services

We use third-party services that may collect or process information on our behalf:

• Stripe: Payment processing and subscription management. Stripe handles all payment information securely. See Stripe's Privacy Policy
• NextAuth: Authentication services for secure login
• AI Providers: Content generation services including OpenAI, Anthropic (Claude), Google AI (Gemini), and XAI. Your prompts and generated content may be processed by these providers. See their respective privacy policies:
  • OpenAI Privacy Policy
  • Anthropic Privacy Policy
  • Google AI Privacy Policy
• PostHog: Analytics and product analytics (anonymized where possible)
• Brevo (Sendinblue): Email delivery services

These third-party services have their own privacy policies. We encourage you to review them. We are not responsible for the privacy practices of these third parties.

6. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR) and applicable data protection laws, you have the following rights:

• Right of Access: Request a copy of your personal data we hold
• Right to Rectification: Correct inaccurate or incomplete personal data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restrict Processing: Request limitation of how we process your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
• Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise these rights, please contact us at info@viralsky.ai. We will respond to your request within 30 days.

Account Deletion: You may delete your account at any time through your account settings. Upon deletion, we will remove your personal data, except where we are required to retain it for legal or legitimate business purposes (e.g., transaction records for tax purposes).

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our service and hold certain information. Types of cookies we use:

• Essential Cookies: Required for authentication and core functionality
• Analytics Cookies: Help us understand how users interact with our service (anonymized)
• Preference Cookies: Remember your settings and preferences

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our service.

8. Data Retention

We retain your personal information for as long as necessary to provide our services and fulfill the purposes described in this policy:

• Account Data: Retained while your account is active and for up to 3 years after account deletion for legal and business purposes
• Content Data: Retained while your account is active. You may delete generated content at any time
• Payment Records: Retained for 7 years as required by Slovak tax and accounting laws
• Analytics Data: Retained in anonymized form for service improvement

After the retention period, we will securely delete or anonymize your personal data, except where legal obligations require us to retain it.

9. International Data Transfers

Your information may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, where our third-party service providers operate. These transfers are necessary for providing our services.

We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses approved by the European Commission, to protect your personal data in accordance with GDPR requirements.

10. Children's Privacy

Our service is not intended for users under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information.

11. Changes to This Policy

We may update our Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last updated" date
• Sending an email notification for significant changes (if you have an account)

Your continued use of our service after any changes constitutes acceptance of the updated Privacy Policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: