Skip to main content

Privacy Policy

Last updated: 2026-05-19. This document describes how iLive.Digital collects, uses, and protects your personal data. It is a working draft pending final legal review before public launch.

1. Data we collect

  • Account: email, display name, profile picture (from Google or supplied by you).
  • Content you contribute: persona entries (text), voice recordings, photos, imported memories, capsule bodies and metadata.
  • Operational metadata: subscription status, audit events (hash-chained for tamper-evidence), consent decisions, capsule release events, agent digest outputs.
  • Technical signals: rate-limit counters keyed by user ID or IP, server-side timing and error logs. We do not run analytics SDKs that profile you across sites.

2. Why we collect it

  • To operate the Twin chat, voice synthesis, and memory retrieval features.
  • To honor the capsule release conditions you configure.
  • To bill you for the subscription.
  • To respond to your data export and deletion requests (GDPR Art. 17 and Art. 20).
  • To detect abuse and enforce the Terms of Service.

3. Who we share data with

We share data only with infrastructure providers strictly required to operate the Service:

  • Vercel — hosting and serverless functions.
  • Upstash Redis — key-value storage of your account state.
  • Google Gemini — text generation and embeddings (your inputs are sent for processing; per Google's terms, free-tier inputs may be used to improve their products unless you upgrade to a paid tier — we encourage upgrading via your own quota).
  • Hugging Face Spaces — voice synthesis via the Apache-2.0 fish-speech model you deploy under your own account.
  • Moyasar / Telr — payment processing for KSA region. PCI cardholder data never touches our servers.

We do not sell your data. We do not share it with advertisers. We do not run trackers.

4. Your rights

Depending on where you live, you have one or more of the following rights:

  • Access & export (GDPR Art. 15 & 20) — download everything in NDJSON from Settings → Account → Data export.
  • Erasure (GDPR Art. 17) — schedule a 30-day deletion from Settings → Account → Delete my account.
  • Do Not Sell / Do Not Share (CCPA / CPRA) — toggle from Settings → Account. We do not sell data, but enabling the toggle is recorded for your records.
  • Object & restrict processing — revoke any consent scope from Settings → Privacy & consent.

5. How long we keep your data

We retain your data for as long as your account is active. If you request deletion, we hold the data for a 30-day grace window so you can recover from a mistaken or unauthorised request, then irreversibly purge it from every keyspace we own. Audit chain hashes may persist in a tamper- evidence log without recoverable content for one year after deletion.

6. Security

We protect your data with TLS in transit, secure HttpOnly cookies for sessions, signed JWTs with a 30-day rotation TTL, rate-limited authentication endpoints, scrypt password hashing, per-request CSP with nonce, and a hash-chained audit log. Capsule release conditions are enforced at the storage adapter so no client-side bypass is possible.

7. Children

The Service is not intended for and may not be used by people under 18.

8. Regional notes

KSA & UAE PDPL: storage region is selected at deploy time (typically Frankfurt or Bahrain) and recorded in the deployment runbook. We will notify the regulator within the prescribed window of any incident that affects more than 1,000 KSA or UAE users.

9. Contact

For questions, data-subject requests, or to report a privacy concern, contact the operator listed in the deployment runbook. A formal contact email will be published before public launch.