Privacy Policy

Our commitment to privacy and data protection is reflected in this Privacy Statement, which describes how we collect and process "personal information" that identifies you, like your name or email address or phone number. Any other information besides this is considered "non-personal information." If we store personal information with non-personal information, we'll consider that combination to be personal information.

References to our "Services" at Tellow AI (tellow.ai) in this statement include our website, apps, and other products and services. This statement applies to our Services that display or reference this Privacy Statement. Third-party services that we integrate with are governed under their own privacy policies.

Information We Collect

We collect information about you in the following ways:

You Provide It to Us Directly:

• Account Information: Name, email address, phone number, and profile information you provide when creating an account.
• Payment Information: Credit card details, billing addresses, and transaction history processed through secure third-party payment providers (Razorpay). We do not store complete payment card information on our servers.
• Content and Media: Photos, videos, and other files you upload for AI model training and content generation. This includes facial images used to create personalized AI avatars.
• Communication Data: Messages, feedback, and support requests you send to us through our platform or email.
• Preference Data: Settings, customizations, and preferences you configure within our services.

Mobile App Permissions (Android & iOS):

To provide our services on mobile devices, we may request the following permissions:

• Camera: Used to take photos and record videos directly within the app for AI model creation and content generation.
• Microphone: Used to record audio when capturing videos for content creation.
• Storage (Read/Write): Used to select photos/videos from your gallery for upload and to save generated AI content to your device.
• SMS Verification: Used solely for One-Time Password (OTP) auto-verification during login or signup flows. We do not read your personal SMS messages.
• Notifications: Used to send you alerts about completed AI generations, product updates, or account security.

We Collect It Automatically Through Our Products and Services:

• Device and Technical Information: IP address, device type, operating system, browser type and version, screen resolution, unique device identifiers (Android ID, Advertising ID), and other technical specifications.
• Usage Analytics: Pages visited, time spent on our platform, features used, clicks, scrolls, and other interactions with our services.
• Performance Data: App crashes, loading times, error logs, and other technical performance metrics collected via Google Firebase Crashlytics.
• Location Data: General geographic location derived from IP address (country/region level only).

From Third-Party Sources:

• Social Media Platforms: Information from Google, Facebook, or other social networks when you choose to sign in or connect your accounts.
• Payment Processors: Transaction confirmations and payment status from Razorpay and other payment service providers.
• Analytics & Infrastructure: Aggregated usage data from Google Firebase (Analytics, Remote Config), Mixpanel, and Google Analytics.
• Cloud Service Providers: Data processed through AWS, Cloudflare, and other infrastructure providers.

AI-Generated and Processed Data:

• AI Model Data: Facial recognition data, user photo templates, and AI-generated content created from your uploaded media.
• Training Data: Processed images and metadata used to train and improve our AI models.
• Generated Content: AI-created images, videos, and other content produced using our services.
• Model Performance Data: Accuracy metrics and quality assessments of AI-generated content.

How We Use Your Information

We use your personal information for the following purposes:

Service Delivery and Operations:

• Create and train personalized AI models using your uploaded photos and videos
• Generate AI-powered content including images, videos, and other media
• Process payments and manage your subscription or credit purchases
• Provide customer support and respond to your inquiries
• Maintain and improve our platform's functionality and performance

Personalization and User Experience:

• Customize content recommendations and feature suggestions
• Remember your preferences and settings across sessions
• Provide personalized templates and AI model suggestions
• Optimize our services based on your usage patterns

Communication and Marketing:

• Send service updates, security alerts, and important notifications
• Provide marketing communications about new features and offers (with your consent)
• Conduct surveys and gather feedback to improve our services
• Send transactional emails related to your account and purchases

Legal and Security:

• Comply with applicable laws, regulations, and legal obligations
• Protect against fraud, abuse, and security threats
• Enforce our Terms of Service and other policies
• Respond to legal requests from authorities when required

Research and Development:

• Improve our AI algorithms and machine learning models
• Develop new features and enhance existing functionality
• Conduct analytics and research to better understand user needs
• Test and validate new technologies and approaches

Information Sharing and Disclosure

We may share your personal information in the following circumstances:

With Your Explicit Consent:

• When you explicitly authorize us to share your information with specific third parties
• When you choose to connect your account with social media platforms or other services
• When you participate in surveys, contests, or promotional activities that involve data sharing

Service Providers and Business Partners:

• Payment processors (Razorpay) for transaction processing and fraud prevention
• Cloud infrastructure providers (AWS, Cloudflare) for data storage and processing
• Analytics services (Mixpanel, Google Analytics) for usage analysis and improvement
• Customer support tools and communication platforms for service delivery
• AI and machine learning service providers for model training and content generation

Legal and Regulatory Requirements:

• To comply with applicable laws, regulations, or legal processes
• To respond to valid requests from law enforcement or government authorities
• To protect our rights, property, or safety, or that of our users or the public
• To investigate potential violations of our Terms of Service

Business Transfers:

• In connection with mergers, acquisitions, or other corporate transactions
• To a successor entity in the event of a business restructuring
• As part of asset sales or transfers of business operations

Aggregated and Anonymized Data:

• We may share aggregated, anonymized, or de-identified information that cannot be used to identify you
• This includes usage statistics, demographic insights, and performance metrics
• Such data helps improve our services and may be used for research purposes

Important: We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We only share your information as described in this Privacy Policy and in accordance with applicable data protection laws.

Sharing with Third-Party AI Services

To provide AI-powered content generation (including personalized images and videos), we share certain personal data with third-party AI model-hosting and processing services. We do this only after we have clearly explained what data is sent, who receives it, and obtained your permission in the app.

• What data we send: Photos and videos you upload, prompts, text data and settings you enter for a generation, and an account or session identifier so we can associate the request with your account and deliver the result. For AI model training (e.g. personalized avatars), we also send the media and metadata needed to train and run the model.
• Who receives it: Our own backend systems and our contracted AI model-hosting and processing providers (such as fal, Replicate, and similar platforms that host AI models from many providers). We use these services to run models and generate content. We do not allow these providers to use your data for their own purposes; they process it only to provide our service.
• Your permission: Before we send your data to these third-party AI services for the first time, we ask for your explicit consent in the app. We explain what data will be sent and that it will be shared with our AI model-hosting partners (e.g. fal, Replicate) for generation and related processing. You can decline; if you do, we will not send your data for AI processing and you will not be able to use AI generation features.
• Third-party protection: Our contracts with these providers require them to protect your data with the same or equal level of protection as described in this Privacy Policy and to use it only for the purposes we specify (delivering and improving our AI services).

For full details on how we collect, use, and protect your information, see the rest of this Privacy Policy. If you have questions about AI data sharing, contact us at [email protected] with “Privacy Rights Request” in the subject line.

Data Security and Protection

We implement comprehensive security measures to protect your personal information:

Technical Safeguards:

• End-to-end encryption for data transmission using industry-standard protocols (TLS 1.3)
• Advanced encryption at rest using AES-256 encryption for stored data
• Secure authentication systems with multi-factor authentication support
• Regular security audits and penetration testing
• Automated monitoring and threat detection systems

Operational Security:

• Access controls and role-based permissions for our team members
• Regular security training and awareness programs for staff
• Secure development practices and code review processes
• Incident response procedures and breach notification protocols
• Regular backup and disaster recovery procedures

Infrastructure Security:

• Secure cloud infrastructure with industry-leading providers (AWS)
• Network security measures including firewalls and intrusion detection
• Regular security updates and patch management
• Data center security with physical access controls
• Compliance with industry security standards and certifications

Breach Notification:

In the event of a data breach that may affect your personal information, we will:

• Notify affected users within 72 hours of discovering the breach
• Provide clear information about what data was affected and what we're doing about it
• Offer guidance on steps you can take to protect yourself
• Report the incident to relevant authorities as required by law
• Implement additional security measures to prevent future incidents

Data Retention and International Transfers

Data Retention Periods:

• Account Data: Retained for the duration of your account plus 3 years for legal compliance
• AI Models and Generated Content: Retained for 2 years after account closure or until you request deletion
• Payment Information: Retained for 7 years as required by financial regulations
• Usage Analytics: Aggregated data retained for 5 years for service improvement
• Support Communications: Retained for 3 years for quality assurance and legal purposes

International Data Transfers:

Your personal information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) with our service providers
• Adequacy decisions by relevant data protection authorities
• Certification under recognized privacy frameworks
• Additional technical and organizational measures to protect your data

Data Deletion:

You can request the deletion of your account and data at any time through the app settings or by visiting our Account Deletion Request page.

When you request account deletion or when retention periods expire, we will:

• Permanently delete your personal information from our active systems
• Remove your AI models and generated content from our servers
• Retain only anonymized data for service improvement purposes

Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

General Rights (All Users):

• Access: Request a copy of the personal information we hold about you
• Correction: Update or correct inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal requirements)
• Portability: Receive your data in a structured, machine-readable format
• Withdrawal of Consent: Withdraw consent for data processing where applicable

AI-Specific Rights:

• Model Deletion: Request deletion of AI models trained on your data
• Generated Content Control: Request deletion of AI-generated content featuring you
• Training Data Removal: Request removal of your data from training datasets
• Consent Withdrawal: Withdraw consent for AI processing and model training

How to Exercise Your Rights:

To exercise any of these rights, please contact us at:

• Email: [email protected] with "Privacy Rights Request" in the subject line
• Include your full name, email address, and specific request details
• We will respond within 30 days (or as required by applicable law)
• We may require identity verification to process your request

AI and User Photos Data Processing

User Photos Data Collection:

Our AI services process user photos data, including facial recognition data, to create personalized AI models. This includes:

• Facial geometry and feature extraction from uploaded photos
• User photo templates used for AI model training
• Facial recognition data for identity verification
• Generated user photo data in AI-created content

Consent Requirements:

By uploading photos or using our AI services, you explicitly consent to:

• Processing of your user photos data for AI model creation
• Use of your facial data to generate AI-powered content
• Storage of user photo templates for service delivery
• Processing of user photos data of others with their explicit written consent

Third-Party Consent:

When uploading photos of others, you must obtain explicit written consent that includes:

• Permission to process their user photos data
• Consent to create AI models using their likeness
• Authorization to generate AI content featuring them
• Understanding of how their data will be used and stored

Data Misuse Prevention:

We take strict measures to prevent misuse of personal and user photos data:

• Automated detection of unauthorized content uploads
• Manual review processes for suspicious activities
• Immediate deletion of unauthorized content
• Account suspension or termination for violations
• Reporting to relevant authorities when required by law

User Responsibilities:

Users are solely responsible for:

• Obtaining proper consent before uploading photos of others
• Ensuring compliance with local privacy and user photos data laws
• Verifying they have rights to use uploaded content
• Reporting any unauthorized use of their user photos data

Children's Privacy

Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are under 13, please do not use our services or provide any personal information to us.

If we discover that we have collected personal information from a child under 13 without verifiable parental consent, we will:

• Immediately delete the child's personal information from our systems
• Remove any AI models or generated content associated with the child
• Notify parents or guardians if we have their contact information
• Take steps to prevent future collection from the same child

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at [email protected].

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience and analyze usage patterns:

Types of Cookies We Use:

• Essential Cookies: Required for basic website functionality and security
• Analytics Cookies: Help us understand how you use our services (Mixpanel, Google Analytics)
• Preference Cookies: Remember your settings and customizations
• Marketing Cookies: Used for targeted advertising and promotional content (with consent)

Managing Cookies:

You can control cookies through your browser settings or our cookie preference center:

• Disable cookies in your browser (may affect functionality)
• Delete existing cookies from your device
• Opt out of non-essential cookies through our preference center
• Use browser extensions to block tracking cookies

Third-Party Tracking:

We work with third-party services that may set their own cookies:

• Mixpanel for usage analytics and user behavior tracking
• Google Analytics for website performance and user insights
• Razorpay for payment processing and fraud prevention
• Social media platforms for authentication and sharing features

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Post the updated policy on our website with a new effective date
• Notify you via email or through our services about significant changes
• Provide a summary of key changes when possible
• Give you reasonable time to review the changes before they take effect

Your continued use of our services after the effective date of any changes constitutes acceptance of the updated Privacy Policy. If you do not agree with the changes, you may discontinue using our services and request deletion of your account.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: