Privacy Policy for Ext.Systems

2.1 Information You Provide to Us:

• Account Information: Name, email address, username, and password
• Payment Information: Credit card details, billing address, and transaction history
• Content and Prompts: Text prompts, uploaded images, generated content, and any files you submit to our Services
• Communication Data: Messages sent through our support channels or chat features
• Profile Information: Any additional information you choose to add to your profile
• Identity Verification Data: Documentation required for account verification, age verification, or compliance purposes

2.2 Information We Automatically Collect:

• Usage Data: How you interact with our Services, including features used, time spent, and user actions
• Device Information: IP address, browser type and version, operating system, device identifiers, and screen resolution
• Browser Fingerprinting Data: Unique browser configurations, installed fonts, plugins, and technical specifications used for security and fraud prevention
• Location Data: General geographic location derived from your IP address
• Generation Logs: Detailed records of AI content generation including text prompts, date/time, user ID, IP address, and AI model used
• Session Data: Authentication tokens, session identifiers, and activity timestamps for security monitoring

2.3 Invisible Watermarks and Content Tracking:

• To ensure responsible AI use and protect against misuse, we embed invisible tamper-resistant watermarks in all generated media content. These watermarks are linked in our database to user information and generation data, allowing us to trace content back to its source for legal compliance, safety investigations, and preventing misuse such as deepfakes, misinformation, or harmful content distribution.

2.4 Data Subject Safeguards for AI Outputs:

To respect the rights of individuals whose identity or likeness may be implicated in user-generated content, we implement:

• Prompt and output monitoring for impersonation, harassment, or misuse
• Generation watermarks linked to user sessions for accountability
• A process for individuals to request takedown or investigation of AI content involving them

3.1 Service Provision and Improvement:

• Providing AI content generation services and maintaining platform functionality
• Processing your requests and delivering generated content
• Personalizing your experience and improving our AI models
• Developing new features and enhancing existing services
• Training and fine-tuning AI models to improve accuracy and safety

3.2 Security and Safety:

• Content Traceability: Using watermarks and generation logs to track content origins for safety investigations
• Fraud Prevention: Analyzing browser fingerprints and usage patterns to detect suspicious activity
• Platform Integrity: Monitoring for policy violations, harmful content generation, or misuse of our Services
• Legal Compliance: Maintaining records to comply with legal obligations and respond to law enforcement requests
• AI Misuse Prevention: Detecting and preventing attempts to generate synthetic content that impersonates real individuals or violates applicable laws

3.3 Communication and Support:

• Responding to your inquiries and providing customer support
• Sending service-related notifications and updates
• Communicating about account status, billing, or important policy changes

3.4 Legal and Regulatory Compliance:

• Complying with applicable laws, regulations, and legal processes
• Protecting our rights, property, and safety, as well as that of our users and the public
• Investigating potential violations of our Terms of Service
• Responding to takedown requests and rights holder complaints

3.5 Legal Bases for Processing:

We process your personal information based on the following legal grounds:

• Performance of a contract: To deliver Services you request and fulfill our contractual obligations
• Legitimate interests: For fraud prevention, product improvement, security monitoring, and business operations
• Legal obligations: For recordkeeping, tax compliance, safety reporting, and regulatory requirements
• Consent: For optional data processing, marketing communications, or enhanced features where applicable
• Vital interests: To protect the safety and well-being of individuals or prevent harm

4.1 Security Measures:

We implement robust technical, physical, and administrative security measures to protect your personal information, including:

• Encryption of data in transit and at rest using industry-standard protocols
• Regular security assessments and monitoring
• Access controls and authentication protocols
• Secure data centers with appropriate physical safeguards

4.2 Data Retention:

We retain personal information for different periods based on the type of data and business need:

• Account Information: Retained while your account is active and for up to 2 years after closure
• Generation Logs and Watermark Data: Retained for up to 7 years for safety, legal compliance, and content traceability purposes
• Payment Information: Retained for up to 7 years for tax and accounting purposes
• Content Files: Unless otherwise specified, we may retain user-generated content and files for as long as necessary to provide services, maintain business operations, comply with legal obligations, or resolve disputes. You may request deletion at any time, and we will honor such requests in accordance with applicable law, except where retention is required for safety, fraud prevention, or legal defense.
• Security Logs: Retained for up to 7 years for fraud prevention and legal compliance

5.1 Third-Party Service Providers:

We may share information with trusted service providers who assist us in:

• Payment processing and billing
• Cloud hosting and data storage
• Customer support and communication
• Analytics and performance monitoring
• AI model training and content moderation services

All service providers are bound by confidentiality agreements and are required to protect your information according to this Privacy Policy.

5.2 Legal Requirements:

We may disclose your information when required by law or in response to:

• Valid legal processes, subpoenas, or court orders
• Government investigations or regulatory requests
• Protecting against fraud, security threats, or illegal activity
• Enforcing our Terms of Service or protecting our legal rights
• National security or public safety investigations where legally required

5.3 Content Safety and Traceability:

When necessary for safety investigations or legal compliance, we may:

• Use watermark data to trace generated content to its source
• Share generation logs with law enforcement when legally required
• Cooperate with investigations related to harmful or illegal content
• Provide content attribution data to affected individuals or rights holders

5.4 AI Misuse and Synthetic Content:

We proactively monitor for abuse of our AI tools, including attempts to generate synthetic content that impersonates real individuals, public figures, or violates any applicable laws. If such activity is detected or reported, we reserve the right to:

• Retain, investigate, and share relevant data with enforcement agencies or affected parties as permitted by law
• Suspend or terminate accounts involved in misuse
• Preserve evidence for legal proceedings
• Cooperate with law enforcement investigations

All generated content may contain tamper-resistant watermarking to support identification and enforcement.

6.1 Access and Portability:

• Right to access and receive a copy of your personal information
• Right to data portability in a structured, machine-readable format
• Right to obtain information about the sources of your data

6.2 Correction and Deletion:

• Right to correct inaccurate personal information
• Right to request deletion of your personal information (subject to legal retention requirements)
• Right to request restriction of processing in specific circumstances

6.3 Processing Control:

• Right to object to certain processing activities
• Right to restrict processing in specific circumstances
• Right to withdraw consent where processing is based on consent
• Right to opt-out of automated decision-making and profiling

6.4 Content Rights:

• Right to request takedown of AI-generated content that impersonates you
• Right to dispute unauthorized use of your likeness in generated content
• Right to receive information about content generation involving your data

6.5 Exercising Your Rights:

To exercise these rights, please contact us at . We will respond to your request within the timeframe required by applicable law (typically 30 days, or up to 90 days for complex requests).

10.1 European Economic Area (EEA), United Kingdom, and Switzerland:

Under the General Data Protection Regulation (GDPR), you have additional rights including:

• Legal basis for processing: We process your data based on contract performance, legitimate interests, legal obligations, and consent
• Right to lodge complaints with supervisory authorities
• Enhanced rights regarding automated decision-making
• Right to appoint a representative for data protection matters
• Right to compensation for damages caused by GDPR violations

10.2 California Residents:

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), you have additional rights including:

• Right to know what personal information is collected and how it's used
• Right to delete personal information (subject to exceptions)
• Right to opt-out of the sale of personal information (Note: We do not sell personal information)
• Right to non-discrimination for exercising privacy rights
• Right to correct inaccurate personal information
• Right to limit use of sensitive personal information

10.3 Other Jurisdictions:

We also comply with privacy laws in other jurisdictions where we operate, including:

• Canada (PIPEDA): Right to access and correct personal information, and file complaints with the Privacy Commissioner
• Brazil (LGPD): Rights similar to GDPR, including access, correction, deletion, and data portability
• Australia (Privacy Act): Right to access and correct personal information, and lodge complaints with the Privacy Commissioner
• Japan (APPI): Rights to request disclosure, correction, and deletion of personal data