Privacy Policy

This Privacy Policy describes how VS-SoftSolutions ("we", "us", "our") collects, uses, stores, and discloses personal data when you use Unify and related services, websites, APIs, and support channels (collectively, the "Service").

For privacy requests, account questions, or rights exercises, contact us at unify.eth@gmail.com. If your request relates to account security, billing, or deletion, include your account email and any relevant wallet address to help us verify and process your request securely.

This Policy applies to personal data we process when you browse, register, sign in, purchase credits or subscriptions, submit prompts or files, generate outputs, participate in support flows, or otherwise interact with the Service.

This Policy does not cover third-party websites, wallets, model providers, social platforms, payment processors, or tools that are not operated by us, even when linked in the Service. Those services have their own privacy terms and processing practices.

We process account, technical, billing, and content-related data to operate and secure the Service, deliver AI features, prevent abuse, enforce product rules, provide customer support, and improve reliability and performance.

We do not sell personal data for money. We may share data with service providers and integration partners that help us provide functionality, analytics, attribution, security, storage, and payment operations.

Depending on how you use the Service, we may collect different categories of personal data. Not all categories apply to every user.

We may receive data from identity providers, payment processors, analytics/attribution services, and AI infrastructure partners when you use related product functionality.

Examples include account identity information from OAuth providers, transaction and status information from payment providers, and operational status callbacks from generation providers.

We collect personal data directly from you (for example through sign-up, prompts, uploads, and support forms), automatically from your interactions with the Service, and from service providers integrated into the product stack.

We may also derive limited metadata such as activity summaries, eligibility flags, fraud-risk signals, and feature entitlement state from account and transaction events.

We process personal data only for legitimate and defined business and product purposes. Typical purposes include delivering product functionality, securing accounts, validating usage, and maintaining billing integrity.

Where GDPR-style legal bases apply, we generally rely on one or more of the following: performance of a contract (to provide requested services), legitimate interests (security, abuse prevention, service operations), consent (where required for specific tracking/marketing actions), and legal obligations (compliance and recordkeeping duties).

If we process based on consent, you may withdraw consent at any time for future processing without affecting prior lawful processing.

The Service supports multiple login paths, including OAuth providers and account credentials. Where credentials are used, passwords are stored as hashes rather than plaintext. Session handling is required to keep users signed in and to secure account-linked actions.

We may retain and process security and anti-abuse signals, including account linkage and risk markers, to prevent impersonation, promotional abuse, and unauthorized account behavior.

When you submit prompts, attachments, or generation settings, relevant data may be transmitted to external model or infrastructure providers to fulfill your request. This is necessary for core AI functionality.

Your generated outputs and related request metadata may be stored in account history features so you can review prior work, unless removed by you or deleted under account-deletion workflows.

You are responsible for the content you submit. Avoid sending highly sensitive personal data unless you have a clear legal and operational reason to do so.

Card and subscription payments are handled through third-party payment processors (including Stripe). We receive billing metadata necessary for fulfillment, entitlement, reconciliation, and fraud controls.

We generally do not receive full raw card data in our application database. Payment processor records and terms govern card-level processing details.

Generated media and uploaded assets may be stored in cloud object storage used by the Service. URLs, thumbnails, and references may be saved in your history and account context for product operation.

Some upload flows may use temporary signed URLs or temporary storage handling depending on feature design, while account-level generated outputs may remain available until removed by user action, lifecycle controls, or deletion workflows.

We use analytics and attribution tooling to understand product usage, conversion performance, and service quality. This may include page-view, event, and campaign-related telemetry.

Based on our current implementation, product analytics and performance tooling includes PostHog, Vercel Analytics, and Vercel Speed Insights as part of the service stack, while marketing measurement may include Google Ads tagging and TikTok pixel / TikTok Events API integrations. Integrations may evolve over time.

Marketing measurement is handled separately from core product telemetry within our current controls, and marketing-related tracking can be changed through the Cookie settings control.

We and our service providers may use cookies, local storage, and related browser technologies for authentication continuity, security features, analytics, attribution, and product functionality.

Our current cookie controls separate core service storage and operational telemetry from optional marketing storage. PostHog, Vercel Analytics, and Vercel Speed Insights are part of the current service setup, while marketing-related storage is optional.

You can review or change your marketing choice at any time through the Cookie settings control shown in the interface.

Our current cookie-choice record is stored for up to 6 months, after which we may ask you to renew your choice.

If you do not make a choice, optional marketing tracking remains off and the cookie banner may continue to appear until you choose.

Blocking or removing essential cookies and local storage may break parts of the Service, including login continuity, payment flows, active generation jobs, and account-linked functionality.

We may disclose personal data only as needed for operation of the Service, legal compliance, and legitimate business protection. Disclosure categories typically include infrastructure vendors, payment processors, analytics providers, communications providers, and integrated AI model providers.

We may also disclose data in the context of legal requests, fraud investigations, rights enforcement, safety concerns, corporate transactions, or where otherwise required by law.

We do not sell personal data for monetary consideration.

Because our technology stack relies on global cloud and model providers, your personal data may be processed in jurisdictions outside your home country. Cross-border transfers may occur when service providers operate internationally.

Where legally required, we use appropriate transfer safeguards and contractual controls designed to support lawful international processing.

We retain personal data only for as long as needed to provide the Service, maintain security, enforce agreements, resolve disputes, comply with legal obligations, and support legitimate operational needs.

Retention periods vary by data type. Account records, usage history, billing references, support correspondence, and security logs can each have different retention windows.

Where feasible, data is deleted, aggregated, or de-identified after it is no longer needed for the above purposes.

When an account deletion request is successfully completed, we attempt to remove account-linked records and media references associated with the user profile, including generation history and related objects covered by deletion workflows.

Certain minimal anti-abuse records may still be retained after deletion where necessary to prevent repeated offer abuse, fraud, and account-circumvention behavior. In applicable parts of the stack, this may include hashed/salted identifiers and related abuse-prevention flags rather than full account payloads.

If billing obligations, legal holds, disputes, or unresolved compliance requirements exist, portions of data may be retained as required by law or legitimate defense obligations.

We use commercially reasonable technical and organizational controls aimed at protecting confidentiality, integrity, and availability of personal data. These controls may include access controls, environment segregation, transport security, audit logging, and abuse monitoring.

No online system is 100 percent secure. You are responsible for maintaining credential security, using strong passwords, and protecting your account environment.

Depending on your jurisdiction, you may have rights to request access, correction, deletion, restriction, portability, or objection in relation to your personal data, and to opt out of certain processing categories where applicable.

To exercise rights, contact unify.eth@gmail.com. We may request verification information to confirm identity and protect account security before processing rights requests.

If we cannot fulfill a request due to legal or security constraints, we will explain the basis as required by applicable law.

Where regional laws require additional disclosures (for example California privacy laws), we interpret this Policy to include required notices on categories collected, purposes, sharing categories, and consumer rights where applicable.

To submit an access or deletion request under applicable law, use the contact method listed in this Policy and include sufficient account identifiers for verification.

The Service is not intended for children under the age threshold defined by applicable law in their jurisdiction. We do not knowingly solicit or process personal data from children in violation of applicable law.

If you believe a child provided personal data inappropriately, contact us so we can investigate and take appropriate action.

The Service may not respond to browser "Do Not Track" signals in a uniform way across all jurisdictions and integrations. Different third-party tools may interpret signals differently.

Where required, we rely on explicit consent and applicable regional rules rather than unsupported universal signal assumptions.

Optional features that involve social sharing, account linking, or third-party publishing may require additional metadata, tokens, or handles to function. If you enable such features, associated provider policies also apply.

You can typically disable optional social-sharing or similar account features through account settings or by unlinking provider access, where supported.

We may update this Privacy Policy from time to time to reflect product changes, provider changes, legal requirements, or operational improvements. Updated versions become effective when published unless otherwise stated.

If changes are material, we may provide additional notice through in-product messaging, email, or updated page notices as appropriate.

This Policy should be read together with the Terms of Service and other policy notices presented in the product. In the event of a direct conflict on a privacy-specific topic, this Privacy Policy governs that topic to the extent required by law.

Nothing in this Policy limits rights that cannot be waived under applicable law.