Who we are. Superjaai (“Superjaai,” “we,” “us,” or “our”) operates the XYNNE web application (“XYNNE” or the “Service”). This Privacy Policy explains how we collect, use, disclose, and protect information when you use XYNNE.

1) Scope

This Policy applies to the XYNNE website/app, our authentication and billing flows, and related services. It does not apply to third-party websites, services, or content we do not control.

2) Information we collect

Account, billing & security

• Account & authentication. Email address, verification status, and session identifiers (via Supabase Auth), plus bot-protection signals (Cloudflare Turnstile).
• Billing. Subscription status, plan, and payment metadata processed by Stripe. We do not store full payment card numbers.
• Usage & diagnostics. Request timestamps, selected language/locale, rate-limit counters (Upstash Redis), and technical logs for reliability and security. We do not log message bodies.

Content & preferences

• Content you choose to save. Binder Pins (assistant responses you explicitly pin), and any optional title/tags you add. Pins may be used to tailor future guidance for you.
• Uploads for Pro. If/when enabled, files you upload (e.g., scripts, deck) and derived analyses are stored until you delete them.
• Preferences. UI language, notification/email preferences.

Client-side only (ephemeral chat)

• Local transcripts. Chat prompts and live responses may exist only in your browser (e.g., local storage/IndexedDB) for the duration of your session. We do not persist chat history server-side unless you pin content or upload files.

Support

• Support communications. Emails or tickets you send us.

3) How we use information

• Operate chat ephemerally. Process prompts and generate replies without retaining message content server-side after delivery.
• Provide and maintain XYNNE. Authentication, chat, rate limiting, and—when enabled—Pro file upload/analysis.
• RAG retrieval. Improve relevance by retrieving from our knowledge base and (if you use it) your Binder Pins.
• AI responses. Send minimal necessary context/snippets to model providers (see Vendors & transfers).
• Web search when requested. For time-sensitive queries, obtain current information from trusted sources via vendor APIs.
• Security & abuse prevention. Anti-fraud, rate limiting, anomaly detection.
• Billing & account management. Subscriptions, invoices, taxes.
• Service improvement. Quality, reliability, localization.
• Legal compliance. Meeting our obligations and enforcing our terms.

AI use & privacy

We send your prompts and minimal context/snippets to AI model and search providers only to operate the Service. Per their API terms, data sent via APIs is not used to train their models by default. We do not sell personal information.

4) Lawful bases (EEA/UK)

Where applicable, we rely on:

• Performance of a contract (to deliver XYNNE),
• Legitimate interests (security, improvement, preventing abuse),
• Consent (where required, e.g., certain cookies),
• Legal obligations (tax, accounting).

5) Vendors & international transfers

We use trusted processors to operate XYNNE, including without limitation:

• Supabase (authentication, database, storage, vectors),
• Stripe (payments & invoicing),
• Cloudflare Turnstile (bot mitigation),
• Upstash Redis (rate limiting, caching),
• OpenAI (LLM API),
• Tavily (web search API).

These providers may process data in jurisdictions outside your own. Where required, we rely on appropriate safeguards for international transfers (e.g., Standard Contractual Clauses or equivalents). Vendor-specific terms govern their processing.

For enterprise customers, a Data Processing Addendum (DPA) is available upon request.

6) Data retention

• Ephemeral chat. Prompts and live responses are not retained server-side after delivery. Providers may hold limited data for short periods per their policies (e.g., for abuse detection).
• Binder Pins. Retained until you delete them or close your account.
• Uploads. Retained until you delete them or close your account.
• Account & billing. Account details and billing records are retained while your account is active and for 7 years thereafter to meet legal, tax, and accounting requirements.
• Operational logs. Technical logs are retained for 30 days to maintain reliability, prevent abuse, and ensure security. Logs do not include chat message bodies.
• Client-side temporary data. Your browser may keep transient chat data locally; you control its deletion.

7) Your rights

Depending on your jurisdiction, you may have rights to access, correct, delete, port, or restrict processing of your personal data, and to object to certain processing or withdraw consent. To exercise rights, contact us (see Section 13). You may also lodge a complaint with your local data protection authority.

8) California residents

We do not sell or share personal information for cross-context behavioral advertising. You have the right to know, delete, correct, and limit certain uses. You may designate an authorized agent to submit requests.

9) Security

We use technical and organizational measures to protect data, including encryption in transit, role-based access, and least-privilege controls. No system is 100% secure; use strong, unique credentials and keep them confidential.

10) Children

XYNNE is not directed to children. Do not use the Service if you are under 16 or the minimum age of digital consent in your location.

11) Your responsibilities

Ensure you have rights to any content you upload or pin, and avoid sensitive personal data in prompts or files unless strictly necessary. Do not upload special-category data (e.g., health, biometric) to XYNNE.

12) Changes to this Policy

We may update this Policy periodically. If changes are material, we will notify you (e.g., via email or in-app).

13) Contact

Superjaai Studio

Email: support@superjaai.com