Privacy Policy

GOGUL ("we", "us", "our") operates the GOGUL platform available at gogul.ai (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you access or use the Service.

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.

This Privacy Policy should be read alongside our Terms of Service, Acceptable Use Policy, and Cookie Policy.

2.1 Account Information

When you create an account, we collect your name, email address, and authentication credentials. If you sign in through a third-party provider (e.g., Google), we receive your name and email address from that provider.

2.2 Payment Information

When you subscribe to a paid plan or purchase credits, payment information is collected and processed by our payment processor, Stripe, Inc. We do not store your credit card numbers, bank account details, or other financial account information on our servers. We receive only transaction confirmations, subscription status, and billing history from Stripe.

2.3 Content Data

We collect the Prompts (text inputs) you submit, images you upload (such as character references), and the Output (AI-generated images, storyboards, and related content) created through the Service.

2.4 Usage Data

We automatically collect information about how you interact with the Service, including features used, credits consumed, generation history, storyboard activity, pages visited, and interaction patterns.

2.5 Technical Data

We automatically collect technical information, including your IP address, browser type and version, device type, operating system, referring URLs, and access timestamps.

2.6 Cookie Data

We use cookies and similar technologies as described in our Cookie Policy.

We use the information we collect for the following purposes:

• To provide, maintain, and operate the Service.
• To process payments and manage subscriptions.
• To send transactional communications (e.g., welcome emails, billing confirmations, credit notifications, storyboard completion alerts).
• To respond to your inquiries and provide customer support.
• To monitor and analyze usage trends to improve and optimize the Service.
• To detect, prevent, and address fraud, abuse, security issues, and technical problems.
• To enforce our Terms of Service and other Policies.
• To comply with legal obligations and respond to lawful requests from public authorities.

We do not use your Prompts, uploaded images, or generated Output to train AI models without your explicit, prior consent. This commitment applies to all content created through the Service, regardless of your subscription plan.

Content that you voluntarily make public through the Service (e.g., public gallery submissions) may be used to improve the Service, including display in showcases and promotional materials.

To provide and operate the Service, we share your information with the following categories of third-party service providers:

• Payment Processing: All payment transactions are processed by Stripe, Inc. Stripe collects and processes your payment information directly. We do not have access to your full credit card number.
• Cloud Hosting and Infrastructure: We use third-party cloud hosting providers to store data and run the Service.
• Database and Authentication: We use third-party database and authentication services to manage your account and store your content securely.
• AI Service Providers: We use third-party AI models and APIs to generate images, text, and other creative content through the Service.
• Email Delivery: We use third-party email services to send transactional emails (e.g., welcome messages, billing notifications, security alerts).
• DNS, CDN, and Security: We use third-party services for domain management, content delivery, and protection against malicious traffic.

All service providers are contractually required to process your data only as necessary to perform their services and in accordance with applicable data protection laws. We may engage additional or replacement service providers from time to time.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

• Account data is retained while your account is active and for a reasonable period thereafter to fulfill legal obligations.
• Content data (Prompts, uploads, and generated Output) is retained until you delete it or close your account.
• Payment records are retained as required by applicable tax and accounting laws (typically 7 years).
• Usage and technical data may be retained in aggregated, anonymized form for analytical purposes indefinitely.

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption of data in transit using HTTPS/TLS.
• Encryption of sensitive data at rest.
• Access controls and authentication mechanisms.
• Regular security reviews and monitoring.
• Secure password hashing (we never store plain-text passwords).

Despite these measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data. You are responsible for maintaining the confidentiality of your account credentials and for notifying us immediately of any unauthorized access.

The Service is hosted in the United States. If you access the Service from outside the United States, your information may be transferred to, stored in, and processed in the United States or other countries where our service providers operate.

By using the Service, you acknowledge and consent to the transfer of your information to countries outside your country of residence, which may have different data protection laws.

Where required by applicable law (e.g., for transfers from the European Economic Area, United Kingdom, or Switzerland), we rely on appropriate legal mechanisms for such transfers, including Standard Contractual Clauses approved by the European Commission or equivalent safeguards.

Depending on your location and applicable law, you may have some or all of the following rights regarding your personal information:

9.1 General Rights (All Users)

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete personal data.
• Deletion: Request deletion of your personal data, subject to legal retention requirements.
• Data Portability: Request a copy of your data in a structured, commonly used, machine-readable format.
• Objection: Object to the processing of your personal data in certain circumstances.
• Withdrawal of Consent: Withdraw consent for processing where consent is the legal basis, without affecting the lawfulness of prior processing.

9.2 Rights for EEA, UK, and Swiss Residents (GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) or equivalent local legislation:

Lawful Basis for Processing: We process your personal data on the following legal bases:

• Contractual necessity: to provide the Service and fulfill our obligations under our Terms of Service.
• Legitimate interests: to improve and secure the Service, prevent fraud, and communicate with you.
• Consent: where you have given explicit consent (e.g., marketing communications).
• Legal obligation: to comply with applicable laws and regulations.

You have the right to lodge a complaint with your local data protection supervisory authority. For GDPR-related inquiries, contact us at privacy@gogul.ai.

9.3 Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the sources of collection, the purposes of collection, and the categories of third parties with whom we share your information.
• Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
• Right to Opt-Out of Sale: We do not sell your personal information. If this changes, we will provide you with an opt-out mechanism.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.
• Categories of Information Collected: In the preceding 12 months, we may have collected the following categories of personal information: identifiers (name, email), commercial information (purchase history), internet/electronic activity (usage data), and inferences drawn from the above.

9.4 Exercising Your Rights

To exercise any of the above rights, contact us at:

• General privacy requests: support@gogul.ai
• GDPR-specific requests: privacy@gogul.ai

We will respond to your request within 30 days (or within the timeframe required by applicable law). We may ask you to verify your identity before processing your request.

In the event of a data breach that affects your personal information, we will:

• Investigate and take steps to contain and remediate the breach.
• Notify affected users without undue delay and, where required by applicable law, within 72 hours of becoming aware of the breach.
• Notify relevant supervisory authorities as required by applicable law.
• Provide information about the nature of the breach, the data affected, and the steps we are taking to address it.

The Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information promptly.

If you believe that a child under 13 has provided us with personal information, please contact us immediately at support@gogul.ai.

The Service may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party websites or services that you visit.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through a prominent notice within the Service at least fifteen (15) days before the changes take effect.

Your continued use of the Service after the updated Privacy Policy takes effect constitutes your acceptance of the changes. If you do not agree to the changes, you should stop using the Service.

The "Last updated" date at the top of this Privacy Policy indicates when it was last revised.

For privacy-related questions or requests:

• General inquiries: support@gogul.ai
• GDPR inquiries: privacy@gogul.ai
• DMCA inquiries: dmca@gogul.ai
• Website: gogul.ai