Privacy Policy

This Privacy Policy describes how AVERNIC INC ("Company," "we," "us," or "our"), operating the chuizi.ai service, collects, uses, and shares your personal data when you use our website at chuizi.ai and our AI API gateway services (collectively, the "Service").

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

Information You Voluntarily Provide

• Account Information: When you create an account, we collect your name, email address, and profile information provided through your OAuth provider (GitHub or Google).
• Payment Information: When you purchase credits, your payment details are collected and processed directly by Stripe. We receive only a transaction identifier, the amount paid, and the last four digits of your payment method. We never store full credit card numbers.
• Communications: If you contact us for support, we collect the content of your messages and any information you choose to provide.

Information Collected Automatically

• API Usage Data: When you make API requests through our gateway, we log the model used, token counts (input and output), request latency, status codes, and associated costs. We do not store the content of your prompts or model responses.
• Device and Access Information: We automatically collect your IP address, browser type, operating system, and referring URL when you access our website.
• API Key Metadata: We store a SHA-256 hash of your API keys, the key prefix, creation date, and usage statistics. We never store your full API key after initial creation.

Cookies

We use strictly necessary cookies for authentication and session management. We use a localStorage preference for theme selection (dark/light mode). We do not use third-party advertising or tracking cookies. We do not use third-party analytics services that track individual users across websites.

We use your personal data to:

• Provide, maintain, and improve the Service
• Process payments and manage your credit balance
• Authenticate your identity and manage API key access
• Calculate billing based on API usage (token counts, model pricing)
• Monitor for abuse, fraud, and violations of our Terms of Service
• Send transactional notifications (low balance alerts, billing receipts)
• Respond to your support requests and communications
• Comply with legal obligations

We do not use your personal data for profiling or automated decision-making beyond what is necessary for providing the Service. We do not sell your personal data to third parties.

We may share your personal data with:

• Payment Processors: Stripe processes your payment transactions. Their use of your data is governed by Stripe's Privacy Policy.
• AI Model Providers: When you make API requests, we forward your request content to the selected upstream model provider (e.g., OpenAI, Anthropic, Google, DeepSeek). Each provider processes your content under their own privacy policies. We do not share your account information or identity with these providers.
• Infrastructure Providers: We use third-party hosting and infrastructure services to operate the Service. These providers may process data on our behalf under data processing agreements.
• Legal Requirements: We may disclose your data if required by law, regulation, legal process, or governmental request.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction.

We do not sell, rent, or trade your personal data to third parties for their marketing purposes.

• Marketing Communications: We send only transactional emails (billing, security alerts). We do not send marketing emails. If we introduce marketing communications in the future, you will be able to opt out at any time.
• Data Accuracy: You can update your account information through your account settings at any time.
• Data Deletion: You may request deletion of your account and associated personal data by contacting us at privacy@chuizi.ai. Upon deletion, we will remove your personal data, except where retention is required for legal or legitimate business purposes (e.g., billing records).
• Data Export: You may request a copy of your personal data in a portable format by contacting us.
• API Key Management: You can create, revoke, and delete API keys at any time through your dashboard.

We implement industry-standard security measures to protect your personal data, including:

• Encryption in transit (TLS/HTTPS for all connections)
• API keys stored as SHA-256 hashes (never in plaintext)
• Database encryption at rest
• Cloudflare DDoS protection and WAF
• Regular security audits and monitoring
• Principle of least privilege for internal access to production systems

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

The Service integrates with the following third-party services:

• Stripe: Payment processing. Stripe collects and processes payment information under their own privacy policy.
• GitHub OAuth: Optional authentication method. When you sign in with GitHub, we receive your public profile information (name, email, avatar).
• Google OAuth: Optional authentication method. When you sign in with Google, we receive your basic profile information (name, email, avatar).
• AI Model Providers: OpenAI, Anthropic, Google (Gemini), DeepSeek, and other providers process the content of your API requests under their respective privacy policies and terms.

We encourage you to review the privacy policies of these third-party services. We are not responsible for their privacy practices.

We retain your personal data as follows:

• Account Information: Retained for the duration of your account and deleted upon request, subject to legal retention requirements.
• API Usage Logs: Request metadata (model, tokens, cost, latency) is retained for billing and analytics purposes. We do not retain prompt or response content.
• Billing Records: Transaction history is retained for a minimum of 7 years as required by applicable tax and accounting regulations.
• Security Logs: Access logs and security events are retained for up to 90 days.

The Service is not directed to children under the age of 13. We do not knowingly collect personal data from children under 13. If we learn that we have collected personal data from a child under 13, we will take steps to delete such data promptly. If you believe a child under 13 has provided us with personal data, please contact us at privacy@chuizi.ai.

chuizi.ai is operated from the United States. If you are accessing the Service from outside the United States, your personal data will be transferred to and processed in the United States and potentially other countries where our infrastructure providers and AI model providers operate.

By using the Service, you consent to the transfer of your personal data to the United States and other jurisdictions that may not provide the same level of data protection as your home jurisdiction. We take steps to ensure that your data receives an adequate level of protection in accordance with applicable law.

This Privacy Policy is governed by the laws of the State of Delaware, United States, without regard to its conflict of law provisions.

California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to know what personal data we collect and how we use it, the right to request deletion, and the right to opt out of the sale of personal data. We do not sell your personal data. To exercise your rights, contact us at privacy@chuizi.ai.

European Economic Area, UK, and Swiss Residents (GDPR)

If you are located in the EEA, UK, or Switzerland, you have rights under the General Data Protection Regulation (GDPR), including the right to access, rectify, erase, restrict processing, data portability, and object to processing. Our legal bases for processing your data include: performance of a contract (providing the Service), legitimate interests (security, fraud prevention), and your consent (where applicable).

To exercise your GDPR rights, contact us at privacy@chuizi.ai. You also have the right to lodge a complaint with your local supervisory authority.

Other US States

Residents of Virginia, Colorado, Connecticut, Utah, and other states with comprehensive privacy laws may have similar rights to those described above. To exercise your rights under applicable state law, contact us at privacy@chuizi.ai.

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

• Email: privacy@chuizi.ai
• General Inquiries: hi@chuizi.ai
• Company: AVERNIC INC