Privacy Policy

1. Introduction

Welcome to Listora AI ("Company," "we," "our," or "us"). This Privacy Policy describes how we collect, use, and protect your personal information when you use our AI-powered e-commerce content generation platform and services (the "Service").

IMPORTANT PRIVACY COMMITMENT: Unlike many AI companies, we do NOT use your content to train our AI models. Your data remains exclusively yours. This policy explains our privacy-first approach in detail.

By using our Service, you consent to the practices described in this Privacy Policy. If you have questions about these practices, please contact us at privacy@listora.ai before using our Service.

2. Our Privacy Principles

Before detailing our practices, we want to be clear about our core privacy principles:

• YOUR DATA IS NEVER USED FOR AI TRAINING
• We do NOT sell your personal information
• Your content is visible only to you
• We use industry-standard security measures
• We are transparent about our data practices

3. Information We Collect

3.1 Information You Provide

• Account Information: Email, name, password, profile details
• Payment Information: Processed securely by third-party payment processors
• Content Data: Product names, descriptions, features you input
• Voice Data: Audio recordings when using voice features (processed and immediately discarded)
• Images: Product images you upload for processing
• Communications: Support requests, feedback, correspondence

3.2 Automatically Collected Information

• Log Data: Error reports and performance metrics for debugging
• Cookies: Session cookies for authentication (see Section 8 for details)
• Basic Technical Data: Information necessary for the service to function (such as temporary session data)

3.3 Information from Third Parties

We may receive limited information from:

• OAuth providers when you connect marketplace accounts
• Payment processors for transaction verification
• Analytics services for usage insights

4. Your Content Privacy - NO AI Training

4.1 We DO NOT Use Your Content for AI Training

4.2 How We Actually Handle Your Content

• TRANSIENT PROCESSING: Your content is sent to AI providers (like OpenAI) solely for one-time processing
• NO AI TRAINING ON YOUR DATA: OpenAI does not train their models on data submitted through their API. They may temporarily retain data for up to 30 days solely for safety and abuse monitoring
• API DATA PROTECTION: Per OpenAI's standard API data usage policies, your content is not used to improve their models, not shared with others, and not used for any purpose beyond providing you results
• IMMEDIATE RESULTS: Content is processed in real-time and results are returned immediately
• YOUR STORAGE ONLY: Generated content is stored in your account for your exclusive access

4.3 Technical Implementation

• We use pre-trained models (GPT-3.5, GPT-4) that don't adapt to individual users
• Each request is stateless - no learning occurs between requests
• Voice data is transcribed and immediately discarded
• Images are processed for the specific request only

5. How We Use Your Information

5.1 To Provide Our Service

• Process your requests for content generation
• Store your generated content for your access
• Enable voice and image processing features
• Manage your account and subscriptions

5.2 For Business Operations

• Process payments and manage billing
• Send service announcements and updates
• Provide customer support
• Analyze aggregate usage patterns (anonymized)

5.3 For Security and Legal Compliance

• Prevent fraud and abuse
• Comply with legal obligations
• Protect our rights and safety
• Enforce our Terms of Service

IMPORTANT: None of these uses include training AI models with your content.

6. Information Sharing

We share your information only in these limited circumstances:

6.1 Service Providers

We work with trusted providers who help us operate our Service:

• Cloud hosting (AWS) - stores your data securely
• Payment processors (Stripe) - handles transactions
• Email services - sends notifications
• Analytics (anonymized only) - helps us improve

All providers are contractually bound to protect your data and prohibited from using it for AI training.

6.2 AI Processing Partners

• We send your inputs to OpenAI for content generation
• OpenAI processes your request and returns results
• OpenAI does NOT retain or train on your data per our API agreement
• Results are sent only to you

6.3 Legal Requirements

We may disclose information if required by law, court order, or to protect rights and safety.

6.4 Business Transfers

In case of merger or acquisition, your information may transfer to the successor entity under the same privacy protections.

6.5 With Your Consent

We may share information for other purposes with your explicit consent.

WE NEVER SELL YOUR PERSONAL INFORMATION.

7. Data Security

We take data security seriously and implement industry-standard measures to protect your information:

• Secure Infrastructure: We use trusted cloud providers (AWS/Supabase) that provide encrypted storage and secure data centers
• Encryption: Data is encrypted in transit using HTTPS/TLS
• Access Control: Password-protected accounts and authentication required for all users
• Secure Development: Following security best practices in our code and infrastructure

7.1 Data Breach Notification

In the unlikely event of a data breach affecting your personal information, we will notify affected users as soon as possible and provide information about what occurred and steps to take.

While we implement strong security practices, no online service is 100% secure. We encourage you to use strong, unique passwords and protect your account credentials.

8. Cookies and Tracking

We use minimal cookies for:

• Essential Functions: Login sessions and authentication
• User Preferences: Remembering your settings

You can control cookies through browser settings. Disabling cookies may prevent you from logging in.

8.1 Do Not Track

We don't track you across websites or use any third-party tracking.

We do NOT use cookies for:

• Analytics or tracking
• Building user profiles
• Advertising purposes
• Sharing data with third parties

9. Your Privacy Rights

Depending on your location, you may have these rights:

9.1 Access and Portability

• Request a copy of your personal information
• Export your content in standard formats

9.2 Correction

• Update inaccurate information
• Edit your generated content through the platform

9.3 Deletion

• To request account or data deletion, please email us at privacy@listora.ai
• We will process deletion requests within 30 days
• Note: We cannot delete information already required for legal compliance

9.4 Important Clarification

9.5 Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or significantly affects you. AI is used only to generate content based on your specific inputs.

To exercise rights, email privacy@listora.ai. We'll respond within 30 days.

10. Data Retention

• Account Data: Retained while your account is active and up to 90 days after deletion
• Generated Content: Retained until you delete it
• Payment Records: Retained as required by law (typically 7 years)
• Voice Recordings: Processed and immediately discarded
• Logs: Retained for 24 months for security
• Backups: May persist up to 90 days after deletion

Key Point: Even in backups, your data is NEVER used for AI training.

To request deletion of your account or content before these retention periods, please email privacy@listora.ai. We process all deletion requests within 30 days.

11. International Transfers

Your data may be processed in the United States and other countries. We ensure appropriate safeguards for international transfers.

12. Children's Privacy

Our Service is not intended for children under 16. We do not knowingly collect children's data. If we discover we have collected such data, we will promptly delete it.

13. Third-Party Services

When you connect to marketplaces (Amazon, Shopify, etc.), their privacy policies apply to data they process. We only receive limited information necessary for integration.

14. California Privacy Rights

California residents have additional privacy rights. We do not sell personal information. To exercise your rights under California law, including access and deletion rights, please email privacy@listora.ai.

15. European Privacy Rights (GDPR)

If you are located in the European Union, United Kingdom, or European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR):

15.1 Legal Basis for Processing

• Contract: To provide the services you've requested
• Legitimate Interests: For security, fraud prevention, and service improvement (not AI training)
• Legal Obligation: To comply with laws
• Consent: For marketing communications (if applicable)

15.2 Your GDPR Rights

• Right to access your personal data
• Right to correct inaccurate data
• Right to request deletion ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent
• Right to lodge a complaint with your supervisory authority

To exercise any of these rights, please contact us at privacy@listora.ai. We will respond to your request within one month.

16. Marketing Communications

We may send you:

• Service updates and important notices (you cannot opt-out)
• Marketing emails about new features (you can opt-out)
• Survey requests to improve our service (optional)

You can manage email preferences in your account settings or click "unsubscribe" in any marketing email.

17. Accessibility

We are committed to ensuring our Privacy Policy is accessible to everyone. If you need this policy in an alternative format, please contact us at privacy@listora.ai.

18. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes via email or in-app notifications.

19. Contact Us

For privacy questions or concerns: