Privacy Policy

1. Introduction

Welcome to OptiLM ("we," "our," or "us"), operated by Optifusion. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website at optilm.com (the "Service").

2. Information We Collect

2.1 Information You Provide Directly

We collect information that you voluntarily provide when using our Service:

• Account Information: When you register, we collect your username, email address, and password (stored in encrypted form).
• Chat Content: Messages and conversations you have with our AI chat system.
• Feedback: Any feedback, comments, or suggestions you submit through our feedback system.
• Notebook Entries: Content you create and save in the notebook feature.

2.2 Information Collected Automatically

When you access our Service, we automatically collect certain information:

• Log Data: IP address, browser type, browser version, pages visited, time and date of visit, time spent on pages, and other diagnostic data.
• Device Information: Device type, operating system, and unique device identifiers.
• Usage Data: Information about how you interact with our Service, including features used and actions taken.

2.3 Information from Third Parties

We may receive information about you from third-party AI service providers (such as OpenAI or Anthropic) when processing your chat requests. This information is limited to what is necessary to provide the Service.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To Provide the Service: Process your requests, manage your account, and deliver the features you use.
• To Communicate: Send you verification emails, password reset links, and important service updates.
• To Improve: Analyze usage patterns to improve our Service, fix bugs, and develop new features.
• To Protect: Detect, prevent, and address technical issues, fraud, and security threats.
• To Comply: Meet legal obligations and respond to lawful requests from authorities.

4. Data Storage and Security

4.1 Data Storage

Your data is stored on secure servers provided by our hosting provider (Hostinger). We retain your personal information for as long as your account is active or as needed to provide you with our Service.

4.2 Security Measures

We implement industry-standard security measures to protect your information:

• Encryption: All data transmitted between your browser and our servers is encrypted using SSL/TLS (HTTPS).
• Password Security: Passwords are hashed using bcrypt with a cost factor of 12 and are never stored in plain text.
• Access Controls: Access to personal data is restricted to authorized personnel only.
• Rate Limiting: We implement rate limiting to prevent abuse and protect against attacks.
• Secure Tokens: Authentication tokens are cryptographically generated and expire automatically.

4.3 Data Retention

We retain your data according to the following guidelines:

• Account Data: Retained until you delete your account.
• Chat History: Retained for the duration of your account unless you request deletion.
• Log Data: Retained for up to 90 days for security and debugging purposes.
• Deleted Accounts: Data is permanently deleted within 30 days of account deletion.

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

5.1 Service Providers

We share data with third-party service providers who assist us in operating our Service:

• AI Providers: Chat messages are processed by AI service providers (e.g., Anthropic) to generate responses. These providers have their own privacy policies.
• Payment Processor: Stripe processes all subscription payments. They receive your payment details directly and are PCI-DSS compliant.
• Hosting Provider: Our hosting provider (Hostinger) stores and processes data on our behalf.
• Email Service: Email communications are sent through our email service provider.

5.2 Legal Requirements

We may disclose your information if required by law or in response to valid requests by public authorities (e.g., court orders, government requests).

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal information may be transferred. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

6. Cookies and Tracking Technologies

6.1 What We Use

OptiLM uses minimal tracking technologies:

• Local Storage: We use browser local storage to maintain your authentication session (login token). This is essential for the Service to function.
• Session Data: We store session information server-side to authenticate your requests.

6.2 What We Don't Use

We do not use:

• Third-party advertising cookies
• Social media tracking pixels
• Analytics services that track individual users

6.3 Managing Local Storage

You can clear local storage data through your browser settings. Note that doing so will log you out of the Service.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

7.1 Access and Portability

You have the right to request a copy of the personal information we hold about you.

7.2 Correction

You can update your account information at any time through your account settings page.

7.3 Deletion

You can delete your account at any time through your account settings. This will permanently remove your personal data from our systems within 30 days.

7.4 Restriction and Objection

You may request that we restrict processing of your data or object to certain processing activities.

7.5 Withdraw Consent

Where we process your data based on consent, you may withdraw that consent at any time.

7.6 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@optilm.com. We will respond to your request within 30 days.

8. Payment and Subscription Data

8.1 Payment Processing

When you subscribe to a paid plan (Amber, Obsidian, or Diamond), your payment is processed by Stripe, Inc. ("Stripe"), our third-party payment processor. We do not directly collect, store, or have access to your full credit card number, debit card number, or bank account details.

8.2 Information Stripe Collects

When you make a payment, Stripe may collect:

• Card Information: Card number, expiration date, CVC (processed and stored by Stripe, not by us)
• Billing Address: If required for payment verification
• Email Address: For transaction receipts and payment notifications

Stripe's collection and use of your payment information is governed by their Privacy Policy.

8.3 Information We Store

We store limited subscription-related data necessary to manage your account:

• Subscription Tier: Your current plan (Slate, Amber, Obsidian, or Diamond)
• Stripe Customer ID: A unique identifier linking your account to your Stripe payment profile
• Subscription Status: Active, cancelled, or expired status
• Billing Dates: Subscription start date, renewal date, and cancellation date (if applicable)

8.4 Refunds

Refund requests are handled in accordance with our Terms of Service. Refund processing is conducted through Stripe.

9. Children's Privacy

Our Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we discover that we have collected personal information from a child under 13, we will delete that information promptly.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from your country. By using our Service, you consent to the transfer of your information to these countries.

We take appropriate safeguards to ensure that your personal information remains protected in accordance with this Privacy Policy.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last updated" date at the top of this policy
• Sending you an email notification for significant changes (if you have an account)

We encourage you to review this Privacy Policy periodically for any changes. Your continued use of the Service after any modifications constitutes your acceptance of the updated Privacy Policy.

12. Contact Us