LogoRareStar AI
Sign InSign Up

Privacy Policy

Last updated: 08 October 2024

At RareStar AI Ltd. ("we", "us", "our"), your privacy is important. This Privacy Policy explains what personal data we collect, why we collect it, and how we protect it when you use RareStar AI (the "Service"). By using the Service, you agree to this policy.

1. Information We Collect

  • Account Data: name, email address, password hash, and optional profile information.
  • Billing Data: payment card token, billing address, and transaction history.
  • Usage Data: prompts, generated outputs, tokens consumed, timestamps, and IP address.
  • Device Data: browser type, operating system, and coarse location inferred from IP.
  • Cookies: authentication cookies and analytics (see Section 6).

2. How We Use Your Information

  • Provide and maintain the Service.
  • Process payments and manage credits.
  • Monitor and improve performance, quality, and security.
  • Send critical account alerts (billing, security, policy changes).
  • Respond to support requests.

3. Legal Bases (GDPR)

We process personal data under: (a) Contract (to provide the Service), (b) Legitimate Interests (fraud prevention, product improvement), and (c) Consent (for optional analytics cookies).

4. Data Retention

  • Account & billing records: retained for the lifetime of the account plus 6 years (tax obligations).
  • Chat logs: retained for 30 days for abuse detection, then deleted unless you opt for longer retention to enable conversation history.
  • Analytics data: aggregated after 26 months; raw data deleted.

5. Data Sharing

We never sell your data. We share only when necessary:

  • LLM Providers: prompts and context are sent to third-party model APIs (e.g., OpenAI, Anthropic) solely to generate responses. These providers are processors and do not retain data beyond their stated windows.
  • Payment Processor: Stripe, Inc. for billing.
  • Service Providers: hosting (AWS), error tracking (Sentry), and email delivery (Postmark) under strict data-processing agreements.
  • Law Enforcement: only when legally compelled and after careful review.

6. Cookies & Tracking

We use:

  • Essential cookies for authentication and security.
  • Analytics cookies (Plausible, privacy-first, no cross-site tracking) to understand aggregate usage. You can disable analytics in your account settings.

7. Your Rights & Choices

  • Access & Portability: download your account data from the dashboard.
  • Rectification: update profile info at any time.
  • Erasure: delete your account; data will be purged within 30 days (except for billing records kept for legal obligations).
  • Restriction / Objection: contact us to restrict processing or object to analytics.
  • Do Not Sell: we do not sell personal data as defined under CCPA.
  • Exercise rights via privacy@rarestar-ai.com.

8. Security

  • TLS encryption in transit and AES-256 at rest.
  • Least-privilege access controls; annual penetration tests.
  • Prompt & output data are encrypted in transit to LLM providers.

9. International Transfers

We host data in the EU (Frankfurt). When processing via U.S.-based LLM providers, we rely on Standard Contractual Clauses and additional safeguards.

10. Children's Privacy

The Service is not directed to children under 16. We do not knowingly collect data from children; if discovered, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced via email or in-app notification at least 7 days before they take effect.

12. Contact Us

Data Protection Officer
support@rarestar-ai.com
RareStar AI, 128 City Road, London, United Kingdom, EC1V 2NX

Back to home