Privacy Policy

1. Introduction

Ceramic Labs, LLC ("Ceramic," "we," "us," or "our") operates mobile applications, websites, APIs, and related services (collectively, the "Services"). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Services.

By using our Services, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

Information You Provide

• Account Information: Information you provide when creating or updating your account, such as name, email address, phone number, username, and profile details.
• User Content: Content you create, upload, or share through our Services, such as recordings, photos, videos, messages, and other media.
• Contacts: With your permission, information from your device contacts to help you connect with friends.
• Communications: Information you provide when you contact us, participate in surveys, or interact with our support team.
• Payment Information: Information needed to process payments, such as payment method details and billing address. Payment processing is handled by third-party providers.

Information Collected Automatically

• Device Information: Information about your device, such as device type, operating system, unique identifiers (such as advertising identifiers), and network information.
• Location Data: With your permission, approximate or precise location data to enable location-based features.
• Usage Data: Information about how you use our Services, such as features accessed, actions taken, and interaction patterns.
• Log Data: Technical information such as IP address, browser type, referring URLs, and diagnostic data.
• Attribution Data: Information about how you discovered and installed our apps, including referring sources, advertising campaigns, and install timestamps. This data is collected through third-party attribution services.

Biometric Data

Device Authentication: If you choose to enable biometric authentication (such as fingerprint or face recognition), your biometric data is processed entirely on your device by the operating system's secure enclave. We do not collect, store, or have access to this authentication data. We only receive a confirmation of successful authentication.

Voice and Likeness Cloning: With your explicit consent, we may collect voice recordings, photos, or videos to create AI-generated clones of your voice or likeness. This data is only collected when you opt in to specific cloning features. We may use third-party AI services to process this data. Your voice and likeness data is:

• Only collected with your explicit, informed consent
• Used solely for creating and operating your personal clones
• Stored securely with encryption at rest
• Never sold, leased, or otherwise commercially exploited
• Deletable at any time through your account settings

When you delete your voice or likeness data, we will delete it from our systems and request deletion from third-party processors within 30 days. You can revoke consent and delete your clones at any time in the app settings.

SMS and Phone Verification

We may send SMS messages to verify your phone number during account creation or for security purposes. By providing your phone number, you consent to receive these verification messages. Standard messaging rates may apply.

Information from Third Parties

• Sign-In Providers: When you sign in with Apple, Google, or other providers, we receive basic profile information according to your settings with those services.
• App Stores: Transaction information when you make purchases.

Cookies and Tracking Technologies

Our websites and Services may use cookies and similar technologies to enhance your experience.

• Essential Cookies: Required for authentication, security, and core functionality. These cannot be disabled.
• Analytics Cookies: Help us understand how you use our Services so we can improve them.
• Marketing Cookies: Used to measure the effectiveness of our advertising and marketing campaigns.

Most browsers allow you to control cookies through their settings. We may also use third-party analytics and advertising services that use cookies, pixel tags, and similar technologies. You can control tracking through your device or browser settings. Where required by law, we will ask for your consent before placing non-essential cookies. We honor Global Privacy Control (GPC) signals where required by law.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our Services
• Create and manage your account
• Enable social features, including friend connections and content sharing
• Process transactions and send related information
• Send notifications about activity relevant to you
• Provide customer support
• Analyze usage patterns to improve our Services
• Train, improve, and develop artificial intelligence and machine learning models that power our Services and future features
• Detect, prevent, and address fraud and abuse
• Comply with legal obligations

4. How We Share Your Information

With Other Users

Your profile information, such as name, username, and photo, is visible to other users. Content you share is visible to intended recipients.

Public Content and Indexing

Content you choose to make public (such as public profiles or publicly shared content) may be indexed by search engines and accessed by third-party services, including AI systems used for search and discovery. Public content may appear in search results or be cited by AI assistants. If you do not want your content to be publicly discoverable, use our privacy settings to limit its visibility.

With Service Providers

We work with service providers who help us operate our Services, including cloud hosting, content delivery, payment processing, analytics, attribution and advertising measurement, AI/ML services, and customer support. We may share your information, including User Content, with these providers as necessary. These providers are contractually obligated to protect your information and use it only for the purposes we specify.

For Legal Reasons

We may disclose your information if required to:

• Comply with applicable laws or legal processes
• Respond to lawful requests from authorities
• Protect the rights, property, or safety of Ceramic, our users, or others

Business Transfers

If Ceramic is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

5. Data Security

We implement appropriate technical and organizational measures to protect your information, including encryption of data in transit and at rest. However, no method of transmission or storage is 100% secure.

6. Data Retention

We retain your information for as long as your account is active or as needed to provide our Services. When you delete your account, your data is permanently deleted after a 30-day grace period, except for:

• Information we are required to retain by law
• Content that has been shared with other users (which remains visible to them)
• Anonymized or aggregated data that has been incorporated into AI models. Once data is anonymized for model training, it cannot be traced back to individual users or reversed from the model

7. Your Rights

Depending on your location, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Request a copy of your data in a portable format

You can delete your account in the app settings. To request a copy of your data, contact us at legal@ceramic.sh.

8. Children's Privacy

Our Services are not intended for children under the minimum age required in their jurisdiction. In most countries, this is 13 years old, but some regions require users to be older (for example, 16 in parts of the European Union). We do not knowingly collect personal information from children under the applicable minimum age. If we learn that we have collected such information, we will promptly delete it.

9. International Transfers

Your information is primarily stored and processed in the United States. To provide fast, reliable service, we may also process your data in other regions where our infrastructure operates. Your information may be transferred to and processed in countries other than your own. We take appropriate safeguards to ensure your information remains protected, including Standard Contractual Clauses where required.

10. California Privacy Rights

If you are a California resident, you have the right to:

• Know what personal information we collect and how it is used
• Request correction of inaccurate personal information
• Request deletion of your personal information
• Opt out of the sale or sharing of personal information (we do not sell or share personal information for cross-context behavioral advertising)
• Limit the use and disclosure of sensitive personal information, including biometric data
• Non-discrimination for exercising your rights

11. European Economic Area, UK, and Swiss Users

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) and similar laws:

• Legal Basis: We process your data based on: your consent, performance of a contract with you, our legitimate interests (such as improving our Services and preventing fraud), and compliance with legal obligations. Processing of biometric data (such as voice and likeness cloning) is always based on your explicit consent.
• Right to Access: Request a copy of your personal data.
• Right to Rectification: Request correction of inaccurate data.
• Right to Erasure: Request deletion of your personal data.
• Right to Restrict Processing: Request that we limit how we use your data.
• Right to Data Portability: Receive your data in a portable format.
• Right to Object: Object to processing based on legitimate interests.
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

To exercise these rights, contact us at legal@ceramic.sh. You also have the right to lodge a complaint with your local data protection authority.

Data Protection Contact: For data protection inquiries from EEA, UK, or Swiss residents, you may reach our data protection point of contact at legal@ceramic.sh.

Data Transfers: When we transfer your data outside the EEA, UK, or Switzerland, we use appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes through an in-app notification, by email, or by posting the updated policy in our Services. For material changes, we may require you to review and accept the updated policy before continuing to use our Services. Your continued use after such changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy, contact us at legal@ceramic.sh.