Last Updated: October 27, 2025
Effective Date: October 27, 2025
1. Introduction
This Privacy Policy explains how JollyAI (“we,” “us,” or “our”) collects, uses, discloses, and safeguards your information when you use our AI-powered image and video generation services.
We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the Information Technology Act, 2000 of India.
2. Information We Collect
2.1 Information You Provide
- Account Information: Name, email address, username, password
- Payment Information: Billing address, payment method details (processed securely by third parties)
- Profile Information: Profile picture, bio, preferences
- Content: Prompts, uploaded images, generated content
- Communications: Messages sent to our support team
2.2 Information Automatically Collected
- Usage Data: Generation requests, feature usage, session duration
- Device Information: IP address, browser type, operating system, device identifiers
- Log Data: Access times, pages viewed, error logs
- Cookies and Tracking: Session management and analytics
2.3 Information from Third Parties
- Payment Processors: Transaction confirmations and billing information
- Social Media: If you connect social accounts (optional)
- Analytics Providers: Website usage statistics
3. How We Use Your Information
3.1 Service Provision
- Create and manage your account
- Process payments and manage subscriptions
- Provide AI generation services
- Deliver generated content
- Send service-related notifications
3.2 Service Improvement
- Analyze usage patterns to improve our services
- Train and improve our AI models (with anonymized data)
- Develop new features and capabilities
- Monitor system performance and security
3.3 Communication
- Respond to your inquiries and support requests
- Send important service updates and announcements
- Provide billing and account notifications
- Send marketing communications (with consent)
3.4 Legal Compliance
- Comply with legal obligations
- Prevent fraud and abuse
- Enforce our Terms of Service
- Protect our rights and those of third parties
4. Information Sharing and Disclosure
4.1 We Do Not Sell Your Data
We do not sell, rent, or lease your personal information to third parties for marketing purposes.
4.2 Service Providers
We may share information with trusted service providers who assist us in:
- Payment processing (Stripe, Razorpay)
- Cloud infrastructure (AWS, Google Cloud)
- Customer support (Zendesk, Intercom)
- Analytics (Google Analytics, Mixpanel)
- Email delivery (SendGrid, Mailgun)
4.3 Legal Requirements
We may disclose information when required by law, including:
- Subpoenas or court orders
- Government investigations
- Prevention of illegal activities
- Protection of our rights and safety
4.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity, subject to continued privacy protection.
5. AI Content and Data Processing
5.1 Content Processing
Your prompts and uploaded images are processed by our AI systems to generate content. This processing may involve:
- Temporary storage during generation
- Analysis for content moderation
- Quality improvement algorithms
- Anonymized model training (optional, opt-out available)
5.2 Content Privacy
- Your generated content is private to your account
- We do not use your content for marketing without permission
- Content is encrypted in transit and at rest
- You control sharing and download permissions
5.3 Model Training
With your consent, anonymized data may be used to improve our AI models. You can opt out of this at any time through account settings.
6. Data Retention
6.1 Account Data
- Active accounts: Retained indefinitely
- Deleted accounts: Data deleted within 30 days
- Legal holds: Data retained as required by law
6.2 Generated Content
- Free tier: 30 days retention
- Basic plan: 90 days retention
- Pro plan: 180 days retention
- Enterprise: 365 days retention
6.3 Transaction Data
Payment and transaction records are retained for 7 years for tax and legal compliance purposes.
6.4 Log Data
System logs and analytics data are retained for 24 months for security and service improvement purposes.
7. Your Rights and Choices
7.1 Access and Portability
- Request a copy of your personal data
- Download your generated content
- Export your account data
7.2 Correction and Updates
- Update your account information
- Correct inaccurate data
- Modify privacy preferences
7.3 Deletion
- Delete your account and associated data
- Request deletion of specific content
- Opt out of data processing
7.4 Marketing Communications
- Opt out of promotional emails
- Control notification preferences
- Manage cookie settings
8. Cookies and Tracking Technologies
8.1 Types of Cookies
- Essential Cookies: Required for service functionality
- Analytics Cookies: Help us understand usage patterns
- Marketing Cookies: Used for targeted advertising (with consent)
- Preference Cookies: Remember your settings
8.2 Cookie Management
- You can control cookies through your browser settings
- Opt-out links provided in our cookie banner
- Some features may not work without essential cookies
9. Data Security
9.1 Security Measures
- End-to-end encryption for data in transit
- AES-256 encryption for data at rest
- Regular security audits and penetration testing
- Multi-factor authentication for accounts
- Secure payment processing (PCI DSS compliant)
9.2 Incident Response
In the event of a security breach, we will:
- Notify affected users within 72 hours
- Provide details about the breach
- Offer credit monitoring services if appropriate
- Take corrective actions to prevent future incidents
10. International Data Transfers
10.1 Data Storage Locations
Your data may be stored and processed in:
- India (primary data center)
- United States (backup and processing)
- European Union (GDPR-compliant processing)
10.2 Cross-Border Transfers
We ensure appropriate safeguards for international data transfers, including:
- Standard Contractual Clauses
- Adequacy decisions
- Binding Corporate Rules
11. Children’s Privacy
Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware of such collection, we will delete the information immediately.
12. Third-Party Services
12.1 Payment Processors
- Stripe and Razorpay handle payment processing
- Their privacy policies apply to payment data
- We do not store full payment card details
12.2 Analytics and Marketing
- Google Analytics for usage analytics
- Marketing platforms for targeted advertising
- You can opt out through privacy settings
13. Changes to This Policy
13.1 Updates
We may update this Privacy Policy periodically to reflect:
- Changes in our services
- Legal requirements
- Industry best practices
13.2 Notification
- Email notification for significant changes
- Platform notification in your account
- Updated policy posted on our website
13.3 Continued Use
Continued use of our services after policy changes constitutes acceptance of the updated policy.
14. Contact Us
14.1 Privacy Inquiries
- Email: privacy@jollyai.online
- Data Protection Officer: dpo@jollyai.online
- Response Time: Within 30 days for data requests
14.2 Data Subject Rights
To exercise your data protection rights:
- Access your personal data
- Correct inaccurate data
- Delete your data
- Object to processing
- Data portability
14.3 Complaints
If you have concerns about our privacy practices, you may:
- Contact our Data Protection Officer
- File a complaint with the relevant supervisory authority
- Seek resolution through alternative dispute mechanisms
15. Governing Law
This Privacy Policy is governed by the laws of India. For EU users, GDPR provides additional rights and protections.
Your privacy is important to us. We are committed to protecting your personal information and being transparent about our data practices. If you have any questions about this Privacy Policy, please contact us.