Privacy Policy

1. Introduction

Welcome to PokeGPT ("we," "our," or "us"). We are committed to protecting your personal data and respecting your privacy in accordance with the General Data Protection Regulation (GDPR) and other applicable European data protection laws.

This privacy policy explains how we collect, use, store, and protect your personal data when you use our website at pokegpt.org (the "Service").

2. Data Controller

PokeGPT is the data controller responsible for your personal data. If you have any questions about this privacy policy or our data practices, please contact us using the contact form on our website.

3. Personal Data We Collect

We collect and process the following categories of personal data:

• Account Information: Email address and authentication credentials when you create an account.
• Chat Data: Conversation history with our AI assistant to provide service continuity.
• Usage Data: Information about how you interact with our Service, including pages visited, features used, and session duration.
• Technical Data: IP address, browser type, device information, and operating system for security and analytics purposes.

4. Legal Basis for Processing

Under the GDPR, we process your personal data based on the following legal grounds:

• Contract Performance (Art. 6(1)(b) GDPR): Processing necessary to provide you with our Service, including account management and chat functionality.
• Legitimate Interests (Art. 6(1)(f) GDPR): Processing for security, fraud prevention, service improvement, and analytics, where our interests do not override your rights.
• Consent (Art. 6(1)(a) GDPR): For non-essential cookies and marketing communications, where applicable. You may withdraw consent at any time.
• Legal Obligation (Art. 6(1)(c) GDPR): Processing required to comply with applicable laws.

5. How We Use Your Data

We use your personal data to:

• Provide, maintain, and improve our Service
• Process your requests and respond to your inquiries
• Store and synchronize your chat history across sessions
• Manage your account and token balance
• Send important service-related notifications
• Detect and prevent fraud, abuse, or security incidents
• Comply with legal obligations
• Analyze usage patterns to improve user experience

6. Cookies and Tracking Technologies

We use cookies and similar technologies for the following purposes:

• Essential Cookies: Required for authentication and basic Service functionality.
• Preference Cookies: Remember your settings (such as dark/light mode).
• Analytics Cookies: Help us understand how visitors use our Service (via Vercel Analytics).

You can manage your cookie preferences through your browser settings. Please note that disabling essential cookies may affect Service functionality. For non-essential cookies, we obtain your consent before setting them.

7. Third-Party Services and International Transfers

We use the following third-party services, some of which may transfer data outside the European Economic Area (EEA):

• Supabase: Authentication and database services (data may be processed in the EU or US).
• OpenAI: Powers our AI assistant. Chat messages are processed by OpenAI's API (US-based).
• Vercel: Hosting and analytics (US-based with global edge network).

For transfers outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or reliance on adequacy decisions where applicable.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. When your account is deleted, we will delete or anonymize your personal data within 30 days, unless retention is required by law.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption, secure authentication, and regular security assessments. However, no method of transmission over the Internet is 100% secure.

10. Your Rights Under GDPR

As a data subject in the European Union, you have the following rights:

• Right of Access (Art. 15): Request a copy of your personal data we hold.
• Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data.
• Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten").
• Right to Restriction (Art. 18): Request limitation of processing in certain circumstances.
• Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format.
• Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing.
• Right to Withdraw Consent (Art. 7): Withdraw consent at any time where processing is based on consent.
• Right to Lodge a Complaint: File a complaint with your local Data Protection Authority.

To exercise these rights, please contact us using the contact form on our website. We will respond to your request within one month.

11. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on you.

12. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.

13. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by posting a prominent notice on our Service and updating the "Last updated" date. We encourage you to review this policy periodically.

14. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about our data practices, please contact us using the contact form available on our website.