Privacy Policy

This Policy applies to https://kovvid.com, its localized pages, creation tools, model pages, account center, generation history, asset library, payment flows, support entry points, admin-related services, and related features (collectively, the "service").

This Policy does not apply to information independently processed by third-party websites, payment pages, sign-in services, analytics tools, live chat tools, or AI model providers. Those third parties process data under their own privacy policies.

If a feature includes a separate data notice or consent prompt, that notice applies together with this Policy.

Account and sign-in information: when you sign in with Google, Google One Tap, or another supported method, we may receive and store your user ID, name, avatar, email address, sign-in state, language preference, account creation time, credit balance, and subscription status.

Creative inputs and generated content: prompts, negative prompts, model selections, aspect ratios, resolutions, durations, audio/watermark settings, seeds, project associations, uploaded or referenced image/video URLs, AI-generated images or videos, generation task IDs, failure reasons, and generation history.

Uploaded assets and file information: when you upload reference images or other assets, we process file content, file names, file sizes, MIME types, storage paths, public or signed access URLs, and metadata needed for generation, previews, downloads, and history.

Payment and billing information: when you buy credits, one-time packages, or subscriptions, we record orders, checkout sessions, products, prices, currencies, payment status, subscription periods, refund or cancellation status, and invoice/customer portal identifiers. Sensitive payment credentials such as full card numbers and payment passwords are handled by Stripe, Creem, or other payment providers, and we do not store full card numbers.

Usage, device, and attribution data: paths visited, referrers, UTM parameters, landing pages, session IDs, Google Analytics identifiers, device and browser information, IP addresses, timestamps, page views, pricing page exposures, feature interactions, error logs, performance data, and diagnostics.

Security, risk control, and review information: prompt safety results, policy violation or suspected violation flags, abuse-prevention logs, device-account binding information, check-in or reward task records, and admin audit logs.

Support, feedback, and communications: questions, contact details, attachments, conversation content, and status information you submit through feedback forms, live chat, email, or other support channels.

Information generated by cookies, local storage, session storage, pixels, and similar technologies. See our Cookies Policy for more details.

Information you provide directly, such as when you sign in, enter prompts, upload assets, create projects, submit feedback, or contact support.

Information collected automatically by the service, such as logs, cookies, device information, analytics events, generation status, error information, and safety check results.

Information from third parties, such as Google sign-in profile data, payment and subscription status returned by Stripe or Creem, and analytics, attribution, or support-related information from Google Analytics, Google Ads, Microsoft Clarity, Tawk.to, or similar tools.

To provide, maintain, and improve core features including AI image generation, AI video generation, image-to-prompt, prompt safety checks, project management, history, assets, downloads, credits, and subscriptions.

To create and manage accounts, sync Google sign-in profile data, maintain sessions, identify users, show account balances, and process daily check-ins, reward tasks, and paid entitlements.

To process checkout, subscriptions, customer portals, refunds, invoices, tax matters, and billing reconciliation.

To submit necessary prompts, reference assets, model parameters, and task status to AI models, runtimes, object storage, databases, hosting, and queue services so generation, storage, preview, and download features can work.

To detect and prevent fraud, attacks, abuse, spam, content policy violations, abnormal high-frequency usage, and unauthorized access.

To analyze traffic sources, feature usage, conversion paths, errors, and performance so we can improve pages, model selection, pricing, product experience, and service reliability.

To provide support, handle feedback, troubleshoot issues, respond to complaints, and send service notices, billing notices, security alerts, and necessary operational messages.

To send product updates, campaigns, or marketing messages where you consent or where applicable law permits. You may opt out of marketing communications through the message instructions or by contacting us.

To comply with laws, legal or administrative processes, regulatory requirements, enforce our agreements, and protect the legitimate rights and interests of Kovvid, users, or the public.

Service providers: where necessary to provide the service, we may share information with or have information processed by providers of infrastructure, databases, object storage, content delivery, AI model/generation APIs, safety review, analytics, advertising attribution, live chat, email, payments, billing, and error monitoring.

Providers this project may actually use include Google Sign-In and Google Analytics/Ads, Microsoft Clarity, Tawk.to, Supabase, Cloudflare R2 or S3-compatible storage, Stripe, Creem, APIMART, OpenAI/Sora, Wavespeed, and other services that support model runtime, hosting, security, and operations. Specific providers may change as the product and availability evolve.

AI generation providers: to complete image, video, or prompt-related tasks, we may send your prompts, reference image/video URLs, generation parameters, task IDs, and necessary context to third-party model providers. Those providers may process the information under their own policies for service delivery, safety review, abuse prevention, or legal compliance.

Payment providers: when you initiate payments, subscriptions, refunds, or customer portal actions, payment-related information is processed by Stripe, Creem, or other payment providers. We retain transaction results and billing records to issue credits, activate entitlements, reconcile accounts, and handle disputes.

Legal and safety disclosure: we may disclose necessary information to comply with laws, court orders, regulatory requirements, government requests, or to investigate fraud, abuse, security incidents, rights violations, or breaches of our agreements.

Corporate transactions: if a merger, acquisition, financing, asset transfer, restructuring, or similar transaction occurs, personal information may be transferred as part of that transaction. We will require the recipient to protect the information to a standard no less protective than this Policy.

Public display: unless you actively publish, share, set content to public, or a feature clearly states that content will appear in a public area, we do not publicly disclose your personal identity information. Paid users may control the visibility of certain works, prompts, or assets through product settings where available.

We do not sell your personal information or rent it for third parties’ independent marketing purposes.

We use necessary cookies and local storage to maintain sign-in state, language preference, cookie notice status, session IDs, attribution parameters, generation flows, and security features.

We may use Google Analytics, Google Ads, Microsoft Clarity, or similar tools to understand traffic sources, page performance, feature usage, conversion performance, session replay, or heatmap information. These tools may set their own cookies or read device identifiers.

We may use Tawk.to or similar live chat tools to provide support on selected pages. Those tools may process your visit information, chat content, and device information.

You can delete or block cookies through your browser settings and may also use advertising platform, browser, or device opt-out tools to limit some analytics and advertising tracking. Blocking necessary cookies may affect sign-in, payments, generation history, credit sync, language preferences, or other features.

Kovvid provides services to users globally. Your information may be stored or processed on servers, databases, object storage, payment systems, analytics tools, support systems, or AI provider systems outside your country or region. We will take reasonable safeguards for cross-border transfers and provider processing as required by applicable law.

Account information is generally retained while your account exists. After account deletion, we will delete or anonymize information that is no longer needed within a reasonable period, unless retention is required for legal, billing, dispute resolution, security, or anti-fraud purposes.

Generation history, projects, uploaded assets, and generated results are retained as needed to provide history viewing, re-download, troubleshooting, content safety, and billing verification. You may delete history records where the product allows or contact us to request deletion.

Payment, subscription, invoice, refund, reconciliation, and tax-related records may be retained for longer periods as required for business, accounting, tax, and legal purposes.

Security logs, audit logs, risk control records, prompt safety logs, error logs, and analytics data are retained as needed for service security, reliability, compliance, and product improvement, and are deleted, aggregated, or anonymized when no longer needed.

We use reasonable technical and organizational measures to protect information, including access controls, authentication, encryption in transit, permission separation, log monitoring, least-necessary access, key management, and security assessments.

No internet transmission or electronic storage method can be guaranteed completely secure. You should also protect your sign-in state, devices, email, and third-party accounts, and avoid submitting unnecessary sensitive personal information, identity documents, financial information, or other people’s private information in prompts or uploaded assets.

If a data security incident may affect your rights, we will notify you and relevant authorities as required by applicable law and describe the nature of the incident, possible impact, and measures taken or recommended.

Depending on the laws of your jurisdiction, you may have rights to request access, correction, update, deletion, restriction, objection, a copy, or portability of your personal information.

You may request deletion of your account or deletion of specific generation history, projects, uploaded assets, feedback records, or similar information. Some information may continue to be retained for legal, billing, security, dispute resolution, anti-fraud, or service integrity reasons.

For processing based on consent, you may withdraw consent. Withdrawal does not affect processing that occurred before withdrawal.

For marketing communications, you may opt out through the unsubscribe method in the message or by contacting us. Service notices, security alerts, billing notices, and transactional messages are generally not marketing messages.

For automated safety review, content policy decisions, risk controls, or credit limitations, where applicable law requires it and the decision materially affects you, you may request an explanation and human review.

Users in California, the European Economic Area, the United Kingdom, Switzerland, mainland China, Korea, or other regions may have additional rights under local law. After verifying your identity, we will process requests within the period required by applicable law, and we generally aim to respond within 30 days.

To protect your account and other people’s privacy, we may need to verify your identity, account ownership, or authority before processing access, deletion, or export requests.

The service is primarily intended for adults and users with the legal capacity to use it. Users under 18 should use the service only with the consent and guidance of a parent or legal guardian.

We do not knowingly collect personal information from children below the age required by applicable law. If a guardian believes a minor provided personal information to us without proper consent, please contact us and we will verify the request and delete the information or take other necessary steps as required by law.

Users must not upload, generate, or share content that infringes the rights of minors, contains sensitive information about minors, or violates our content policies.

The service may contain third-party websites, model pages, payment pages, sign-in services, support tools, embedded content, social media, or other external links. Third parties may independently collect and process your information, and their activities are not governed by this Policy.

Before leaving Kovvid or using a third-party feature, you should review that third party’s privacy policy, cookie policy, and terms of service.

We may update this Privacy Policy to reflect changes in product features, third-party services, technology, legal requirements, or operating arrangements.

Material updates will be communicated through website pages, in-service prompts, email, or other reasonable channels. The updated Policy becomes effective on the date shown on the page or in the notice.

Continued use of the service after an update becomes effective means you accept the updated Policy. If you do not agree with the update, you should stop using the relevant service and may contact us about account or data requests.

If you have any questions, requests, or complaints about this Policy, contact us at [email protected]. This service is operated by 梁剑峰（Passport Name: LIANG, JIANFENG）, and we will respond as promptly as reasonably practicable.

For privacy-related concerns, we encourage you to contact us first so we can try to resolve the issue. If a dispute cannot be resolved, either party may seek relief in a court of competent jurisdiction where the platform operator is established, unless applicable law provides otherwise.

This Privacy Policy is effective as of May 19, 2026 and should be read together with the Kovvid User Agreement and Cookies Policy.