Privacy Policy

Key Points Summary

  • We only collect essential information: name, email, profile picture, and account creation date.
  • We do not store your chat history — every session starts fresh.
  • We use trusted third-party AI models and clearly disclose this usage.
  • We do not sell your personal information to advertisers or data brokers.
  • We use cookies to enhance your experience, but you can control them.

Ultra AI ("Company", "we", "us", or "our") respects your privacy and is committed to protecting it through our compliance with this policy. This Privacy Policy describes the types of information we may collect from you or that you may provide when you use our AI agent services (the "Service") and our practices for collecting, using, maintaining, protecting, and disclosing that information.

This policy applies to information we collect: (1) on this website and through our Service; (2) in email, text, and other electronic messages between you and the Service; and (3) through mobile and desktop applications you download from us. It does not apply to information collected by any third party, including through any application or content that may link to or be accessible from or on the Service.

Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. By accessing or using our Service, you agree to this Privacy Policy. If you do not agree with our policies and practices, your choice is not to use our Service.

1. Information We Collect

We collect several types of information from and about users of our Service:

Personal Identification

Full name, email address, phone number, postal address, government ID (for verification when required), date of birth, and other identifiers.

Account Credentials

Username, password, security questions and answers, and other authentication details.

Payment Information

Credit/debit card numbers, bank account details, billing addresses, and other financial information necessary for processing transactions.

User Content

All text inputs, file uploads, documents, images, audio recordings, and any other content you provide to our AI systems.

Communication Data

Emails, chat logs, support tickets, and other correspondence with our service.

Technical Data

IP addresses, device identifiers (IMEI, MAC address), browser type and version, operating system, time zone settings, and location data.

Usage Data

Pages visited, features used, time spent, clickstream data, and other service interaction metrics.

Cookies & Tracking

Session cookies, persistent cookies, web beacons, pixel tags, and similar tracking technologies.

We collect this information through:

  • Direct user input during registration, service use, and customer support interactions
  • Automated tracking technologies as you navigate our services
  • Third-party sources including identity verification services, payment processors, and analytics providers
  • Publicly available databases and social media platforms (for business accounts)

2. How We Use Your Information

We use the collected information for the following purposes:

Service Delivery

To provide, maintain, and improve our AI services, including processing your requests and generating responses.

Account Management

To create and manage your account, authenticate users, and provide customer support.

Payment Processing

To process transactions, send invoices, prevent fraud, and comply with financial regulations.

Service Improvement

To analyze usage patterns, develop new features, and enhance service quality (using aggregated, anonymized data).

Communication

To send service notifications, updates, security alerts, and marketing communications (where permitted).

Legal Compliance

To comply with applicable laws, regulations, legal processes, and government requests.

Security

To protect against malicious, deceptive, fraudulent or illegal activity, and prosecute those responsible.

Research & Development

To train and improve our AI models (using anonymized data only, unless explicit consent is given).

Legal bases for processing under GDPR:

Contractual Necessity

When processing is required to fulfill our service obligations to you.

Legitimate Interest

For service improvement, security, and fraud prevention where balanced against your rights.

Consent

Where we rely on your explicit permission for specific processing activities.

Legal Obligation

When processing is necessary to comply with applicable laws.

3. AI Service Disclosure

Our AI services involve complex processing of your data:

Model Architecture

We utilize transformer-based neural networks trained on publicly available datasets to power our services.

Third-Party Processors

Certain requests may be routed to third-party AI providers (e.g., OpenAI, Anthropic) under strict data protection agreements.

Data Handling

Your inputs are processed in memory for immediate responses and may be temporarily stored for quality assurance.

Training Practices

We do not use your personal data or confidential inputs to train our core models without explicit opt-in consent.

Accuracy Limitations

AI-generated content may contain inaccuracies and should not be solely relied upon for critical decisions.

Human Review

A limited number of authorized personnel may access conversations for abuse monitoring and quality control.

Specific safeguards we implement:

  • End-to-end encryption for all data in transit
  • Strict access controls and audit logging for all data access
  • Automatic redaction of sensitive personal information during processing
  • Regular third-party security audits of our AI systems
  • Data minimization principles applied to all processing activities

4. Data Sharing Practices

We may share your information in these limited circumstances:

Service Providers

With vendors who provide infrastructure, analytics, payment processing, and other essential services (bound by strict confidentiality agreements).

Legal Requirements

When required by law, subpoena, or legal process, including to meet national security or law enforcement requirements.

Business Transfers

In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business.

Consent

With third parties when we have your explicit permission to do so.

Aggregated Data

Non-identifiable, aggregated data may be shared with partners for research and analysis.

We never sell your personal data to third parties. International data transfers comply with:

  • EU Standard Contractual Clauses for transfers outside the EEA
  • Adequacy decisions where applicable
  • The UK International Data Transfer Agreement
  • Other legally recognized transfer mechanisms

5. Cookies & Tracking Technologies

We use various tracking technologies:

Essential Cookies

Required for core functionality like authentication and session management.

Performance Cookies

Collect anonymous data about usage patterns to improve our services.

Functionality Cookies

Remember your preferences and settings across visits.

Targeting Cookies

Used by advertising partners to deliver relevant ads (only with consent).

Analytics Tools

Google Analytics, Mixpanel, and other tools to understand user behavior.

Your control options include:

  • Browser settings to block cookies (may affect service functionality)
  • Our cookie consent manager to opt-in/out of non-essential tracking
  • Global Privacy Control (GPC) signal support
  • Third-party opt-out tools for specific advertising networks

We honor Do Not Track signals when technically feasible.

6. Security Measures

We implement robust security protections:

Encryption

AES-256 encryption for data at rest and TLS 1.3 for data in transit.

Access Controls

Role-based access with multi-factor authentication for sensitive systems.

Network Security

Firewalls, intrusion detection systems, and regular vulnerability scanning.

Incident Response

24/7 monitoring and documented procedures for security incidents.

Data Minimization

We only collect and retain data necessary for our services.

Despite our safeguards, no internet transmission is 100% secure. We recommend:

  • Using strong, unique passwords for your account
  • Enabling two-factor authentication where available
  • Regularly reviewing your account activity
  • Being cautious about the information you share through the service

In case of a data breach affecting your information, we will notify you and relevant authorities as required by law.

7. Your Privacy Rights

Depending on your jurisdiction, you may have these rights:

Access

Request copies of your personal data we hold.

Rectification

Correct inaccurate or incomplete information.

Erasure

Request deletion of your personal data under certain conditions.

Restriction

Limit how we use your data in specific circumstances.

Portability

Receive your data in a structured, machine-readable format.

Objection

Object to certain processing activities like direct marketing.

Consent Withdrawal

Revoke previously given consent (without affecting prior processing).

Non-Discrimination

Not be denied service for exercising privacy rights where applicable by law.

To exercise these rights:

  • Submit a request through our Privacy Dashboard in account settings
  • Email privacy@ultraai.site with "Privacy Request" in the subject line
  • Call our toll-free privacy hotline at (800) 555-0199
  • Mail requests to our Data Protection Officer at the address below

We respond to all legitimate requests within 30 days and may require identity verification.

8. Children's Privacy

Our services are not designed for children:

Age Restrictions

We do not knowingly collect data from children under 16 (or 13 in some jurisdictions) without parental consent.

Verification

Age screening is conducted during account creation for certain high-risk features.

Parental Controls

Parents/guardians may request review or deletion of a child's information.

Educational Use

For school accounts, we comply with applicable student privacy laws like FERPA and COPPA.

If we discover we've collected data from a child without proper consent:

  • We will immediately suspend the account
  • Delete all associated personal data
  • Notify parents/guardians where possible
  • Document the incident in our compliance records

Schools and organizations using our service for minors must obtain all required consents.

9. Policy Updates

We may update this policy periodically:

Notification Methods

Email alerts for registered users, in-service banners, and updated timestamps on this page.

Material Changes

Significant modifications will be highlighted for 30 days after updating.

Archive

Previous versions remain available upon request for comparison.

Acceptance

Continued use after changes constitutes acceptance of the revised policy.

Recent update highlights:

  • Added detailed AI processing disclosures (June 2023)
  • Expanded international data transfer information (April 2023)
  • Clarified children's privacy provisions (March 2023)

We recommend reviewing this policy at least quarterly for updates.

10. Contact Information

For privacy-related inquiries:

Data Protection Officer

dpo@ultraai.site (for EU/UK residents)

General Privacy Questions

privacy@ultraai.site

Legal Requests

legal@ultraai.site

Mailing Address

Ultra AI, Inc. Attn: Privacy Office 123 Data Protection Avenue San Francisco, CA 94107 USA

Phone

+1 (415) 555-1234 (9am-5pm PST, Monday-Friday)

EU Representative

As required under Article 27 GDPR: Ultra AI EU Ltd. Attn: GDPR Representative 10 Data Protection Square Dublin, Ireland

For fastest response:

  • Use the in-app support feature for account-specific issues
  • Email provides documented communication trails
  • Legal requests must include official letterhead where applicable

We acknowledge all inquiries within 5 business days and resolve most matters within 30 days.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

For material changes, we will provide more prominent notice (including, for certain services, email notification of privacy policy changes).