8upAI, Inc. — Privacy Policy

Effective Date: August 30, 2025
Last Updated: August 30, 2025

This Privacy Policy explains how 8upAI, Inc. (“8up.ai,” “we,” “us,” or “our”) collects, uses, shares, and protects information in connection with our website, mobile apps, and related services (the “Services”). It also describes your privacy rights and how to exercise them. If you do not agree, please do not use the Services.

This Policy works together with our Terms of Service. Capitalized terms not defined here have the meanings given in the Terms.

1) Who We Are and How to Contact Us

Controller/Business: 8upAI, Inc., 8 The Green, STE A, Dover, DE 19901, USA
Email: privacy@8up.ai
 Support: support@8up.ai

EU/UK users: We process personal data in the U.S. If required by law, we will appoint an EU/UK representative and publish their contact details on our website. You may always contact us at privacy@8up.ai.

2) Scope

This Policy applies to personal information we collect online through the Services and offline if you contact us. It does not cover third-party websites or services we do not control.

3) Information We Collect

We collect information you provide, information we collect automatically, and information from service providers/platforms.

3.1 Information You Provide

• Account & Profile: name/alias, email, username, avatar/icon, age or age range, country/region, preferences.
  
• User-Generated Content (UGC): text, images, audio/video that you upload or inputUGC does not include AI-generated content or outputs produced by our systems.
  
• Community & Chats: direct messages, group/community posts, comments, reactions, attachments, and chatbot conversations
  
• Wellness/Nutrition Inputs (if you choose): foods, nutrient entries, goals, routines. (We are not a HIPAA covered entity; do not submit PHI.)
  
• Communications: messages to support or privacy, bug reports, surveys.
  

3.2 Information Collected Automatically

• Identifiers & Device Data: device IDs, OS version, app version, language, settings, crash logs.
  
• Usage & Diagnostics: feature usage, in-app events, timestamps, session length, messaging metadata (e.g., participants, delivery/read events).
  
• Network & Internet Activity: IP address, general location (city/region), referral/UTM, clickstream.
  
• Cookies/SDKs: strictly necessary and analytics/performance technologies. We do not use advertising or cross-context behavioral advertising cookies/SDKs. In the EEA/UK, we obtain consent where required for analytics.
  

3.3 Information from Others

• App Stores/Platforms: limited metadata for installation, updates, or fraud prevention.
  
• Service Providers: analytics, security, content moderation, cloud hosting.
  
• Other Users: content they send that includes you (e.g., mentions, replies, forwards), and reports/flags.

4) How We Use Information (Purposes)

We use information to:

1. Provide the Services: account creation, message delivery, UGC hosting, group/community features, troubleshooting.
   
2. Safety & Integrity: abuse prevention, content moderation (automated and/or human review), security, and to enforce Terms.
   
3. Improve & Develop: analytics, research, testing, quality assurance.
   
4. AI Training & Personalization:
   

• Train, fine-tune, and improve the algorithms and models that power the Services (e.g., recommendations, ranking, safety, moderation, summarization, generation), including from chat/community content.
  
• Personalize your in-app experience (recommendations, ordering, suggestions).
  
• We may use identifiable data for these purposes where permitted by law and by your settings. We continue to use de-identified/aggregated data for improvement even if you exercise certain opt-outs.
  

5. Communications: service notices and security alerts; limited product updates where permitted.
   
6. Legal & Compliance: comply with law, respond to legal requests, prevent harm or fraud.

5) Our Legal Bases (EEA/UK)

Where GDPR/UK GDPR applies, we rely on:

• Contract (Art. 6(1)(b)): to provide the Services you request (including delivering messages and hosting communities).
  
• Legitimate Interests (Art. 6(1)(f)): service improvement, security/fraud prevention, moderation, and minimal analytics; we balance against your rights.
  
• Consent (Art. 6(1)(a)): analytics cookies/SDKs where required; certain AI training/personalization uses where local law requires consent.
  
• Legal Obligation (Art. 6(1)(c)): compliance and record-keeping.
  
• Vital Interests (Art. 6(1)(d)): to prevent serious harm in rare cases.
  

You can withdraw consent at any time (does not affect prior processing).

6) Sharing and Disclosure

We do not sell personal information and do not “share” personal information for cross-context behavioral advertising.

We share with:

• Service Providers/Processors: cloud hosting, storage/CDNs, analytics/measurement, content moderation, security/fraud, communications.
  
• Recipients & Audience You Choose:messages and posts are delivered to the recipients, groups, or spaces you select (including display of your profile, alias, and any content metadata as needed to deliver the feature).
  
• Corporate Transactions: in a merger, acquisition, or asset sale, your information may transfer to the new owner.
  
• Legal & Safety: to comply with law, lawful requests, or to protect rights, safety, and property.
  
• With Your Direction: if you export content, generate share links, or participate in collaborations.
  

We require processors to handle data according to our instructions and this Policy.

7) Cookies, SDKs, and Similar Technologies

• What we use: necessary cookies/SDKs (auth, security) and analytics/diagnostics.
  
• Your choices: browser/OS settings, and (where required) consent banners/preferences to enable analytics.
  
• GPC (Global Privacy Control): we honor GPC where legally required; we do not sell/share personal information.
  

8) Your Privacy Choices

• AI Training & Personalization Settings: In-app, you can manage personalization and (where available) limit certain uses of identifiable data for model training beyond strictly necessary service operation. We will continue to use de-identified/aggregated data to improve the Services and models.
  
• Chat/Community Controls: You can delete your copy of certain messages or posts where the product supports it. Deletions generally do not remove content from recipients’ devices or group/community history.
  
• Communications: opt out of non-essential emails via the footer, device settings, or in-app.
  
• Access/Deletion/Correction: email privacy@8up.ai (see Sections 9 and 11 for rights/verification).
  
• Appeals (certain U.S. states): if we deny your request, you may appeal by replying to our decision email; unresolved complaints may be escalated to your state regulator.
  

9) State-Specific U.S. Rights (Summary)

Depending on your state, you may have rights to access/know, delete, correct, opt out of targeted advertising/sale/profiling (we do not engage in targeted ads or sale), and data portability.

How to exercise: email privacy@8up.ai or use in-app controls. We’ll verify requests (e.g., email/account checks). Authorized agents (CA): may submit requests with proof of authorization and identity. We respond within legally required timelines.

9.1 California “Notice at Collection”

We collect the following categories (CPRA) for the purposes in Sections 4–6 and retain them per Section 12:

• Identifiers (e.g., email, device IDs).
  
• Customer records (limited account metadata).
  
• Protected characteristics (age/age range if provided; used for safety/compliance).
  
• Commercial information (app events/engagement; no payments today).
  
• Internet/network activity (logs, analytics, diagnostics).
  
• Geolocation (coarse, from IP or device settings).
  
• Audio/visual/UGC you provide (including messages and community posts).
  
• Inferences we generate (e.g., interests for personalization).
  

We do not sell or share personal information for cross-context behavioral advertising. We do not use Sensitive Personal Information for purposes that require a “Limit” right beyond service delivery and security.

10) Children and Teens

• Under 13: The Services are not directed to children under 13. We do not knowingly collect personal information from children under 13; if we learn we have, we will delete it and take appropriate steps.
  
• Ages 13–15 (California and similar laws): We do not sell or share personal information of users we know are 13–15.
  
• Under 16: We do not sell or share personal information of users we know are under 16.
  
• Parents/Guardians: may request access or deletion of a minor’s account by emailing privacy@8up.ai; we will verify your authority.
  

11) International Users (EEA/UK and Others)

11.1 Your Rights (EEA/UK)

You may have the right to access, rectify, erase, restrict, object, and port your personal data, and to withdraw consent at any time. You also have the right to lodge a complaint with your data protection authority (e.g., the European Data Protection Board authorities or the UK ICO).

How to exercise: email privacy@8up.ai. We may request additional information to verify your identity and will respond within the timelines set by law.

11.2 Transfers Outside Your Region

We process data in the United States and elsewhere. Where required, we use Standard Contractual Clauses (and any required UK/Swiss addenda) or other approved safeguards to protect your data when transferred. Details are available upon request.

12) Retention

We retain personal information only as long as necessary for the purposes in this Policy:

• Account data & UGC (including messages and posts): for the life of the account; after account closure, your profile is deleted or disabled, but messages and posts previously delivered to others or displayed in group/community spaces may continue to be available to those recipients/spaces to preserve conversation and community history; where feasible we may relabel attribution (e.g., “Deleted User”).
  
• Safety/security logs and moderation artifacts: typically 12–36 months (longer if investigating abuse or as legally required).
  
• Legal/Compliance: as needed to comply with obligations, resolve disputes, and enforce agreements.
  

12.1 Trained Models, Derived Data, and Post-Deletion Use

• We build and improve models using data from the Service, including chat/community content. After you delete your account or request deletion, we will delete or de-identify your personal information in accordance with this Policy and applicable law.
  
• De-identified outputs of training (e.g., model parameters/weights, statistical insights, and other aggregated or de-identified derivatives) may be retained and used by 8up.ai indefinitely to operate, maintain, and improve the Services. We do not re-train models to “forget” contributions already learned, and we do not attempt to re-identify individuals from de-identified data.
  
• Where law requires stricter handling (e.g., a specific jurisdiction mandates deeper deletion), we will comply with that law.
  

13) Security

We implement technical and organizational measures designed to protect personal information (e.g., encryption in transit, access controls, monitoring). Chats and community features are not end-to-end encrypted. No system is 100% secure; you are responsible for safeguarding your account credentials.

14) Automated Decision-Making & Profiling

We may use automated processing (including models we train) to support features like recommendations, ranking, safety, and moderation. In regions that grant rights related to automated decisions, you may object, request human review, or contest certain outcomes, subject to applicable law and product capabilities.

15) Third-Party Links and Services

Our Services may contain links to third-party websites, SDKs, or services. We are not responsible for their privacy practices. Review their policies before providing personal information.

16) Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will provide notice (e.g., in-app, email, or posting). Your continued use of the Services after the effective date constitutes acceptance.

17) How to Contact Us

Email: privacy@8up.ai
 Support: support@8up.ai
 Postal: 8upAI, Inc., 8 The Green, STE A, Dover, DE 19901, USA

18) Regional Disclosures (Quick Reference)

• EEA/UK: See Sections 5, 7, 8, 11 for legal bases, cookies consent, rights, and transfers (SCCs).
  
• California & other U.S. states: See Sections 7–9 for state rights; we do not sell/share personal information or use cross-context behavioral advertising.
  

Appendix A — “Notice at Collection” (California)

Categories Collected: Identifiers; Customer Records (limited); Internet Activity; Geolocation (coarse); Messages/Posts (UGC); Inferences.
Purposes: Provide services (including message delivery and community hosting); security/moderation; improvement; AI training & personalization; communications; compliance.
Retention: See Section 12.
Sold/Shared: We do not sell personal information or share it for cross-context behavioral advertising.
Sensitive Personal Information: We do not use or disclose SPI for purposes that require a “Limit” right beyond service delivery and security.