QAYANI Logo
QAYANI
Back to Home

Privacy Policy

Last updated: October 28, 2025

1. Introduction

QAYANI ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our digital legacy platform.

By using QAYANI, you consent to the data practices described in this policy. If you do not agree with this policy, please do not access or use our Service.

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: Name, email address, password (encrypted), profile photo
  • Voice Recordings: Audio files uploaded for personality creation and voice cloning
  • Personality Data: Name, relationship, biographical information, memories, traits
  • Transcriptions: Text extracted from voice recordings via speech-to-text services
  • Messages: Chat messages with AI personalities, scheduled message content
  • Payment Information: Billing details processed through Stripe (we do not store credit card numbers)
  • Family Connections: Email addresses of invited family members, relationship details

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, time spent, interaction patterns
  • Device Information: Browser type, operating system, IP address, device identifiers
  • Cookies: Authentication tokens, session data, user preferences
  • Analytics: Aggregated usage statistics via analytics services

2.3 Information from Third Parties

  • Authentication Providers: Google OAuth (name, email, profile photo)
  • Payment Processors: Stripe (payment confirmation, subscription status)
  • AI Services: ElevenLabs (voice cloning processing), OpenAI (transcription and chat responses)

3. How We Use Your Information

We use collected information for the following purposes:

3.1 Core Service Delivery

  • Creating and managing user accounts
  • Processing voice recordings and creating AI-powered voice clones
  • Transcribing audio content using OpenAI Whisper
  • Generating conversational AI responses based on personality data
  • Storing and delivering scheduled messages
  • Facilitating family sharing and collaboration
  • Processing subscription payments and managing billing

3.2 Service Improvement

  • Analyzing usage patterns to improve features
  • Debugging technical issues and optimizing performance
  • Conducting research and development for new features
  • Training AI models to improve response quality (only with explicit consent)

3.3 Communication

  • Sending transactional emails (account confirmations, password resets)
  • Delivering scheduled messages to recipients
  • Notifying you of service updates and new features
  • Responding to support inquiries
  • Sending marketing communications (with your consent; opt-out available)

3.4 Legal and Security

  • Complying with legal obligations and responding to lawful requests
  • Protecting against fraud, abuse, and security threats
  • Enforcing our Terms of Service
  • Resolving disputes and investigating violations

4. Data Sharing and Third-Party Services

We share your information with third parties only as described below:

4.1 Essential Service Providers

  • Supabase: Database and authentication (PostgreSQL hosting, file storage)
  • Vercel: Web hosting and serverless functions
  • ElevenLabs: Voice cloning and text-to-speech generation (voice recordings processed)
  • OpenAI: Speech-to-text transcription (Whisper) and conversational AI (GPT-3.5-turbo)
  • Stripe: Payment processing (billing information, subscription management)
  • Resend: Email delivery service (scheduled messages, notifications)

4.2 Analytics and Monitoring

  • Analytics services to understand usage patterns (anonymized data)
  • Error monitoring services for debugging (e.g., Sentry - when implemented)

4.3 Legal Requirements

We may disclose your information if required by law, court order, or government request, or if necessary to:

  • Comply with legal process
  • Enforce our Terms of Service
  • Protect our rights, privacy, safety, or property
  • Protect the rights, safety, or property of our users or the public

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you via email or prominent notice before your data is transferred.

5. Data Storage and Security

5.1 Data Storage

  • Location: Data stored on Supabase servers (AWS infrastructure)
  • Audio Files: Stored in Supabase Storage with encryption at rest
  • Database: PostgreSQL with row-level security (RLS) policies
  • Backups: Automated daily backups with 30-day retention

5.2 Security Measures

  • Encryption: TLS/SSL for data in transit, AES-256 encryption for data at rest
  • Authentication: Secure password hashing (bcrypt), OAuth 2.0 integration
  • Access Control: Row-level security policies, role-based access control
  • Monitoring: Automated security monitoring and threat detection
  • Compliance: Regular security audits and vulnerability assessments

5.3 Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes outlined in this policy:

  • Active Accounts: Data retained while account is active
  • Account Deletion: Data deleted within 30 days of account closure (except as required by law)
  • Backups: Deleted data may persist in backups for up to 90 days
  • Legal Obligations: Some data retained longer to comply with tax, accounting, or legal requirements

6. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

6.1 Access and Portability

  • Request a copy of your personal data in a structured, machine-readable format
  • Access your account information, recordings, and personality data anytime

6.2 Correction and Update

  • Update your account information through profile settings
  • Request correction of inaccurate or incomplete data

6.3 Deletion

  • Delete your account and all associated data through account settings
  • Request deletion of specific data (e.g., individual recordings)
  • Right to be forgotten (GDPR, CCPA compliant)

6.4 Objection and Restriction

  • Object to processing of your data for marketing purposes
  • Request restriction of processing in certain circumstances
  • Opt out of analytics and non-essential data collection

6.5 Withdraw Consent

  • Withdraw consent for voice cloning or AI processing
  • Unsubscribe from marketing emails (opt-out link provided)

To exercise your rights, contact us at: privacy@qayani.com

We will respond to your request within 30 days (or as required by applicable law).

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience:

7.1 Essential Cookies

  • Authentication tokens (required for login)
  • Session management
  • Security features

7.2 Analytics Cookies

  • Usage tracking and performance monitoring
  • Aggregated statistics (can be disabled)

7.3 Preference Cookies

  • User interface preferences
  • Language and region settings

You can control cookies through your browser settings. Note that disabling essential cookies may affect Service functionality.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws than your jurisdiction.

We ensure appropriate safeguards are in place for international transfers, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements with third-party service providers
  • Compliance with GDPR adequacy decisions

9. Children's Privacy

QAYANI is not intended for children under 18 years of age. We do not knowingly collect personal information from children.

If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information promptly. If you believe we have collected information from a child, please contact us at privacy@qayani.com.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.

Notification: We will notify you of material changes via:

  • Email notification to your registered email address
  • Prominent notice on our website
  • In-app notification

Continued use of the Service after changes indicates acceptance of the updated Privacy Policy.

11. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Email: privacy@qayani.com

Data Protection Officer: dpo@qayani.com

Address: [Your Company Address]

Support: Terms of Service | Data Protection

12. Regulatory Compliance

QAYANI complies with applicable data protection regulations, including:

  • GDPR: General Data Protection Regulation (European Union)
  • CCPA: California Consumer Privacy Act (United States)
  • PIPEDA: Personal Information Protection and Electronic Documents Act (Canada)
  • Other Regional Laws: Compliance with local data protection laws as applicable

Your privacy is important to us. We are committed to protecting your personal information and being transparent about how we use it.