Privacy Policy
Last updated: February 12, 2026
1. Introduction
EMO Ai ("we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your information when you use our platform at emoai.ai (the "Platform"). This policy applies to all users worldwide, including those in the European Economic Area (EEA) and United Kingdom, where the General Data Protection Regulation (GDPR) applies.
2. Information We Collect
2.1 Account Information. When you create an account, we collect your name, email address, and profile information provided through our OAuth authentication provider. You may also provide an optional bio and profile avatar.
2.2 Purchase and Payment Data. When you make a purchase, payment is processed by Stripe. We store your Stripe customer ID and order metadata (product purchased, date, amount). We do not store your full credit card number, CVV, or card expiration date — Stripe handles all sensitive payment data.
2.3 Usage Data. We collect information about how you use the Platform, including pages visited, features used, AI chat interactions, challenge activity, and timestamps. This helps us improve the Platform and personalize your experience.
2.4 User-Generated Content. We store content you create on the Platform, including custom EMOs, characters, reviews, messages, quiz responses, and challenge submissions.
2.5 Communications. If you subscribe to our newsletter, we collect your email address. We may also collect information from support requests or feedback you provide.
2.6 Cookies and Local Storage. We use essential cookies for authentication (session cookies) and local storage for user preferences (theme, cookie consent, onboarding status). See Section 7 for details.
3. How We Use Your Information
We use your information for the following purposes:
- Service Delivery: To operate the Platform, process purchases, deliver digital products, and manage your account.
- Personalization: To customize your experience, including product recommendations, quiz results, and AI chat interactions.
- Communication: To send order confirmations, subscription updates, newsletter digests, and platform notifications (based on your preferences).
- Analytics: To understand how the Platform is used and improve our services. We use Umami Analytics, a privacy-focused analytics tool that does not use cookies for tracking.
- Security: To detect and prevent fraud, abuse, and unauthorized access.
- Legal Compliance: To comply with applicable laws and respond to legal requests.
4. Legal Basis for Processing (GDPR)
For users in the EEA and UK, we process your data under the following legal bases:
- Contract Performance: Processing necessary to deliver products and services you have purchased (Article 6(1)(b)).
- Legitimate Interest: Processing for analytics, security, and Platform improvement where our interests do not override your rights (Article 6(1)(f)).
- Consent: Processing based on your explicit consent, such as newsletter subscriptions and optional notifications (Article 6(1)(a)).
- Legal Obligation: Processing required to comply with applicable laws (Article 6(1)(c)).
5. Third-Party Services
We share data with the following third-party services, each with their own privacy policies:
| Service | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Email, name, payment details |
| Manus OAuth | Authentication | Name, email, profile ID |
| Umami Analytics | Privacy-focused analytics | Anonymized page views (no PII) |
| Resend | Email delivery | Email address, message content |
| AWS S3 | File storage | Uploaded avatars and generated images |
6. Data Retention
We retain your personal data for as long as your account is active or as needed to provide services. If you request account deletion, we will remove your personal data within 30 days, except where retention is required by law (e.g., financial records for tax purposes). Anonymized analytics data may be retained indefinitely. Newsletter subscribers can unsubscribe at any time using the link in each email.
7. Cookies and Tracking
7.1 Essential Cookies. We use session cookies for authentication. These are strictly necessary for the Platform to function and cannot be disabled.
7.2 Local Storage. We use browser local storage to save your preferences (theme, cookie consent, onboarding completion, recently compared products). This data stays on your device and is not transmitted to our servers.
7.3 Analytics. We use Umami, a privacy-focused analytics service that does not use cookies and does not collect personally identifiable information. It tracks aggregate page views and events only.
7.4 No Third-Party Tracking. We do not use advertising cookies, social media tracking pixels, or any third-party tracking technologies beyond those listed above.
8. Your Rights (GDPR and Global)
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate or incomplete data.
- Erasure: Request deletion of your personal data ("right to be forgotten").
- Restriction: Request that we limit how we process your data.
- Portability: Request your data in a structured, machine-readable format.
- Objection: Object to processing based on legitimate interest.
- Withdraw Consent: Withdraw consent at any time where processing is based on consent.
To exercise any of these rights, please contact us through the Platform's support channels. We will respond within 30 days.
9. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including encrypted connections (HTTPS/TLS), secure authentication, and access controls. Payment data is handled exclusively by Stripe, which is PCI DSS Level 1 certified. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.
10. International Data Transfers
Your data may be processed in countries outside your country of residence. Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, including standard contractual clauses or adequacy decisions recognized by the European Commission.
11. Children's Privacy
The Platform is not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete that information promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated through the Platform or via email. The "Last updated" date at the top of this page indicates when the policy was last revised. Your continued use of the Platform after changes are posted constitutes acceptance of the updated policy.
13. Contact
If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us through the Platform's support channels or visit our Blog for updates and announcements.