Privacy Policy
Effective Date: December 12, 2024
1. Information We Collect
We collect the following information to provide our services:
- Account information (name, email address, phone number)
- Payment information (processed securely by SSLCommerz, bKash, Nagad, Rocket)
- API usage data (models used, request count, costs, tokens consumed)
- Technical information (IP address, browser type, device information)
- Support communications (emails, chat messages, support tickets)
2. How We Use Your Information
- Provide and maintain our API services and platform
- Process payments and prevent fraud
- Send service updates, important notices, and marketing communications (with opt-out)
- Improve our platform and develop new features
- Analyze usage patterns to optimize service performance
- Comply with legal obligations and respond to legal requests
- Protect our rights and prevent abuse
3. Data Storage and Security
Your data is stored securely on encrypted servers (Supabase). We implement industry-standard security measures:
- SSL/TLS encryption for data in transit
- Encrypted database storage (AES-256)
- Regular security audits and vulnerability assessments
- Access controls and authentication (JWT tokens, API keys)
- Rate limiting to prevent abuse
- Secure payment processing (no card data stored on our servers)
4. Third-Party Services
We use the following third-party services to provide our platform:
- SSLCommerz: Payment processing (credit/debit cards)
- bKash/Nagad/Rocket: Mobile money payments
- Supabase: Database and authentication services
- Vercel: Hosting and CDN services
- Cloudflare: DDoS protection and CDN
- AI Providers: OpenAI, Anthropic, Google, Groq, DeepInfra, Replicate (API processing only)
- Upstash: Redis caching service
These services have their own privacy policies. We only share data necessary for service provision.
5. Data Retention
- Account Data: Retained while your account is active, deleted 30 days after account closure
- Usage Logs: Retained for 30 days, then archived or deleted
- Payment Records: Retained for 7 years (legal requirement in Bangladesh)
- Support Tickets: Retained for 2 years after resolution
6. Your Rights
You have the right to:
- Access: Request a copy of your personal data
- Correction: Update or correct inaccurate data via dashboard
- Deletion: Request deletion of your account and data
- Export: Export your usage logs and account data
- Opt-out: Unsubscribe from marketing communications
- Object: Object to processing of your data for certain purposes
To exercise these rights, contact us at privacy@mayuai.com
7. Cookies and Tracking
We use cookies and similar technologies to:
- Maintain your session and authentication state
- Remember your preferences
- Analyze site usage (Google Analytics - anonymized)
- Prevent fraud and abuse
You can control cookies through your browser settings. Disabling cookies may affect site functionality.
8. Bangladesh Compliance
We comply with:
- Bangladesh Bank guidelines for digital payments
- Data protection regulations applicable in Bangladesh
- PCI DSS standards for payment processing
- GDPR principles (where applicable to international users)
9. Children's Privacy
Our service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.
10. Updates to This Policy
We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes via:
- Email notification to your registered email address
- Platform notification in your dashboard
- Updated "Effective Date" at the top of this page
Continued use of our service after changes constitutes acceptance of the updated policy.
11. Contact Us
For privacy-related questions, requests, or concerns:
- Email: privacy@mayuai.com
- Support: support@mayuai.com
- Address: Dhaka, Bangladesh
We will respond to your request within 30 days.