Legal

Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your data.

Last Updated: January 1, 2025 | Effective Date: January 1, 2025

Table of Contents

  1. Introduction
  2. Information We Collect
  3. How We Use Your Information
  4. AI and Data Processing
  5. Data Sharing and Disclosure
  6. Data Retention
  7. Data Security
  8. Your Rights and Choices
  9. GDPR Compliance (European Users)
  10. CCPA Compliance (California Users)
  11. Children's Privacy (COPPA)
  12. International Data Transfers
  13. Cookies and Tracking
  14. Third-Party Services
  15. Changes to This Policy
  16. Contact Information

1. Introduction

Welcome to SheraBot ("we," "our," "us," or the "Service"), an AI chatbot application developed and operated by SheraAI Technologies, founded by Shaheer. This Privacy Policy describes how we collect, use, disclose, and safeguard your personal information when you use our mobile application, web application, and related services (collectively, the "Service").

By accessing or using SheraBot, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

Important Notice: SheraBot utilizes artificial intelligence technology to provide conversational services. This Privacy Policy specifically addresses how AI processes your data and the unique considerations associated with AI-powered services.

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: When you sign in with Google, we receive your Google account information including your name, email address, and profile picture.
  • Chat Content: The messages, questions, and conversations you have with SheraBot, including text input and any context you provide.
  • User Preferences: Your settings, preferences, selected AI model, theme choices, and other customization options.
  • Support Communications: Information you provide when contacting our support team, including your inquiry and contact details.

2.2 Information Collected Automatically

  • Device Information: Device type, operating system, unique device identifiers, browser type, screen resolution, and device settings.
  • Usage Data: How you interact with the Service, including features used, time spent, click patterns, and navigation paths.
  • Log Data: IP address, access times, pages viewed, app crashes, and other diagnostic data.
  • Location Data: General geographic location based on IP address (not precise GPS location).

2.3 Information from Third Parties

  • Google Sign-In: Authentication data and profile information from Google when you choose to sign in.
  • Firebase Services: Authentication tokens, analytics data, and crash reports from Google Firebase.
  • AI Service Providers: Response data from our AI model providers (Google Gemini, OpenRouter) necessary to provide the Service.

3. How We Use Your Information

3.1 Primary Uses

  • Provide the Service: Process your messages through AI models and deliver intelligent responses.
  • Account Management: Create and manage your account, authenticate your identity, and sync data across devices.
  • Chat History: Store and retrieve your conversation history so you can continue previous discussions.
  • Personalization: Remember your preferences, selected AI model, and customize your experience.
  • Customer Support: Respond to your inquiries, troubleshoot issues, and provide technical assistance.

3.2 Secondary Uses

  • Service Improvement: Analyze usage patterns to improve features, fix bugs, and enhance user experience.
  • Security: Detect, prevent, and respond to fraud, abuse, security risks, and technical issues.
  • Communications: Send service-related notices, updates, and (with consent) promotional materials.
  • Legal Compliance: Comply with applicable laws, regulations, and legal processes.

3.3 Legal Bases for Processing (GDPR)

For users in the European Economic Area (EEA), we process your data based on:

  • Contract Performance: Processing necessary to provide the Service you requested.
  • Legitimate Interests: Processing for our legitimate business interests, such as improving the Service and ensuring security.
  • Consent: Where you have given explicit consent for specific processing activities.
  • Legal Obligation: Processing necessary to comply with legal requirements.

4. AI and Data Processing

This section is particularly important as it explains how artificial intelligence processes your data.

4.1 How AI Processes Your Messages

When you send a message to SheraBot:

  1. Your message is transmitted securely to our servers.
  2. The message is sent to the AI model provider (Google Gemini or OpenRouter) for processing.
  3. The AI generates a response based on your message and conversation context.
  4. The response is transmitted back to you through our servers.
  5. Both your message and the AI's response are stored in your chat history (if signed in).

4.2 AI Model Providers

SheraBot uses the following AI services:

  • Google Gemini API: For Gemini 1.5 Pro model. Subject to Google's AI policies.
  • OpenRouter: For Mistral 7B, Llama 3, and OpenChat models. Subject to OpenRouter's privacy policy.

4.3 AI Training and Your Data

Important: We do NOT use your personal conversations to train or improve AI models. Your chats are:

  • NOT used for AI model training
  • NOT shared with third parties for machine learning purposes
  • NOT sold or licensed to any entity
  • Processed only to provide you with AI responses

Third-party AI providers may have their own data policies. We encourage you to review their privacy policies.

4.4 AI Limitations and Accuracy

AI-generated responses may contain inaccuracies, biases, or errors. Users should:

  • Not rely on AI responses for medical, legal, financial, or safety-critical decisions
  • Verify important information from authoritative sources
  • Report harmful or inappropriate AI responses to our support team

5. Data Sharing and Disclosure

5.1 We DO NOT Sell Your Data

SheraBot does not sell, rent, or trade your personal information to third parties for marketing or any other purpose.

5.2 Service Providers

We share data with trusted service providers who assist in operating our Service:

  • Google Firebase: Authentication, database, analytics, and crash reporting.
  • Google Cloud: Cloud infrastructure and hosting.
  • AI Providers: Google Gemini and OpenRouter for AI processing.

These providers are contractually obligated to protect your data and use it only for providing services to us.

5.3 Legal Disclosures

We may disclose your information when required by law or in good faith belief that such action is necessary to:

  • Comply with legal obligations, court orders, or legal processes
  • Protect and defend our rights or property
  • Prevent or investigate possible wrongdoing
  • Protect the safety of users or the public
  • Protect against legal liability

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your data is transferred and becomes subject to a different privacy policy.

6. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this policy:

  • Account Data: Retained while your account is active. Deleted upon account deletion request.
  • Chat History: Retained until you delete it or request account deletion.
  • Usage Analytics: Aggregated data retained for up to 26 months.
  • Support Communications: Retained for up to 3 years for quality and legal purposes.
  • Legal Requirements: Some data may be retained longer if required by law.

7. Data Security

We implement robust security measures to protect your information:

7.1 Technical Safeguards

  • Encryption: Data encrypted in transit (TLS/SSL) and at rest.
  • Authentication: Secure authentication through Google Sign-In and Firebase Auth.
  • Access Controls: Strict access controls and authentication for our systems.
  • Monitoring: Continuous monitoring for security threats and vulnerabilities.

7.2 Organizational Safeguards

  • Limited access to personal data on a need-to-know basis
  • Regular security assessments and audits
  • Incident response procedures for data breaches
  • Employee training on data protection

7.3 Your Responsibilities

You are responsible for:

  • Keeping your Google account credentials secure
  • Signing out on shared devices
  • Notifying us of any unauthorized access

8. Your Rights and Choices

You have the following rights regarding your personal data:

8.1 Access and Portability

You can access your chat history within the app. For a complete copy of your data, contact us at contact@shera-ai.com.

8.2 Correction

You can update your preferences in app settings. Contact us to correct other personal information.

8.3 Deletion

You can:

  • Delete individual chats within the app
  • Delete all chat history in settings
  • Request complete account deletion by contacting support

8.4 Opt-Out

You can opt out of:

  • Marketing communications (via email unsubscribe)
  • Analytics (via device settings)
  • Personalized features (via app settings)

8.5 Exercising Your Rights

To exercise any of these rights, contact us at contact@shera-ai.com. We will respond within 30 days (or as required by applicable law).

9. GDPR Compliance (European Users)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

9.1 Your GDPR Rights

  • Right to Access: Obtain confirmation and a copy of your personal data.
  • Right to Rectification: Correct inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten").
  • Right to Restrict Processing: Limit how we use your data.
  • Right to Data Portability: Receive your data in a machine-readable format.
  • Right to Object: Object to processing based on legitimate interests.
  • Right to Withdraw Consent: Withdraw consent at any time.
  • Right to Lodge a Complaint: File a complaint with your local data protection authority.

9.2 Data Controller

SheraAI Technologies acts as the data controller for your personal information. Contact: contact@shera-ai.com

9.3 Response Time

We will respond to GDPR requests within 30 days. Complex requests may take up to 90 days with notification.

10. CCPA Compliance (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

10.1 Your CCPA Rights

  • Right to Know: Request disclosure of personal information collected, used, and shared.
  • Right to Delete: Request deletion of your personal information.
  • Right to Opt-Out: Opt out of the sale or sharing of personal information.
  • Right to Non-Discrimination: Not be discriminated against for exercising your rights.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Limit Use: Limit use of sensitive personal information.

10.2 We Do Not Sell Personal Information

SheraBot does not sell personal information as defined by CCPA. We do not share personal information for cross-context behavioral advertising.

10.3 Categories of Information

In the past 12 months, we have collected:

  • Identifiers (name, email, IP address)
  • Internet activity (usage data, chat content)
  • Geolocation (general location from IP)
  • Inferences (preferences, interests)

10.4 Exercising CCPA Rights

Submit requests via: contact@shera-ai.com. We will verify your identity and respond within 45 days.

11. Children's Privacy (COPPA)

SheraBot is not intended for children under 13 years of age.

11.1 Age Restrictions

  • Users must be at least 13 years old to use SheraBot.
  • Users under 18 should use SheraBot only with parental consent.
  • We do not knowingly collect information from children under 13.

11.2 Parental Rights

If you believe we have collected information from a child under 13, please contact us immediately at contact@shera-ai.com. We will:

  • Promptly investigate the matter
  • Delete the child's information
  • Terminate the child's account

12. International Data Transfers

Your information may be transferred to and processed in countries other than your own, including the United States, where our servers and service providers are located.

12.1 Transfer Safeguards

We ensure appropriate safeguards for international transfers:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions for transfers to approved countries
  • Compliance with applicable data transfer frameworks

12.2 Your Consent

By using SheraBot, you consent to the transfer of your information to countries that may have different data protection laws than your jurisdiction.

13. Cookies and Tracking Technologies

13.1 What We Use

  • Essential Cookies: Required for authentication and core functionality.
  • Analytics: Firebase Analytics to understand usage patterns.
  • Local Storage: Store preferences and session data locally.

13.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling certain cookies may affect functionality.

13.3 Do Not Track

We currently do not respond to "Do Not Track" browser signals as there is no industry standard for compliance.

14. Third-Party Services

SheraBot integrates with third-party services. Each has its own privacy policy:

We encourage you to review these policies. We are not responsible for the privacy practices of third parties.

15. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes:

  • We will update the "Last Updated" date at the top of this policy.
  • For material changes, we will provide notice through the app or email.
  • Continued use after changes constitutes acceptance of the updated policy.

We encourage you to review this policy periodically.

16. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

SheraAI Technologies

Data Controller: Shaheer (Founder)

Email: contact@shera-ai.com

Website: https://shera-ai.com

Instagram: @sheraai

We aim to respond to all inquiries within 30 days.