Privacy Policy

At Pitara.ai ("we", "our", or "us"), we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your information when you use our service at pitara.ai.

1. Information We Collect

1.1 Account Information

When you sign up using Google OAuth or GitHub OAuth, we collect:

• Account ID - A unique identifier from your authentication provider
• Email Address - Your account email
• Display Name - Your name as shown on your account
• Profile Picture URL - Link to your profile picture

1.2 Content You Create

We store content you create within Pitara.ai, including:

• Collections and their settings (name, description, visibility)
• Items within collections (images, videos, documents, code, text, links)
• AI chat conversations and history
• 3D model configurations and thumbnails
• Notebooks and their content

1.3 Files You Upload

Any files you upload to Pitara.ai are stored securely, including:

• Images (JPEG, PNG, GIF, WebP, SVG)
• Videos (MP4, WebM, MOV)
• Documents (PDF, DOC, DOCX, TXT)
• Audio files (MP3, WAV, M4A, OGG)
• Code files
• 3D models (GLB, GLTF)

1.4 Usage Information

We automatically collect:

• AI Usage Data - Tokens used, models accessed, operations performed
• Activity Timestamps - Account creation date, last active time
• Error Logs - Browser errors for debugging (if you report a bug)
• Device Information - Browser type, operating system (for bug reports)

1.5 Optional Google Drive Access

If you choose to import Google Docs, we use the Google Picker so you select which documents to share with Pitara. We request only per-file access (drive.file scope) to the documents you explicitly choose—not access to your entire Drive. We store OAuth tokens securely to maintain this connection.

2. How We Use Your Information

• Provide the Service - Store and display your collections and content
• AI Features - Process your prompts through AI services to generate responses and images
• Account Management - Authenticate you and manage your subscription
• Communication - Send collection invitations and sharing notifications
• Improvement - Analyze usage patterns to improve our service
• Support - Respond to bug reports and provide assistance

3. Third-Party Services

Pitara.ai integrates with the following third-party services. When you use features that involve these services, your data is transmitted to them according to their respective privacy policies:

Service	Purpose	Data Shared	Privacy Policy
Google OAuth	Authentication	Email Name Profile	Google Privacy Policy
OpenAI API	AI Chat, Image Generation	Chat messages Uploaded files Images	OpenAI Privacy Policy
Google Gemini API	AI Chat, Image Generation	Chat messages Uploaded files Images	Google Privacy Policy
Amazon Web Services (S3)	File Storage	All uploaded files Generated images	AWS Privacy Policy
Amazon SES	Email Notifications	Email addresses Invitation details	AWS Privacy Policy
Unsplash	Stock Image Search	Search queries	Unsplash Privacy Policy
GitHub OAuth	Authentication	Email Username Profile	GitHub Privacy Statement
AssemblyAI	Audio Transcription	Audio files	AssemblyAI Privacy Policy

4. Data Storage and Security

4.1 Where We Store Data

• Database - User accounts, collections, and metadata are stored in PostgreSQL hosted on Amazon RDS
• File Storage - Uploaded files are stored in Amazon S3 with encryption at rest
• Sessions - Login sessions are managed via secure, signed cookies

4.2 Security Measures

• HTTPS encryption for all data in transit
• OAuth 2.0 for secure authentication (no passwords stored)
• Encrypted storage for OAuth tokens
• Content Security Policy (CSP) headers to prevent XSS attacks
• Rate limiting on API endpoints

5. Data Retention

• Account Data - Retained until you delete your account
• Content - Collections and items are retained until you delete them
• AI Chat History - Stored with your items until deleted
• Usage Logs - Retained for billing and analytics purposes
• Bug Reports - Retained for debugging, may be deleted after resolution

6. Your Rights and Choices

6.1 Access and Control

• View Your Data - Access all your collections and content through the app
• Delete Content - Delete individual items or entire collections at any time
• Export Data - Download your files and content
• Disconnect Services - Revoke Google Drive access from your Google account settings

6.2 Account Deletion

To delete your account and all associated data, please contact us at privacy@pitara.ai. Upon request, we will:

• Delete your account and profile information
• Delete all your collections and items
• Delete all uploaded files from our storage
• Remove your usage records

7. Sharing and Collaboration

When you share a collection with others:

• The recipient can view or edit content based on permissions you set
• We send email notifications about shared collections via Amazon SES
• Public collections are accessible to anyone with the link
• You can revoke access at any time

8. Children's Privacy

Pitara.ai is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

9. International Data Transfers

Our services are hosted in the United States. If you access Pitara.ai from outside the United States, your data will be transferred to and processed in the United States, where data protection laws may differ from those in your country.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by:

• Posting the new policy on this page
• Updating the "Last updated" date
• Sending an email notification for material changes

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

• Email: invite@pitara.ai
• Website: https://pitara.ai