Privacy Policy
Effective Date: October 3, 2025
1. INTRODUCTION
Stabledyne (the “Company”, “we”, “our”, or “us”) operates a free, public social‑media platform that lets users create, upload, share, and interact with user‑generated content, AI‑generated images, AI‑generated text, and AI‑driven chat.
Your privacy is a core priority. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, who we share it with, and how you can control it. It also outlines the legal bases for processing your data under the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Brazil’s LGPD, and other applicable privacy statutes.
All privacy‑related inquiries must be sent to privacy@stabledyne.ai.
Note: Community standards, content‑moderation rules, and other non‑privacy policies are documented in separate agreements and are incorporated by reference.
2. DEFINITIONS
| Term | Meaning |
|---|---|
| Personal Data | Any information that can directly or indirectly identify an individual (e.g., name, email address, IP address, device identifiers, biometric data). |
| Special Categories of Personal Data | Data revealing racial or ethnic origin, political opinions, religious beliefs, health, sexual orientation, etc. (We do not intentionally collect such data.) |
| Processing | Any operation performed on personal data, including collection, storage, use, disclosure, modification, or destruction. |
| Data Subject | The individual to whom personal data relates. |
| Controller | The entity that determines the purposes and means of processing personal data (Stabledyne). |
| Processor | A third‑party that processes data on our behalf (e.g., cloud hosting, analytics). |
| Legitimate Interest | A lawful basis permitting us to process data where it is necessary for our business interests, provided those interests are not overridden by the data subject’s rights. |
3. INFORMATION WE COLLECT
| Category | Sources | Typical Examples | Purpose |
|---|---|---|---|
| Account & Profile Data | Directly from you when you register or edit your profile. | Name, email address, username, password (hashed), profile picture, time‑zone, language. | Account creation, authentication, personalization, communications. |
| User‑Generated Content (UGC) | Uploaded or posted by you (images, videos, text, comments, reactions). | Photos, videos, comments, replies, likes, shares, hashtags. | Content delivery, community interaction, moderation, analytics. |
| AI‑Generated Content & Parameters | Generated through the AI image, text, or chat tools. | The resulting AI‑generated image/text, prompts, model settings, iteration logs. | Service provision, model improvement, debugging, research, analytics. |
| Device & Technical Data | Automatically via cookies, web beacons, and server logs. | IP address, browser type, OS, device ID, screen resolution, referrer URL, timestamps, network provider. | Security, fraud detection, performance monitoring, analytics, personalization. |
| Interaction Data | Recorded as you use the platform. | Search queries, navigation paths, clicks, API calls, chat transcripts, session duration. | Feature improvement, product development, targeted recommendations, compliance. |
| Payment / Transaction Data (if/when we add paid features) | Third‑party payment processors (e.g., Stripe). | Transaction ID, billing address, amount, currency. | Billing, receipt generation, fraud prevention. |
| Contact & Support Data | When you email us or use support chat. | Email content, screenshots, support ticket ID. | Customer support, issue resolution. |
We never collect biometric data, health information, or any data revealing special categories unless you voluntarily provide it (e.g., in a support request). Such data is treated as Sensitive Personal Data and processed only with explicit consent.
4. LEGAL BASIS FOR PROCESSING
| Processing Activity | Legal Basis |
|---|---|
| Account creation & management | Contractual necessity – you need an account to use the service. |
| Delivery of UGC & AI‑generated content | Contractual necessity – part of the core service. |
| Sending transactional or security‑related emails | Contractual necessity or Legitimate interest (security). |
| Marketing communications (optional) | Explicit consent (opt‑in). |
| Analytics & performance monitoring | Legitimate interest (improving service) or Consent where required by law. |
| Sharing with processors (hosting, CDN, analytics) | Contractual necessity with processors under a Data Processing Agreement. |
| Responding to legal requests | Legal obligation or Legitimate interest (defense of rights). |
| Transfers outside the EEA/UK/Swiss zone | Standard Contractual Clauses (SCCs), Adequate country determination, or Binding Corporate Rules. |
5. HOW WE USE YOUR INFORMATION
- Provision of Services – Authenticate you, store and display your content, generate AI output, and maintain the platform.
- Security & Fraud Prevention – Detect suspicious activity, protect against unauthorized access, enforce bans, and comply with law‑enforcement requests.
- Improvement & Innovation – Train and fine‑tune our AI models, develop new features, and conduct statistical analysis (aggregated, non‑identifiable).
- Personalization – Present relevant content, recommendations, and UI customizations based on your preferences and interactions.
- Communications – Send account‑related notices (password resets, policy updates), service alerts, and, if you opted‑in, promotional material.
- Legal Compliance – Preserve records for tax, audit, or legal obligations; respond to subpoenas, court orders, or regulatory inquiries.
- Research & Academic Purposes – Use anonymized datasets for scientific research, publications, or to contribute to open‑source AI projects (only after full de‑identification).
We never sell or rent your personal data to third parties for their marketing purposes.
6. SHARING & DISCLOSURE
| Recipient | Reason | Safeguards |
|---|---|---|
| Cloud & Hosting Providers (e.g., AWS, GCP) | Store and serve content, run AI workloads. | Data Processing Agreements; encryption at rest & in transit. |
| Content Delivery Networks (CDNs) | Accelerate media delivery. | Limited to the data needed for caching; subject to DPA. |
| Analytics & Crash‑Reporting Services (e.g., Plausible, Sentry) | Aggregate usage statistics, monitor performance. | IP anonymization, opt‑out where applicable. |
| Third‑Party Payment Processors (if applicable) | Process payments securely. | PCI‑DSS compliance; we never store raw card data. |
| Legal Authorities | Comply with subpoenas, court orders, or legal obligations. | Only the minimum required data; we notify you unless prohibited. |
| Business Transfers | Merger, acquisition, or sale of assets. | Data will be transferred only under equivalent privacy protections. |
All third parties are bound by contractual obligations to protect your data and may process it only per our instructions.
7. INTERNATIONAL DATA TRANSFERS
Your data may be transferred to, stored, and processed in jurisdictions outside the European Economic Area (EEA), United Kingdom, Switzerland, or other regions with differing data‑protection laws (e.g., United States, Singapore).
We safeguard such transfers by:
- Standard Contractual Clauses (SCCs) approved by the European Commission, or
- Adequacy decisions (e.g., UK, Canada, Japan), or
- Binding Corporate Rules (BCRs) for intra‑group transfers.
You can request a copy of the relevant transfer mechanism by contacting privacy@stabledyne.ai.
8. DATA RETENTION
| Data Type | Retention Period | Rationale |
|---|---|---|
| Account credentials (hashed passwords, login history) | As long as the account exists; thereafter 30 days for deletion. | Service continuity & security. |
| User‑Generated Content & AI‑Generated Output | Indefinitely unless you delete it or the account is terminated. | Community archive & public nature of the platform. |
| Device & technical logs (IP, browsers) | 30 days (aggregated) or 90 days (raw logs). | Security monitoring & fraud detection. |
| Support tickets & communications | Indefinitely after ticket closure. | Reference for future support & compliance. |
| Analytics & aggregate statistics | Indefinitely in anonymised form. | Product improvement. |
| Payment data (if applicable) | 7 years (as required by tax regulations). | Financial compliance. |
We will delete or anonymize data when the retention period expires, unless a longer period is required by law (e.g., tax, anti‑money‑laundering).
9. YOUR RIGHTS
9.1 Rights Under GDPR (EEA & UK)
| Right | What It Means | How to Exercise |
|---|---|---|
| Access | Obtain a copy of the personal data we hold about you. | Submit a request to privacy@stabledyne.ai. |
| Rectification | Correct inaccurate or incomplete data. | Update via account settings or request assistance. |
| Erasure (“Right to be Forgotten”) | Delete your personal data (subject to legal limits). | Request via privacy@stabledyne.ai; we may retain content that is publicly posted unless you delete it yourself. |
| Restriction of Processing | Limit how we use your data (e.g., for marketing). | Indicate the restriction in your request. |
| Data Portability | Receive your data in a structured, commonly used format. | Request to privacy@stabledyne.ai. |
| Object | Object to processing based on legitimate interests or direct marketing. | Opt‑out via account settings or email. |
| Withdraw Consent | Revoke any consent previously given (e.g., for marketing). | Use the unsubscribe link in emails or contact us. |
We will respond to verifiable requests within 30 calendar days (extensions possible for complex cases).
9.2 Rights Under CCPA/CPRA (California)
- Right to Know – Request the categories of personal information we collect, sources, and purposes.
- Right to Delete – Request deletion of your personal information (except where we must retain it for legal reasons).
- Right to Opt‑Out of Sale – We do not sell personal data; a “Do Not Sell My Personal Information” link is provided for compliance.
Submit all California‑resident requests to privacy@stabledyne.ai.
9.3 Rights Under LGPD (Brazil)
- Access, correction, anonymization, data portability, and deletion rights are honored in line with GDPR equivalents.
9.4 Do‑Not‑Track (DNT)
Our platform does not currently honor DNT signals because they are not universally standardized. However, you can control tracking via browser settings and cookie preferences (see Section 10).
10. COOKIES, BEACONS, AND TRACKING TECHNOLOGIES
We use strictly necessary cookies for authentication and session management, and performance/analytics cookies (e.g., Plausible) for aggregated usage statistics.
You may:
- Adjust your browser to block or delete cookies.
11. SECURITY MEASURES
- Encryption: TLS 1.3 for data in transit; AES‑256‑GCM for data at rest.
- Access Controls: Role‑based access, multi‑factor authentication for staff, least‑privilege principle.
- Monitoring: Real‑time intrusion detection, regular vulnerability scanning, annual third‑party penetration tests.
- Incident Response: Formal data‑breach response plan; we will notify affected individuals and regulators within 72 hours of discovery, where required by law.
While we implement strong safeguards, no system can be 100 % secure. Users are encouraged to use strong, unique passwords and enable any available security features (e.g., 2FA).
12. CHILDREN’S PRIVACY
Our services are intended for persons aged 13 years or older.
- We do not knowingly collect personal data from children under 13.
- If you believe a child has provided personal data, please contact us at privacy@stabledyne.ai, and we will promptly delete the information.
13. THIRD‑PARTY LINKS & SERVICES
Our platform may contain links to external sites (e.g., social‑media sharing, third‑party AI model providers). This Privacy Policy does not apply to those services. We encourage you to review the privacy notices of any third‑party sites you visit.
14. CHANGES TO THIS PRIVACY POLICY
We may revise this policy to reflect changes in law, technology, or our practices.
- Notice: Significant changes will be posted on github.
- Effective Date: The top of the document will display the date of the latest revision.
We encourage you to review this policy periodically.
15. CONTACT & DPO
Data Protection Officer (DPO)
Stabledyne – privacy@stabledyne.ai
For any questions, requests exercising your rights, or concerns about our privacy practices, please contact the DPO using the email address above.
If you are dissatisfied with our response, you have the right to lodge a complaint with a supervisory authority (e.g., the EU data‑protection authority in your member state, the California Attorney General, or the Brazilian ANPD).