# Phase Pal Privacy Policy

Personal Information We Collect

Information You Provide to Us

• Third-Party Authentication: When you sign in through Steam, we receive information such as your Steam username, profile, and linked email address (depending on your Steam privacy settings).
• User-Generated Content: You may use your own 3D models locally in the desktop app to replace avatars. These models are not uploaded to our servers or shared with other users.
• Communications: If you contact us for support, we may collect your name, email, and message content.
• Chat Data: Text and prompts you input when interacting with the mascots are processed to generate responses.

Information We Collect Automatically

• Usage Information: Interactions such as feature usage, crash logs, and error reports.
• Device and Application Information: Operating system version and general system data. We do not collect personally identifying details such as device name.
• Location Information: We infer your country/region from your Steam account or operating system locale to enforce regional compliance. We do not request precise geolocation.

Information We Receive from Third Parties

• We may receive information from third-party platforms such as Steam when you authenticate through their services, or from payment processors when you make purchases through our Services.

How We Use Your Personal Information

• To provide, maintain, and continuously improve our Services and user experience.
• To authenticate your identity and manage your Steam-linked account access.
• To enable and facilitate AI chat interactions and voice communication features.
• To process payments and handle transactions for premium features and services.
• To communicate with you regarding service updates, respond to support inquiries, and provide technical assistance.
• To ensure compliance with applicable laws and regulations, prevent fraud, and maintain platform safety and security.
• To generate anonymized or aggregated statistical data for analytical purposes and service optimization.

Regional Modes of Operation

• Default (Cloud-First Mode): Outside of China and certain GDPR contexts, the application connects to cloud APIs (e.g., OpenAI, Groq, OpenRouter) to deliver AI chat and voice features.
• EEA Users: Chat histories are always stored locally on your device. Storing chat history on our U.S.-based servers for syncing requires your explicit opt-in consent.
• China Users: The app runs in Local LLM Mode only, with no cloud or external connections being made, and all AI features are processed on-device.

How We Disclose Your Personal Information

• Vendors and Service Providers: We may share your information with trusted third-party vendors and service providers, including cloud hosting services (such as Supabase), analytics providers, and payment processors, to support our operational needs and service delivery.
• Third-Party AI Providers: When cloud-based AI features are enabled, we may transmit your chat inputs and related data to third-party AI service providers (such as OpenAI or Groq) to generate responses and enable AI functionality.
• Legal Compliance: We may disclose your information when required by applicable laws, regulations, legal processes, or governmental requests, including to comply with legal obligations and protect our rights.
• Business Transfers: In the event of a merger, acquisition, sale of assets, or other business transaction involving our company, your information may be transferred as part of the transaction, subject to the same privacy protections outlined in this policy.
• With Your Consent: We may share your information with third parties when you have explicitly provided your consent for such sharing, or when you direct us to do so through your interactions with our Services.

There are no public profiles or user-to-user content visibility in Phase Pal. All activity is single-user and local to your machine.

Your Choices

• You can manage your account settings and control account linkage through your Steam account preferences at any time.
• You have the right to opt out of receiving promotional emails and marketing communications from us at any time by following the unsubscribe instructions in those communications.
• You may adjust your Steam privacy settings to control what information Steam shares with us and other third-party applications.

China-Specific Data Management

• For users in China, local chat file creation cannot be disabled to ensure compliance with local regulations, but you retain full control over your data.
• You may delete your chat history and related data at any time through the application settings, providing you with complete control over your personal information.
• No cloud synchronization or external data transfers occur for users in China, ensuring all data processing remains local to your device.

Purposes and Legal Basis of Processing (GDPR)

For users located in the European Economic Area (EEA), we process your personal data in accordance with the General Data Protection Regulation (GDPR). Below, we outline the specific purposes for processing your data and the corresponding legal basis under GDPR:

• Steam Account Data: We process your Steam account information, including username and profile details, to authenticate your identity and manage your account access. This processing is necessary for the performance of our contract with you to provide our Services. (Legal basis: Article 6(1)(b) GDPR - Contract)
• Chat Data and AI Processing: We process text inputs and conversation data to provide AI-generated responses and enable chat functionality. Data is stored locally by default, and cloud synchronization for chat history in the EEA requires your explicit consent. (Legal basis: Article 6(1)(a) GDPR - Consent)
• User-Generated Content (3D Models): We process custom 3D models that you choose to use for avatar personalization within the desktop application. This processing is necessary to fulfill our contractual obligation to provide the personalization features you have requested. (Legal basis: Article 6(1)(b) GDPR - Contract)
• Analytics and Performance Data: We collect anonymized usage statistics and performance metrics to analyze user behavior, identify technical issues, and improve our Services. This processing serves our legitimate interests in maintaining and enhancing service quality. (Legal basis: Article 6(1)(f) GDPR - Legitimate Interests)
• Payment Processing: We process payment information through trusted third-party providers such as Stripe or Steam to complete transactions for premium features. This processing is essential for the performance of our contract to deliver the paid services you have requested. (Legal basis: Article 6(1)(b) GDPR - Contract)

Data Retention

• Chat Data and Conversation History: Your chat data is always retained locally on your device. For EEA users, storing chat history on our U.S.-based servers for synchronization purposes requires your explicit opt-in consent and will only be retained for as long as you maintain an active account or until you request deletion.
• Account Information: Your account-related data is maintained for the duration of your account's active status. Upon account closure or deletion request, this information will be permanently removed from our systems within a reasonable timeframe, subject to applicable legal requirements.
• Analytics and Usage Data: We retain anonymized analytics and performance data for a maximum period of 24 months to support our legitimate interests in service improvement and technical maintenance. This data cannot be used to identify individual users.
• Payment and Transaction Records: Financial transaction data is retained for the period required by applicable tax laws and financial regulations, typically 7 years from the date of the transaction, to ensure compliance with legal and accounting obligations.

Children's Privacy

Our Services are not directed to children under 13. If you believe a child has provided personal information, contact us at hello@consistencyai.net.

Security

We implement comprehensive security measures to protect your personal information, including end-to-end encryption for data in transit, strict access controls with role-based permissions, regular security audits and penetration testing, and secure data storage practices. Our development team follows industry best practices for secure coding and regularly updates our systems to address emerging security threats. However, please be aware that no system can be considered completely immune to all potential security risks, and we encourage users to implement their own security best practices when using our Services.

International Data Transfers

• EEA Users: Any international transfers of personal data to the United States are conducted in full compliance with GDPR requirements, relying on Standard Contractual Clauses (SCCs) approved by the European Commission and implementing appropriate technical and organizational safeguards to ensure the protection of your data.
• China Users: Due to local regulatory requirements and our commitment to data localization, no international data transfers occur for users located in China. All data processing and storage remains within the country, ensuring compliance with Chinese data protection laws and regulations.

Data Protection by Design and Default

Our Services are designed with a cloud-first approach to deliver advanced AI features and functionality. However, we have implemented comprehensive privacy-by-design principles to ensure your data protection rights are respected across all operational modes.

• For users in the European Economic Area, storing chat history on our U.S.-based servers for synchronization purposes requires your explicit opt-in consent, and we provide clear information about the data transfer implications before obtaining such consent.
• For users in China, the application operates exclusively in local-only offline mode to comply with local data protection requirements, ensuring complete data residency and eliminating any external data transfers.

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we are committed to complying with all applicable breach notification requirements. For users in the European Economic Area, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33. Affected users will be notified without undue delay when the breach is likely to result in a high risk to their rights and freedoms. For users in other jurisdictions, we will provide appropriate notifications in accordance with local data protection laws and regulations.

China-Specific Privacy Policy

1. Offline Operation: The application operates entirely offline without any connectivity to external AI services, ensuring complete data isolation and compliance with Chinese data protection requirements.
2. Data Residency: All user data, including chat conversations and personal information, remains stored locally on your device with no transmission to external servers or third-party services.
3. Approved AI Models: Only locally hosted AI models that have been approved for use in China, such as Qwen, DeepSeek, and Alibaba models, are utilized for processing, ensuring regulatory compliance.
4. Localized Consent Process: Chinese users are presented with a comprehensive, localized consent interface that clearly explains local data processing practices, user rights, and data deletion procedures in their native language.
5. User Data Control: Chat files and conversation data are created and stored locally by default, and you maintain complete control to review, manage, or delete this data at any time through the application's settings interface.

Contact Information

We are committed to addressing your privacy concerns and questions. If you have any questions, concerns, or requests regarding this Privacy Policy, your personal data, or our data protection practices, please do not hesitate to contact us: