Privacy Policy

1. Scope

This policy applies to your use of HeyMarmot AI web products, including chat, video and image generation, asset library, credits, and subscription features.

By using our services, you agree that we process personal data as described in this policy to provide and improve core product capabilities.

2. Data We Collect

To run this platform, we may collect the following categories of data:

• Account data: email address, authentication identifiers, and profile information you provide through Better Auth.
• Creation data: prompts, conversation messages, generation task metadata, and files you upload or generate.
• Subscription data: plan, billing status, subscription IDs, and related payment callback data from third-party payment providers (full card data is not stored by us).
• Technical data: basic logs such as request metadata, locale settings, and theme preferences used for security and product operation.

3. How We Use Data

We use data only for product and service operation purposes:

• Authenticate users, enforce account security, and keep user data isolated with row-level access control.
• Run video/image generation workflows, store task states, and display results in your workspace.
• Manage credits, subscription entitlements, payment verification, and support-related operations.
• Monitor service reliability, prevent abuse, and improve product quality.

4. Third-Party Infrastructure and Processing

HeyMarmot AI relies on service providers to deliver core functionality:

• Supabase: PostgreSQL database and access policies. Better Auth: account authentication and session management.
• Cloudflare R2: storage for user-uploaded and generated files.
• ByteDance generation provider: processing video/image generation requests.
• Creem: subscription payment processing and callback notifications.

5. Data Sharing

We do not sell your personal data. Data is shared only with subprocessors required to provide service functionality and only within necessary scope.

We may disclose limited data when required by applicable law, legal process, or to protect platform security and rights.

6. Data Retention

We retain account and creation data while your account remains active or as needed to provide product features.

When data is deleted by product operation or user request, it will be removed or anonymized unless retention is required by law or dispute handling.

7. Your Rights and Choices

You can review and update profile information in account settings, and manage language and theme preferences directly in the product.

For data access, export, correction, or deletion requests, please contact us at support@heymarmot.com.

8. Security Measures

We apply access control, authenticated APIs, and secure storage practices. No method is absolutely secure, but we continuously improve safeguards against unauthorized access.

9. Cross-Border Processing

Because our infrastructure providers may operate globally, your data may be processed in regions outside your country. We limit processing to what is necessary for delivering services.

10. Children's Privacy

Our services are not intended for children under the age required by local law to provide valid consent. Please do not use the platform if you do not meet the applicable age requirement.

11. Policy Updates and Contact

We may update this policy from time to time when product features, legal obligations, or data practices change.

If there are material changes, we will provide notice through the product interface. Continued use after updates means you accept the revised policy. For any privacy-related questions, please contact us at support@heymarmot.com.