This Privacy Policy explains how thorsai ("thorsai," "we," "us," or "our") collects, uses, stores, shares, and protects personal data when you download, install, access, or use the thorsai Android application and related services (collectively, the "Services"). This Policy is designed for the thorsai Android application and replaces website-specific language where not applicable.
This Policy applies together with the thorsai Terms of Use and thorsai Acceptable Use Policy. If mandatory privacy or consumer laws in your jurisdiction grant you stronger rights, those rights remain reserved.
Important note: thorsai is a digital tool and application platform. You remain responsible for your account, your content, your prompts, your uploads, your outputs, and how you choose to use them.
0.1. This Privacy Policy applies when you use the thorsai Android application, interact with support, contact us, make purchases, use in-app features, or otherwise interact with our Services.
0.2. This Policy should be read together with the following texts: Terms of Use and Acceptable Use Policy.
0.3. Subject to mandatory law, if there is a conflict among our legal texts, the general order of precedence is: (i) Terms of Use, (ii) this Privacy Policy, (iii) Acceptable Use Policy, (iv) in-app notices or feature-specific terms, and (v) applicable third-party provider terms for the relevant service.
0.4. This Privacy Policy does not eliminate any non-waivable rights you may have under applicable privacy, consumer, or data protection law.
1.1. Personal Data or Personal Information means information relating to an identified or identifiable natural person.
1.2. Account means a user account created for access to the Services.
1.3. Input means any text, image, audio, video, file, prompt, instruction, or similar material you submit to the Services.
1.4. Output means any text, image, audio, video, code, or similar content generated, processed, or returned through the Services based on your Input.
1.5. Third-Party Services means services or providers outside thorsai, including hosting, model providers, analytics providers, cloud infrastructure, communications providers, app store billing providers, security services, and similar vendors.
1.6. Log Records means technical records maintained for security, debugging, fraud prevention, compliance, diagnostics, service integrity, and abuse prevention.
1.7. Device Data means information about the device, operating system, app version, identifiers, network signals, and technical environment used to access the Services.
2.1. thorsai generally acts as a data controller for account administration, billing records, support communications, security monitoring, and product operations.
2.2. Depending on the nature of your Inputs and Outputs, thorsai may in some scenarios act as a technical intermediary or processor-like service in order to process your requests.
2.3. Before uploading or submitting personal data belonging to third parties, it is your responsibility to ensure that you have a valid legal basis, permission, or consent where required.
2.4. If you use the Services on behalf of a business, team, or organization, that organization may also have responsibilities under applicable privacy law for the data it chooses to process through the Services.
(a) Account and profile data. Examples may include username, email address, account ID, language preference, country or region, and optional business details you provide.
(b) Communications and support data. Examples may include support messages, email correspondence, in-app reports, screenshots you send to us, and troubleshooting details.
(c) Billing and subscription data. Examples may include subscription status, plan type, transaction identifiers, invoice references, purchase history, refund status, and chargeback-related records.
(d) Usage and device data. Examples may include IP address, approximate geolocation derived from network information, device model, Android version, app version, crash reports, session timestamps, feature interaction records, and network diagnostics.
(e) Content data. Examples may include prompts, files, uploaded media, generated media, request parameters, processing metadata, and other content necessary to operate a requested feature.
(f) Security and abuse data. Examples may include suspicious login signals, attack patterns, rate-limit events, unusual usage patterns, account integrity checks, and fraud-prevention signals.
(g) Analytics and performance data. Examples may include feature usage counts, in-app interaction metrics, stability metrics, and performance events.
(h) Legal and complaint data. Examples may include takedown notices, privacy requests, abuse reports, copyright notices, and responses to regulatory or lawful requests.
4.1. We do not intentionally request or require sensitive personal data unless a feature clearly requires it and the user chooses to provide it.
4.2. If you voluntarily submit sensitive data, you are responsible for ensuring that you have the necessary rights, permissions, and legal basis to do so.
4.3. Some AI features may involve voice, image, or text content that could contain personal or sensitive data. You must not upload such content unless you are legally permitted to do so.
5.1. Directly from you, such as when you register, edit your profile, contact support, make a purchase, upload content, or change app settings.
5.2. Automatically, such as through app logs, SDKs, device signals, network diagnostics, security monitoring, performance reporting, and local storage technologies.
5.3. From third parties, such as app store billing providers, analytics providers, cloud infrastructure vendors, security services, communications tools, and model or API providers used to deliver a feature.
6.1. To create and manage accounts, authenticate users, and enable access to the Services.
6.2. To provide requested features, process Inputs, return Outputs, and support app functionality.
6.3. To manage subscriptions, Credits, purchases, billing records, cancellations, refunds, and payment disputes where relevant.
6.4. To maintain security, detect abuse, prevent fraud, investigate suspicious behavior, and protect the integrity of the Services.
6.5. To provide customer support, respond to requests, troubleshoot technical issues, and communicate service-related notices.
6.6. To improve product quality, performance, reliability, usability, and feature development.
6.7. To comply with legal obligations, respond to valid legal requests, resolve disputes, and protect our rights and the rights of others.
7.1. Contract performance, including steps taken before entering into a contract where applicable.
7.2. Legitimate interests, including security, abuse prevention, fraud prevention, service integrity, diagnostics, internal analytics, and product improvement.
7.3. Legal obligations, including compliance with tax, accounting, law-enforcement, and regulatory obligations.
7.4. Consent, where required for certain optional tracking, notifications, or similar features.
7.5. Vital interests or public safety, where necessary in emergency or serious abuse situations.
8.1. We do not sell personal data as a general business practice.
8.2. We may share data only to the extent reasonably necessary to operate the Services, fulfill user requests, process purchases, enforce policies, comply with law, or protect rights and safety.
8.3. Categories of recipients may include:
8.4. Each relevant third-party provider may also apply its own privacy policy and service terms. Your use of a feature powered by a third party may therefore also involve that provider's terms and privacy rules.
9.1. If you make purchases through Google Play or another authorized Android billing channel, payment-related records may be processed according to that provider's systems, rules, and technical limitations.
9.2. In connection with refunds, chargebacks, account security investigations, or fraud reviews, we may need to review and in some cases share limited records such as transaction identifiers, purchase history, subscription status, account creation date, login records, device signals, usage summaries, Credit consumption summaries, support correspondence, or delivery evidence.
9.3. Wherever reasonably possible, we prefer to share summaries and technical usage evidence rather than the full underlying content itself.
9.4. If required for fraud prevention, abuse review, rights protection, legal compliance, or dispute resolution, limited sample data or request-specific records may still be shared to the extent reasonably necessary.
10.1. Data may be stored, processed, or accessed in countries other than the country where you live because our infrastructure and third-party providers may operate internationally.
10.2. By using the Services, you acknowledge that such international transfers may occur.
10.3. Where required by applicable law, we may implement reasonable contractual, technical, or organizational safeguards for such transfers.
11.1. We use reasonable technical and organizational measures intended to protect personal data, such as access controls, monitoring, encryption where appropriate, integrity controls, rate limiting, and security review procedures.
11.2. However, no system can guarantee absolute security. Risks such as unauthorized access, service compromise, device compromise, transmission risk, supply-chain issues, misconfiguration, and user error may still occur.
11.3. You are responsible for helping protect your account by using a strong password, securing your device, enabling additional security features where available, and not sharing access credentials.
11.4. Suspected security incidents may be reported to the contact address listed in the Contact section below.
12.1. Because thorsai is an Android application, the Services may use technologies such as SDKs, device identifiers, local storage, cached files, push notification tokens, diagnostic tools, and similar app technologies rather than traditional browser cookies alone.
12.2. These technologies may be used for authentication, session continuity, security, preferences, performance measurement, feature delivery, and diagnostics.
12.3. Depending on the feature and applicable law, you may be able to control certain permissions, identifiers, or tracking settings through your Android device settings, app permissions, or in-app preference controls.
12.4. Restricting some technologies or permissions may reduce functionality or prevent some features from working properly.
13.1. Retention periods vary depending on the type of data, the purpose of processing, legal requirements, dispute needs, technical constraints, and security considerations.
13.2. Billing or accounting records may be retained for the period required by applicable law.
13.3. Logs, abuse signals, and security records may be retained for a reasonable period for integrity, diagnostics, and fraud-prevention purposes.
13.4. Backup copies may persist for disaster recovery purposes and may not be deleted immediately when a live record is removed.
13.5. When deletion or anonymization is required, we use reasonable technical methods appropriate to the system and data type.
14.1. Depending on your jurisdiction, you may have rights such as access, correction, deletion, restriction, objection, portability, and withdrawal of consent where processing is based on consent.
14.2. To protect account security, we may require identity verification before processing certain privacy requests.
14.3. Some requests may be limited where exceptions apply under law, including security, fraud prevention, legal compliance, protection of others, or record-retention obligations.
15.1. The Services are generally directed to adults or users who are legally permitted to use the Services under applicable local law.
15.2. If a minor uses the Services, local law, parental responsibility, and platform rules may apply.
16.1. The Services may link to or rely on third-party services. We are not responsible for the privacy practices of external services that operate independently from us.
16.2. We encourage users to review the privacy notices of relevant third-party providers, especially where a feature depends on them.
17.1. You are responsible for the legality of the Input and Output content you process through the Services, the permissions and licenses you rely on, and the consequences of your use of the results.
17.2. Some AI outputs may be inaccurate, incomplete, or unsuitable for your intended use. You are responsible for reviewing outputs before relying on, publishing, or distributing them.
17.3. Risks arising from third-party provider outages, policy changes, service limits, errors, or technical restrictions may exist. By using the Services, you acknowledge those operational realities.
18.1. We may update this Privacy Policy at any time.
18.2. The current version becomes effective when published in the app, on an official policy page, or through another official notice channel.
18.3. Your continued use of the Services after an update means that you accept the updated Policy, subject to mandatory legal requirements.
Please replace the placeholders below with your actual thorsai contact addresses before public release:
This appendix is provided for transparency and convenience. The operative privacy terms remain in the main body above.