Privacy Policy

Effective Date: December 12, 2024

1. Information We Collect

We collect the following information to provide our services:

  • Account information (name, email address, phone number)
  • Payment information (processed securely by SSLCommerz, bKash, Nagad, Rocket)
  • API usage data (models used, request count, costs, tokens consumed)
  • Technical information (IP address, browser type, device information)
  • Support communications (emails, chat messages, support tickets)

2. How We Use Your Information

  • Provide and maintain our API services and platform
  • Process payments and prevent fraud
  • Send service updates, important notices, and marketing communications (with opt-out)
  • Improve our platform and develop new features
  • Analyze usage patterns to optimize service performance
  • Comply with legal obligations and respond to legal requests
  • Protect our rights and prevent abuse

3. Data Storage and Security

Your data is stored securely on encrypted servers (Supabase). We implement industry-standard security measures:

  • SSL/TLS encryption for data in transit
  • Encrypted database storage (AES-256)
  • Regular security audits and vulnerability assessments
  • Access controls and authentication (JWT tokens, API keys)
  • Rate limiting to prevent abuse
  • Secure payment processing (no card data stored on our servers)

4. Third-Party Services

We use the following third-party services to provide our platform:

  • SSLCommerz: Payment processing (credit/debit cards)
  • bKash/Nagad/Rocket: Mobile money payments
  • Supabase: Database and authentication services
  • Vercel: Hosting and CDN services
  • Cloudflare: DDoS protection and CDN
  • AI Providers: OpenAI, Anthropic, Google, Groq, DeepInfra, Replicate (API processing only)
  • Upstash: Redis caching service

These services have their own privacy policies. We only share data necessary for service provision.

5. Data Retention

  • Account Data: Retained while your account is active, deleted 30 days after account closure
  • Usage Logs: Retained for 30 days, then archived or deleted
  • Payment Records: Retained for 7 years (legal requirement in Bangladesh)
  • Support Tickets: Retained for 2 years after resolution

6. Your Rights

You have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate data via dashboard
  • Deletion: Request deletion of your account and data
  • Export: Export your usage logs and account data
  • Opt-out: Unsubscribe from marketing communications
  • Object: Object to processing of your data for certain purposes

To exercise these rights, contact us at privacy@mayuai.com

7. Cookies and Tracking

We use cookies and similar technologies to:

  • Maintain your session and authentication state
  • Remember your preferences
  • Analyze site usage (Google Analytics - anonymized)
  • Prevent fraud and abuse

You can control cookies through your browser settings. Disabling cookies may affect site functionality.

8. Bangladesh Compliance

We comply with:

  • Bangladesh Bank guidelines for digital payments
  • Data protection regulations applicable in Bangladesh
  • PCI DSS standards for payment processing
  • GDPR principles (where applicable to international users)

9. Children's Privacy

Our service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. Updates to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes via:

  • Email notification to your registered email address
  • Platform notification in your dashboard
  • Updated "Effective Date" at the top of this page

Continued use of our service after changes constitutes acceptance of the updated policy.

11. Contact Us

For privacy-related questions, requests, or concerns:

We will respond to your request within 30 days.