Privacy Policy

1. OUR COMMITMENT TO PRIVACY

This Privacy Policy explains how just4o.chat, a service operated by LK Digital Solutions LLC (the "Company"), collects, uses, stores, and protects your data when you use the Service.

OUR CORE PRIVACY PROMISE: We do not sell or rent your personal information, and we do not share your personal information or chat data with third parties for their own marketing, advertising, or other independent commercial purposes. We use data to operate, secure, support, and improve the Service, and we disclose data only as described in this Privacy Policy.

For a practical explanation of our moderation, risk, and enforcement approach, see our Safety page.

2. DATA WE COLLECT

We collect the categories of data described in this Privacy Policy to operate, secure, measure, bill, support, and improve the Service. Some of these data are stored on our servers, and some are stored in your browser through cookies, localStorage, or sessionStorage.

2.1 ACCOUNT INFORMATION. When you create an account, we collect your email address and basic profile information through Google Firebase Authentication. This information is used solely for account management, authentication, and communication about your account.

2.2 USAGE DATA. We collect usage data to manage account limits and billing, including:

• Model usage counts per user account
• Daily and monthly usage limits tracking
• Account tier and subscription status

This usage data is tied to your user account and is used solely for service management and billing purposes.

2.3 SESSION ACTIVITY DATA. When you are logged in, we create session records under your account identifier to support account history, in-product session views, and safety notices. These records may include a session ID, session start time, last active time, last interaction time, active session duration counted in seconds, whether the session is currently paused for inactivity, and the number of chats you sent during that session. Our active-time counter is designed to pause after more than five (5) minutes without interaction and resume when you return.

2.4 CONTENT DATA. Your conversations, chat logs, user-generated content, and associated metadata are stored in our backend infrastructure (Google Firestore). We preserve full transcripts so you can retrieve conversations across sessions, devices, and linked accounts, and so automated systems (e.g., memory tools or usage tracking) can operate accurately.

2.5 TECHNICAL DATA. We automatically collect certain technical information when you use our Service, including IP addresses, browser information, and device characteristics. This data is used for security purposes, fraud prevention, abuse detection, rate limiting, and service optimization.

2.6 HUMAN ACCESS LIMITATION. We do not routinely read private chat content. Human review may occur only when you ask for support, give consent, content is reported or triggers safety or moderation systems, we investigate abuse, fraud, security incidents, or technical issues, or we are required or permitted to do so by law or to protect rights, safety, or the integrity of the Service. Automated systems may process conversation content to deliver features without manual review.

2.7 MODERATION HEURISTIC DATA. When content is blocked or otherwise triggers a moderation violation, we may store moderation metadata in a separate audit record for enforcement and safety review. That metadata can include the triggered categories, heuristic scores, thresholds, timestamps, source, and resulting enforcement state, along with the request IP address or a derived IP hash when needed for abuse investigation. Our moderation audit records are designed to store the violation metadata rather than the violating prompt text itself, and those metadata records may be reviewed by admins for enforcement, appeals, abuse investigation, and account-safety decisions.

2.8 CONTACT, REFERRAL, AND ABUSE-PREVENTION LOGS. When you submit a contact form request or a referral link, we may store the submission contents, your account identifier, your display name and email address (for referrals), and the request IP address or a derived IP hash. We use these records to review submissions, detect fraud or spam, investigate abuse, and enforce submission rate limits.

2.9 BROWSER STORAGE AND PREFERENCE DATA. We use browser-side storage, including localStorage and sessionStorage, to remember product preferences and temporary state. Depending on the feature you use, this may include theme and font preferences, model-selector filters, voice and TTS settings, sidebar and interface state, recent image-editor state, reference-image selections, project media selections, saved Wikipedia workspace state, session-tracking metadata, session-notice dismissal state, and similar convenience or cache data tied to your browser or account.

2.10 COOKIE AND ATTRIBUTION DATA. We use an essential cookie to store your cookie consent preferences. If you opt in to analytics cookies, Google Analytics may collect page-view and related measurement data. If you opt in to marketing cookies, the Reddit pixel may collect page-visit and sign-up attribution data. Separately, completed paid subscriptions may trigger server-side conversion reporting to Reddit for campaign measurement, which may include identifiers such as an internal user ID, account email, conversion ID, subscription value, and currency.

2.11 PAID ACCOUNT IP AUDIT DATA. If you initiate, maintain, or use a paid account, we may store IP addresses observed during checkout, subscription management, or authenticated paid use in a dedicated paid-account IP audit record. We use these records for Stripe-related location checks, fraud prevention, abuse prevention, tax or compliance review, and dispute resolution.

3. HOW WE PROTECT YOUR DATA

We implement security measures to protect your data. Our Service is hosted on Vercel, which provides encryption for data in transit (HTTPS/TLS) and at rest. Data stored in Google Firestore is encrypted using Google's encryption infrastructure.

3.1 ENCRYPTION. Data transmitted to and from our Service is encrypted in transit using HTTPS/TLS. Data stored in Google Firestore is encrypted at rest using Google's encryption standards. We rely on Vercel and Google's encryption infrastructure for data protection.

3.2 ACCESS CONTROLS. Access to user data is limited to what is necessary to provide the Service. We use Google Firebase Authentication for account access control.

3.3 DATA MINIMIZATION. We collect only the data necessary to provide our Service.

4. OUR DATA SHARING AND DISTRIBUTION POLICY

4.1 NO SALE OR THIRD-PARTY MARKETING SHARING. We do not sell or rent your personal information. We also do not share your personal information with third parties for their own direct marketing, advertising, or other independent commercial use.

4.2 DISCLOSURES NECESSARY TO OPERATE THE SERVICE. We may disclose information in the following circumstances:

• Legal Requirements: When required by law, court order, or government regulation
• Account Security: To protect against fraud, security threats, or account abuse
• Service Providers: To essential service providers who help us host, secure, bill, monitor, analyze, support, or operate the Service, including infrastructure providers and AI model or inference providers (such as Google for infrastructure services; AI model providers including OpenAI, xAI, Google AI, and Anthropic; Fireworks AI for many open-sourced AI model deployments; Cerebras for GPT OSS 120B Fast and GLM 4.7 Fast; and ElevenLabs and xAI for voice)
• Optional Analytics or Marketing Tools: If you opt in to analytics or marketing cookies, limited technical data may be processed by the third-party tools you choose to enable
• Conversion and Campaign Measurement: We may report limited signup or purchase conversion data to measurement partners, such as Reddit, to understand ad performance and attribute paid subscription conversions
• User Consent: When you explicitly consent to specific data sharing
• Corporate Transactions: In connection with a merger, financing, acquisition, reorganization, bankruptcy, or sale of all or part of our business or assets, subject to applicable legal and confidentiality protections

4.3 THIRD-PARTY SERVICE PROVIDERS. We may engage third-party service providers for essential Service operations. All such providers are carefully selected and must comply with our data protection standards and applicable privacy laws. We require all providers to maintain the same level of data protection as we do.

5. GOOGLE BACKEND INFRASTRUCTURE AND USER RESPONSIBILITY

5.1 GOOGLE'S ROLE IN OUR SERVICE. Our Service utilizes Google (Firebase) as its backend infrastructure provider. This includes:

• Google Firebase Authentication for user login and account management
• Google Firestore for secure data storage and database operations
• Google Firebase Admin SDK for server-side processing
• Google Cloud Platform services for hosting and infrastructure

5.2 USER ACCOUNT MANAGEMENT. Your account authentication and login process is managed entirely by Google Firebase Authentication. This allows you to access your account from any device or location where you can authenticate with Google. Google maintains the authentication infrastructure and handles login security.

5.3 USER RESPONSIBILITY FOR GOOGLE SERVICES. While we select and configure Google services to meet high security and privacy standards, you acknowledge that Google maintains and operates the underlying infrastructure. You are responsible for any security incidents, data breaches, service outages, or other issues that may arise from Google's infrastructure, including but not limited to:

• Authentication system compromises or failures
• Google account security breaches
• Google service outages or disruptions
• Changes to Google's policies or terms
• Google's data processing and privacy practices
• Cross-border data transfers by Google
• Google's compliance with international privacy laws

5.4 GOOGLE'S PRIVACY PRACTICES. Google's privacy practices and data handling are governed by Google's Privacy Policy and Terms of Service. You are responsible for reviewing and understanding Google's privacy policies, as they apply to the authentication and infrastructure services we use.

6. AI MODEL PROVIDER INTERACTIONS

6.1 OUR ROLE AS A PLATFORM. just4o.chat is a platform service that provides access to AI models. We are not the developers, owners, or operators of the underlying AI models. Our Service acts as an intermediary between users and AI model providers, including OpenAI, xAI, Google AI, Anthropic, Fireworks AI (for many open-sourced AI model deployments), Cerebras (for GPT OSS 120B Fast and GLM 4.7 Fast inference), and voice providers including ElevenLabs and xAI, and any successor providers we may add.

6.2 DATA TRANSMISSION TO MODEL PROVIDERS. When you submit queries or prompts through our Service, your input data is transmitted to the AI model provider's servers for processing. This transmission is necessary for the Service to function and provide AI responses.

6.3 MODEL PROVIDER DATA HANDLING. AI model providers have their own privacy policies and data handling practices. You acknowledge that:

• Your queries are processed on the model provider's infrastructure
• The model provider may retain your data for training, improvement, or operational purposes
• The model provider's privacy practices apply to data processed on their servers
• You are responsible for understanding and accepting the model provider's terms

6.4 PROVIDER-SPECIFIC CONSIDERATIONS. Each provider (for example, OpenAI, xAI, Google AI, Anthropic, Fireworks AI, Cerebras, ElevenLabs, and xAI voice services) maintains its own privacy policy and terms. Your use of a given model or voice feature is subject to that provider's terms, including any rights the provider claims to use submitted data for safety, compliance, or product improvement. For clarity, GPT OSS 120B Fast is an OpenAI model served through Cerebras, and GLM 4.7 Fast is a Z.ai model served through Cerebras.

6.5 MEMORY AND BACKGROUND PROCESSING. Automated memory and personalization features may send limited excerpts of recent conversations to model providers other than the one currently answering your chat (for example, to xAI, Google AI, or Anthropic) solely to evaluate whether a memory should be created, updated, or deleted. However, the live assistant responses you see in the chat window always come from the exact model you selected—what you see is what you get.

6.6 DATA RETENTION IN OUR SYSTEMS. We retain both user inputs and AI-generated outputs in our Google infrastructure so that you can review prior interactions and so automated features continue to function. Retention lasts until you delete the content or your account, subject to legal requirements outlined in Section 9.

7. INTERNATIONAL DATA TRANSFERS

7.1 CROSS-BORDER DATA TRANSFERS. Your data may be transferred to and processed in countries other than your own, including countries that may not have the same data protection laws as your country of residence. These transfers occur because:

• Our infrastructure is hosted on Google's global cloud platform
• AI model providers operate servers in multiple jurisdictions
• Our Service is accessible worldwide

7.2 ADEQUACY AND SAFEGUARDS. We ensure that all international data transfers are conducted in compliance with applicable data protection laws. This includes implementing appropriate safeguards such as standard contractual clauses, adequacy decisions, and other legally recognized transfer mechanisms.

7.3 YOUR RIGHTS REGARDING TRANSFERS. You have the right to obtain information about the safeguards we implement for international data transfers. Please contact us if you require more details about specific transfer mechanisms.

8. YOUR RIGHTS AND CHOICES

8.1 ACCESS TO YOUR DATA. You have the right to access the personal data we hold about you. You can view and download your chat history, account information, and other stored data through the Service interface.

8.2 DATA PORTABILITY. You can export your data in a portable format at any time. This includes your chat logs, project data, and account information.

8.3 DATA CORRECTION. You can update or correct your account information and personal data through the Service settings.

8.4 DATA DELETION. You can delete your account and all associated data at any time. Upon deletion, we will permanently remove your data from our systems, subject to legal retention requirements.

8.5 OPT-OUT RIGHTS. You can opt out of non-essential data collection and processing. However, some data collection is necessary for the Service to function.

8.6 COMPLAINT RIGHTS. If you believe your privacy rights have been violated, you have the right to lodge a complaint with the relevant data protection authority in your jurisdiction.

9. DATA RETENTION

9.1 ACTIVE ACCOUNT DATA. We retain your data for as long as your account is active or as needed to provide the Service. Chat logs, conversation history, and memory artifacts are retained until you delete them or close your account.

9.2 SESSION ACTIVITY RECORDS. Session activity records tied to your account, including active duration and chats-sent counts, are retained with your account data so you can view recent sessions and so we can provide safety-related usage notices. These records are deleted when your account data is deleted, subject to legal retention requirements.

9.3 MODERATION AUDIT METADATA. Moderation audit metadata, including heuristic categories, scores, thresholds, timestamps, enforcement outcomes, and associated IP address metadata or IP hashes, may be retained for safety, abuse prevention, policy enforcement, appeals, and legal compliance. These records are distinct from the violating prompt text itself.

9.4 CONTACT, REFERRAL, AND RATE-LIMITING RECORDS. Contact-submission records, referral submission records, and related rate-limiting or abuse-prevention logs may be retained for support, fraud-prevention, anti-spam review, enforcement, and legal compliance.

9.5 ACCOUNT CLOSURE. When you close your account, we delete your personal data within 30 days, subject to legal retention requirements.

9.6 LEGAL RETENTION. We may retain certain data longer if required by law, for legal proceedings, or to resolve disputes.

10. COOKIES AND TRACKING

10.1 COOKIE USAGE. We use cookies and similar technologies to enhance your experience and provide the Service. We also use localStorage and sessionStorage for product preferences and temporary workspace state. Cookies are small text files stored on your device. localStorage and sessionStorage are browser storage mechanisms that let the Service remember settings and short-term state.

10.2 ESSENTIAL COOKIES AND ESSENTIAL BROWSER STORAGE. We use:

• Consent Cookie: We store a cookie named j4o_cookie_consent so the Service can remember whether you accepted or rejected analytics and marketing cookies
• Preference Storage: We use localStorage or sessionStorage for preferences and convenience features such as theme, font, model filters, voice settings, sidebar state, image-editor state, and other temporary workspace data
• Session and Safety State: We use sessionStorage for session-tracking metadata and related notice state so the app can maintain recent-session context inside your browser session

10.3 ANALYTICS COOKIES. If you opt in to analytics cookies, we load Google Analytics with IP anonymization enabled. Google Analytics may set cookies such as _ga,_gid, _gat, and _ga_* and may receive page-path and related measurement data when you navigate the site.

10.4 MARKETING COOKIES AND ATTRIBUTION. If you opt in to marketing cookies, we load the Reddit pixel, which may set cookies such as rdt_uuid, rdt_cid, and relatedrdt_* cookies and may receive page-visit or sign-up conversion events. Separately from browser cookies, our backend may report paid subscription conversions to Reddit's Conversions API for campaign measurement. Those server-side purchase events may include data such as an internal user ID, account email, subscription or conversion identifier, plan value, and currency.

10.5 THIRD-PARTY COOKIE CONTROL. If you opt in to analytics or marketing cookies, third-party providers such as Google Analytics and Reddit may set cookies or receive event data subject to their own privacy policies. We do not control those third-party cookies once their tools are enabled.

10.6 FIRST-PARTY SESSION TRACKING. Separately from cookies, logged-in use of the Service may create first-party session records stored with your account in our backend. Those records are used to show your current session time, count chats sent within a session, pause the timer during inactivity, and trigger a gentle usage notice after roughly one hour of active session time in Safety Mode, or roughly two hours otherwise. This is product functionality and safety telemetry, not third-party advertising.

10.7 COOKIE MANAGEMENT. You can control cookie settings through your browser and through the in-product Cookie settings. Disabling analytics or marketing cookies may cause us to stop loading the associated client-side tags and to clear certain cookies we can identify, but it may not affect browser storage used for essential product functionality.

11. CHILDREN'S PRIVACY

Our Service is intended only for adults who are at least eighteen (18) years old. We do not knowingly permit use by minors or knowingly collect personal information from anyone under 18. If we learn that a minor has created an account or provided personal information, we may suspend the account and delete the associated data where appropriate.

12. CHANGES TO THIS PRIVACY POLICY

12.1 POLICY UPDATES. We may update this Privacy Policy at any time to reflect changes in our practices, technology, service providers, or legal requirements. Updates may take effect immediately upon posting.

12.2 NOTICE OF CHANGES. We will notify you of material changes by:

• Posting the updated policy on our website
• Sending an email notification to registered users
• Providing in-Service notifications

12.3 EFFECTIVE DATE. Changes take effect immediately upon posting, unless otherwise specified. For material updates, we may require you to review and re-accept the updated policy before continuing to use the Service.

12.4 PROVIDER AND LAW-ENFORCEMENT REQUESTS. We may disclose stored data when required to comply with binding law, lawful process, enforceable governmental requests, or when reasonably necessary to enforce our terms, investigate abuse, protect users or the public, or satisfy contractual obligations tied to integrated providers. Where appropriate, we will disclose only the information we reasonably believe is necessary for that purpose.

13. CONTACT US

If you have any questions about this Privacy Policy or our data practices, please contact us at: just4ochat@gmail.com

For privacy inquiries or to exercise your rights, please contact us at: just4ochat@gmail.com