Upcube — Privacy Policy

Upcube Inc. (“Upcube,” “we,” “our,” or “us”) is headquartered in New York, NY 10005, USA. This Privacy Policy explains how we handle personal data (“Personal Data”) when you use our websites, applications, and services— including chatbot, search, voice, and image generation (the “Services”).

This Policy does not apply to data we process on behalf of business customers under separate contracts (for example, enterprise plans or APIs), where we act as a service provider/processor under that agreement.

A. Data you provide

• Account info: name, contact details, login credentials, payment details, transaction history.
• User Content (“Content”): inputs you provide and outputs you receive (prompts, files, images, audio, chats), depending on features used.
• Communications: emails, support requests, social messages, and related metadata.
• Other submissions: surveys, events, identity verification if required.

B. Data from your use of the Services (Technical Information)

• Log data: IP address, browser type/settings, timestamps, pages/features used.
• Usage data: feature usage, actions taken, time zone, country, device/OS, app version, user agent.
• Device info: device identifiers, crash logs, performance diagnostics.
• Location info: general location from IP for security/fraud prevention and service quality; some features may request precise location with your permission.
• Cookies & similar tech: sessions, preferences, analytics, and security (see Cookies).

C. Data from other sources

• Security and fraud partners (to prevent abuse).
• Marketing partners (prospect info for B2B outreach).
• Publicly available information used to improve Services (subject to law and our controls).

• Provide & operate the Services (responses, search, voice, image features).
• Improve & develop (quality, reliability, safety, research/testing).
• Communicate (product updates, transactional messages, security notices, events).
• Protect the Services and users (fraud, abuse, security incidents, policy enforcement).
• Comply with law and protect rights, privacy, safety, and property.

We may aggregate or de-identify Personal Data for analytics, research, and service improvement. We will not re-identify de-identified data unless required by law.

Use of your Content to improve the Services

We may use your Content (inputs/outputs) to maintain, develop, and improve the Services. You may opt out of some improvement uses (where available) via account data controls or by emailing [email protected]. Opting out may reduce personalization or feature quality.

• Vendors / Service Providers (hosting, support, safety monitoring, communications, analytics, payments, CDN).
• Affiliates under common ownership/control (consistent with this Policy).
• Business account admins may access/manage account and Content when you use an organization email or join an org space.
• Legal / Safety as required by law or to protect rights, safety, and security; investigate misuse.
• Business transactions (merger, acquisition, financing, asset transfer) with protections.
• With your direction (integrations you use; links/outputs you share).

We do not sell Personal Data or share it for cross-context behavioral advertising, and we do not process sensitive Personal Data to infer characteristics as defined by certain U.S. state laws.

We retain Personal Data only as long as needed to provide the Services and for legitimate business purposes (e.g., security, dispute resolution, legal obligations). Retention depends on purpose, sensitivity, risk, and legal requirements. Some retention can be controlled by you via settings or by contacting [email protected].

Depending on your location, you may have rights to access, delete, correct, port, restrict/object, withdraw consent (where applicable), and complain to a supervisory authority.

You can exercise many rights in account settings or by emailing [email protected]. We may need to verify your identity. Authorized-agent requests may require proof of authority and additional verification.

About accuracy of outputs

Outputs may be incomplete or inaccurate and should not be your sole source of truth or a substitute for professional advice. If output includes information about you that you believe is inaccurate and you want it corrected/removed, email [email protected] with applicable law and technical feasibility in mind.

International transfers

Personal Data may be processed in the U.S. and other countries. We apply protections in this Policy regardless of where data is processed and use lawful transfer mechanisms where required.

The Services are not directed to children under 13. We do not knowingly collect Personal Data from children under 13. If you believe a child under 13 has provided Personal Data, contact [email protected]; we will investigate and delete where appropriate. Users under 18 must have parental/guardian permission.

We implement administrative, technical, and organizational measures designed to protect Personal Data against unauthorized access, loss, or misuse. No system is perfectly secure; use strong passwords, enable MFA, and consider the sensitivity of what you share.

The table below summarizes categories of Personal Data we may collect and purposes/disclosures. This section is intended to help with state privacy law transparency requirements.

Exercising rights / appeals: email [email protected]. Verification may be required.

We use cookies and similar tech for sessions, preferences, analytics, and security. Manage preferences in your browser and (where provided) via our Cookie Settings. See our Cookie Notice for details.

We may update this Policy periodically. If we make material changes, we’ll provide notice (e.g., in-product or email) and update the effective date. Continued use after the effective date means you accept the updated Policy.

Upcube Inc.New York, NY 10005, USAPrivacy & DSAR: [email protected]

Not legal advice. Please consult counsel before publishing.

This summary provides additional details for EEA/UK/Switzerland users. If there is a conflict between this notice and the main Policy, this notice controls for those regions.

• Controller: Upcube Inc. (and any appointed EU/UK representative where required).
• Lawful bases: contract; legitimate interests (security, fraud prevention, improvement); consent (where required, e.g., marketing or precise location); legal obligations.
• Rights: access, deletion, correction, portability, restriction/objection, consent withdrawal, complaint to DPA/ICO.
• Transfers: standard contractual clauses or other lawful mechanisms.
• Retention: based on purpose, sensitivity, risk, and law.
• Contact: [email protected]