Privacy Policy

1. Introduction & Overview

Welcome to Stelle. We are committed to providing you with a proactive, personalized AI companion that respects your privacy and safeguards your data. This Privacy Policy outlines how we collect, use, store, and protect your information, ensuring transparency and trust in every interaction.

At Stelle, we believe that your data is yours. Our decentralized, privacy-first architecture is designed to empower you with control over your information while delivering seamless, cross-platform assistance.

2. Scope & Applicability

This Privacy Policy applies to:

• Users of the Stelle Platform: Whether you interact with our web application, mobile app, or APIs, the guidelines herein apply to all end users.
• Third Parties: Partners and service providers who interact with Stelle data under contractual obligations.
• Contexts of Data Processing: This policy covers data collected via user interactions, file uploads, text and image processing, OAuth integration (where applicable), and financial transactions related to premium services and enterprise solutions.

3. Data Collection & Use

3.1 Types of Data Collected

• Personal Information: This may include user IDs, session IDs, names, email addresses, and authentication tokens obtained via OAuth integrations.
• Interaction Data: Your prompts, chat histories, and file uploads (including PDFs, DOCX, TXT, and images) that are processed for features like multi-modal context retrieval and long-term memory updates.
• Technical Data: Device identifiers, IP addresses, browser types, and usage statistics collected to optimize performance and user experience.
• External Content: URLs and content fetched from external sources when provided in your queries.

3.2 Purposes for Data Collection

• Authentication & Personalization: To verify your identity securely and tailor the AI’s responses based on your past interactions.
• Feature Enhancement: To improve our services through context-aware responses, file content analysis, and long-term memory functions.
• Analytics & Performance: To conduct internal analytics, optimize system performance, and support research and development initiatives.
• Third-Party Services: Some data may be shared with trusted third-party services (e.g., payment processors, OAuth providers) solely to facilitate core functionalities.

4. OAuth Integration & Authentication

Stelle integrates OAuth protocols to ensure secure and efficient user authentication. When you sign in through an OAuth provider, only the minimal necessary data (such as your unique user ID and authentication tokens) is exchanged. Our system uses these tokens strictly for verification and does not store sensitive credentials beyond the session’s lifetime. Rigorous safeguards—including secure transmission protocols (HTTPS) and token expiration policies—ensure that your authentication credentials remain protected throughout your interactions.

5. Payment Processing & Monetary Transactions

• Secure Handling: Financial transactions are processed using industry-standard encryption and transmitted securely. We partner with PCI-DSS–compliant payment processors to handle all monetary data.
• Data Minimization: We do not store full credit card details or sensitive financial information on our servers. Instead, only transaction confirmations and necessary billing data are maintained for record-keeping and support.
• Fraud Prevention: Additional security measures, including real-time fraud detection and secure payment gateways, are in place to protect your transactions.

6. Data Storage & Security

6.1 Data Storage

Infrastructure: User data—including chats, file uploads, and long-term memory summaries—is stored in secure databases (e.g., MongoDB) and processed using advanced indexing techniques (e.g., FAISS) as detailed in our backend architecture.

Decentralized Options: In line with our commitment to privacy, certain data may be stored on decentralized networks (e.g., IPFS) or encrypted locally to give you enhanced control.

6.2 Security Measures

• Encryption: Data is encrypted in transit (using HTTPS) and at rest, ensuring that unauthorized access is prevented.
• Access Controls: Strict access controls and authentication protocols limit data access to authorized personnel only.
• Regular Audits: We conduct periodic security audits and vulnerability assessments to maintain high standards of data protection.
• Compliance Certifications: We adhere to industry standards and may obtain relevant certifications (e.g., PCI-DSS for payment processing) to reinforce our commitment to security.

7. User Rights & Control

We respect your rights regarding your personal data. You have the right to:

• Access and Review: Request a copy of the personal data we hold about you.
• Modify or Update: Correct inaccuracies or update your personal information.
• Delete: Request the deletion of your personal data, subject to any legal obligations.
• Opt-Out: Opt out of non-essential data collection or marketing communications. Instructions for opting out are provided within your account settings and in our communications.
• Raise Concerns: Contact us with any questions or concerns regarding your data privacy.

8. Compliance & Legal Considerations

• GDPR (General Data Protection Regulation)
• CCPA (California Consumer Privacy Act)
• Other regional regulations applicable to the jurisdictions in which our users reside.

8.1 Legal Basis for Data Processing

Data processing is conducted based on:

• User Consent: Where applicable, you provide explicit consent for data collection.
• Contractual Necessity: Data is processed to fulfill your requests and ensure the proper func- tioning of our services.
• Legitimate Interests: We may process data to improve our services, prevent fraud, and ensure operational security, provided these interests do not override your fundamental rights.

9 Updates to the Privacy Policy

We reserve the right to update this Privacy Policy as our practices evolve. When significant changes are made:

• Notification: We will notify users via email, platform notifications, or by posting a prominent notice on our website.
• Version History: The effective date of the updated policy will be clearly indicated at the top of this document.
• Review: We encourage you to review the Privacy Policy periodically to stay informed about how your information is protected.