Privacy Policy

At AllDaMemes, your privacy is important to us. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have regarding your data. This policy applies to all users of our website, mobile applications, APIs, and related services.

This Privacy Policy is incorporated into and subject to our Terms of Service. Capitalized terms not defined herein have the meanings set forth in the Terms of Service.

2.1 Information You Provide

• Account Information: When you create an account, we collect your email address, username, display name, and password. If you use social login (Google, Apple, Facebook, Instagram, or X), we receive your name, email address, and profile picture from the provider.
• Profile Information: You may optionally provide a bio, avatar, social media links, and other profile details.
• User Content: Memes, images, GIFs, videos, tags, descriptions, comments, and other content you upload or submit to the Service.
• Communications: Information you provide when contacting us, including support requests, feedback, and correspondence.
• Verification Data: Phone number or email address used for account verification and two-factor authentication.

2.2 Information Collected Automatically

• Usage Data: Pages visited, features used, search queries, content interactions (likes, saves, shares), time spent on pages, and navigation paths.
• Device Information: Device type, operating system, browser type and version, screen resolution, and unique device identifiers.
• Network Information: IP address, approximate geolocation (city/region level), internet service provider, and referring URLs.
• Cookies & Similar Technologies: We use cookies, local storage, and similar technologies as described in Section 7.
• Log Data: Server logs that record requests made to our Service, including timestamps, request URLs, response codes, and error information.

2.3 Information from Third Parties

• Social Login Providers: When you authenticate via Google, Apple, Facebook, Instagram, or X, we receive profile information as authorized by you and the provider's privacy settings.
• Content Analysis Services: Third-party services may provide us with content classification data, reverse image search results, and template identification data related to User Content.

We use the information we collect for the following purposes:

3.1 Service Operation

• Providing, maintaining, and improving the Service.
• Processing and displaying your User Content.
• Authenticating your identity and managing your account.
• Enabling search, discovery, and content recommendation features.
• Operating the gamification system (XP, badges, leaderboards).

3.2 Content Processing

• AI-powered classification, tagging, and description generation (see Section 4).
• Content moderation and safety screening.
• Generating thumbnails and optimized media formats.
• Text extraction via optical character recognition (OCR).
• Reverse image search for origin detection and deduplication.

3.3 Communication

• Sending transactional emails (account verification, password resets, upload confirmations).
• Notifying you about changes to our Service, Terms, or policies.
• Responding to your support requests and inquiries.
• Sending optional marketing communications (with your consent, where required by law).

3.4 Safety & Security

• Detecting, preventing, and addressing fraud, abuse, and security threats.
• Enforcing our Terms of Service and Community Guidelines.
• Protecting the rights, property, and safety of our users and the public.

3.5 Analytics & Improvement

• Understanding how users interact with the Service.
• Improving our AI models, algorithms, and user experience.
• Conducting research and analysis to develop new features.
• Measuring the effectiveness of our Service.

AllDaMemes uses artificial intelligence and machine learning technologies extensively. We believe in transparency about how your data is processed by these systems.

4.1 AI Services Used

4.2 How AI Data Is Used

• AI-generated metadata (tags, descriptions, classifications) is stored alongside your content to improve search and discovery.
• Content is processed through AI pipelines automatically upon upload — no manual opt-in is required to use the Service.
• AI moderation results determine whether content is approved, flagged for human review, or rejected.
• We do not sell AI-processed data to third parties.
• AI processing is performed using cloud-based services hosted within Amazon Web Services (AWS) infrastructure in the United States.

4.3 AI Accuracy & Limitations

AI systems are not perfect. Automated classification, tagging, and moderation decisions may contain errors. If you believe AI-generated metadata associated with your content is inaccurate or inappropriate, you may contact us at contact@obsidiancloud.com to request a review and correction.

We do not sell your personal information. We may share your information in the following circumstances:

• With Other Users: Your public profile information, uploaded content, and associated metadata are visible to other users of the Service as intended by the platform's features.
• Service Providers: We share data with third-party vendors who perform services on our behalf, including cloud infrastructure (AWS), content analysis, and analytics. These providers are contractually obligated to protect your data and use it only for the purposes we specify.
• Legal Obligations: We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Obsidian Cloud, our users, or the public.
• Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.
• With Your Consent: We may share your information for other purposes with your explicit consent.
• Aggregated/De-Identified Data: We may share aggregated or de-identified information that cannot reasonably be used to identify you, for research, analytics, or business purposes.

The Service integrates with third-party services for authentication, content processing, and distribution. Each third-party service has its own privacy policy governing the data they collect:

• Amazon Web Services (AWS): Cloud infrastructure, AI/ML processing, data storage, and content delivery. AWS Privacy Policy
• Google (Login & Vision): Social authentication and image analysis. Google Privacy Policy
• Apple (Login): Social authentication. Apple Privacy Policy
• Meta (Facebook/Instagram Login): Social authentication. Meta Privacy Policy
• X/Twitter (Login): Social authentication. X Privacy Policy

We encourage you to review the privacy policies of any third-party service you use in connection with AllDaMemes.

We use the following types of cookies and similar technologies:

We do not currently use third-party advertising cookies. If this changes, we will update this policy and provide notice.

You can manage cookies through your browser settings. Disabling essential cookies may affect the functionality of the Service. Most browsers allow you to:

• View and delete existing cookies.
• Block all or certain cookies.
• Set preferences for specific websites.
• Enable "Do Not Track" signals (we honor DNT headers where technically feasible).

We retain your information for as long as necessary to fulfill the purposes described in this policy:

• Account Data: Retained for the lifetime of your account. Upon account deletion, we will delete or anonymize your data within 90 days, except as required by law.
• User Content: Retained for the lifetime of your account or until you request deletion. Shared or publicly visible content may persist in other users' collections or caches.
• AI-Generated Metadata: Retained alongside the associated User Content. Deleted when the content is deleted.
• Log Data: Retained for up to 12 months for security and operational purposes, then automatically deleted or aggregated.
• Analytics Data: Retained in aggregated, de-identified form indefinitely for trend analysis and service improvement.
• Legal Obligations: We may retain certain data longer if required by law, to resolve disputes, or to enforce our agreements.

We implement industry-standard security measures to protect your personal information:

• Encryption at Rest: All stored data is encrypted using AES-256 encryption via AWS Key Management Service (KMS).
• Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher.
• Authentication Security: Passwords are hashed using industry-standard algorithms. We support multi-factor authentication (MFA).
• Infrastructure Security: Our infrastructure is hosted on AWS with VPC isolation, security groups, network ACLs, and regular security audits.
• Access Controls: Internal access to user data is restricted to authorized personnel on a need-to-know basis, with audit logging.
• Monitoring: We employ automated threat detection, intrusion detection systems, and security monitoring.

While we take reasonable measures to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security. If you discover a security vulnerability, please report it to contact@obsidiancloud.com.

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete personal information.
• Deletion: Request deletion of your personal information, subject to legal exceptions.
• Portability: Request a machine-readable copy of your data for transfer to another service.
• Restriction: Request that we restrict the processing of your personal information in certain circumstances.
• Objection: Object to the processing of your personal information for certain purposes.
• Withdrawal of Consent: Where processing is based on consent, you may withdraw your consent at any time.
• Opt-Out of Marketing: You can opt out of marketing communications at any time by clicking "unsubscribe" in any marketing email or contacting us.

To exercise any of these rights, please contact us at privacy@obsidiancloud.io. We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with additional rights:

• Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected, the sources of collection, the business purposes for collection, and the categories of third parties with whom we share it.
• Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
• Right to Correct: You have the right to request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.
• Right to Limit Use of Sensitive Personal Information: You may request that we limit the use and disclosure of your sensitive personal information to purposes necessary to provide the Service.

To submit a CCPA/CPRA request, contact us at privacy@obsidiancloud.io with the subject line "CCPA Request." We will verify your identity before processing the request and respond within 45 days.

Categories of Personal Information Collected

If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

Legal Bases for Processing

• Contract Performance: Processing necessary to provide the Service (account management, content hosting, gamification).
• Legitimate Interests: Processing for platform safety, fraud prevention, service improvement, and analytics, where our interests are not overridden by your rights.
• Consent: Processing based on your explicit consent, such as marketing communications and optional data collection.
• Legal Obligation: Processing necessary to comply with applicable laws and regulations.

Your GDPR Rights

In addition to the rights listed in Section 10, you have the right to:

• Lodge a complaint with your local data protection supervisory authority.
• Object to processing based on legitimate interests.
• Request restriction of processing while a complaint is being investigated.
• Not be subject to automated decision-making that produces legal or similarly significant effects, unless necessary for contract performance or based on your explicit consent.

For GDPR-related requests, contact us at privacy@obsidiancloud.io with the subject line "GDPR Request."

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe that your child under 13 has provided us with personal information, please contact us immediately at privacy@obsidiancloud.io.

If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to promptly delete that information from our servers.

Users between 13 and 18 years of age may use the Service only with the consent and supervision of a parent or legal guardian, as described in our Terms of Service.

Your information may be transferred to and processed in the United States and other countries where our service providers operate. These countries may have data protection laws that differ from those in your jurisdiction.

When we transfer data internationally, we implement appropriate safeguards, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission, where applicable.
• Data Processing Agreements with all service providers.
• Encryption of data in transit and at rest.
• Access controls and audit logging.

By using the Service, you acknowledge that your data may be transferred to and processed in the United States.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated policy on this page with a new "Last updated" date, and where appropriate, via email notification or in-app notice.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of the Service after any changes to this policy constitutes your acceptance of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: