Privacy Policy
Last updated: June 18, 2026
What personal data AI Feeders collects, why, on what legal basis, who processes it, how long we keep it, and the rights you have over it.
DRAFT — must be reviewed by a qualified lawyer before launch.
Plain-language summary
- We collect only what a skills marketplace needs: your account details, your profile, what you upload, what you download and search for, and security logs.
- We never sell your data, and there are no advertising trackers — our analytics tool is cookieless.
- A short list of well-known infrastructure providers (hosting, database, file storage, search, email, monitoring) process data for us under contract.
- Retention is short and specific: login records 90 days, notifications 90 days, audit logs 2 years, deleted accounts fully purged 30 days after you confirm deletion.
- You can export everything yourself (Settings → Privacy → Export my data) and delete your account yourself (Settings → Account).
- EU/EEA users get full GDPR rights — access, correction, erasure, portability, objection — and we answer within one month.
- Children under 13 cannot use the Service anywhere; under 16 cannot use it in the EEA.
- If a data breach puts you at risk, we notify the authorities within the legal deadline and tell you without undue delay.
Document status: Draft 1.0 (2026-06-12). The effective date is assigned when this document is published at aifeders.com/privacy on launch day.
Data controller: the individual operator of aifeders.com, based in Pakistan (the "Operator"). The Operator's full legal name and postal address are published on the /contact page.
Privacy contact: privacy@aifeders.com
1. Scope
This policy covers personal data processed when you visit or use aifeders.com and its media domain (together, the "Service"). It does not cover third-party sites you reach through links — for example a creator's website, or an embedded YouTube/Vimeo video, which loads under that provider's own privacy terms only when you press play.
2. Where your data comes from
We obtain personal data from exactly three sources:
- You give it to us — when you sign up, fill in your profile, upload content, write reviews, change settings, file reports or appeals, or email us.
- Your use of the Service generates it — downloads, likes, searches, page requests, and the security logs created when you sign in.
- Google, if you choose Google sign-in — we receive your email address and a Google account identifier, nothing else. We never receive your Google password and we do not read your Google data.
We do not buy data about you, enrich profiles from data brokers, or track you on other websites.
3. What is public by design
A marketplace only works if some things are public. The following are visible to everyone, including visitors without an account, and may appear in search engines:
- Your username and the optional profile fields you fill in (display name, avatar, banner, bio, website, social links, country).
- Your published skills — listings, files, version history, and changelogs.
- Your reviews and creator replies, shown with your username.
- Your public collections (private collections stay private).
- Aggregate counts on your profile: skills published, total downloads, followers.
Your email address is never public. Your download history is private by default and controllable in Settings → Privacy. Likes and follows are visible only as aggregate counts, not as browsable lists tied to you, unless you make a collection public.
4. Data inventory — what we collect, why, legal basis, and how long we keep it
This table is the complete inventory, mapped to the actual systems described in ../02-database/02-tables-detail.md. Retention periods below mirror the database retention rules in that document.
| Category | What exactly | Purpose | GDPR legal basis | Retention |
|---|---|---|---|---|
| Account data | Email address, username, password hash (Argon2id — never the password itself), Google OAuth identifier if you use Google sign-in, email-verification status, 2FA secret and hashed recovery codes | Create and secure your account; sign-in; recovery; required service emails | Contract — Art. 6(1)(b) | Life of the account; on deletion, purged after the 30-day grace period ends |
| Profile data | Display name, avatar, banner, bio, website link, social links, country — all optional | Show your public profile and creator card | Contract — Art. 6(1)(b); publishing optional fields is your choice | Life of the account; purged with the account after the 30-day grace period |
| Content | Uploaded skill packages, prompts, agent configs, workflows, descriptions, cover/gallery media, videos, reviews, replies, collections, reports you file | Operate the marketplace: host, display, distribute, and moderate content | Contract — Art. 6(1)(b); legitimate interest for scanning and moderation — Art. 6(1)(f) | Until you delete it; at account deletion you choose delete or anonymize for published skills |
| Usage and download data | Downloads, likes, saves, follows, page views, watch/read history used for the For You feed | Power personalization, trending rankings, and creator dashboard statistics | Legitimate interest — Art. 6(1)(f); you can hide download history in Settings → Privacy | Life of the account; aggregated statistics survive only in non-identifying form |
| Search queries | The text you type into search, with coarse result metadata | Return results, power autocomplete suggestions, improve search quality | Legitimate interest — Art. 6(1)(f) | Tied to your account only while needed for session features; query logs are de-identified or deleted within 90 days |
| Technical and security data | IP address, user-agent, timestamps, login attempts (success and failure), session and device records, rate-limit counters, upload scan verdicts | Prevent fraud, credential stuffing, and abuse; secure uploads; alert you to new-device logins | Legitimate interest — Art. 6(1)(f) | Login attempts: 90 days. Sessions: until expiry or your revocation |
| Audit logs | Records of moderation and admin actions affecting your content or account | Document enforcement decisions; support appeals; legal defense | Legitimate interest — Art. 6(1)(f); legal obligation for some records — Art. 6(1)(c) | 2 years |
| Emails and notifications | Notification records (in-app and email), your notification preferences, security alert emails | Deliver the notifications you have enabled; send mandatory security alerts | Contract — Art. 6(1)(b) for security email; consent — Art. 6(1)(a) for optional digests | Notifications: 90 days, then deleted; preferences live with the account |
| Communications | Support emails, appeal submissions, DMCA notices and counter-notices | Answer requests; process appeals and legal notices | Contract — Art. 6(1)(b); legal obligation — Art. 6(1)(c) for DMCA and enforcement records | DMCA and enforcement records: as long as needed for the repeat-infringer policy and legal defense |
Additional retention notes:
- Deleted accounts are deactivated immediately (content hidden, sessions revoked) and purged permanently after the 30-day grace period; logging back in within 30 days cancels deletion.
- Backups rotate on a cycle of 35 days or less; purged data disappears from backups as the cycle completes.
- We collect no payment data during the MVP — everything is free. If paid features launch, this policy will be updated at least 30 days in advance and payment card data will be handled by a dedicated payment processor, never stored by us.
Automated decision-making: we do not make automated decisions producing legal or similarly significant effects. Automated upload scanning can flag or quarantine content, but enforcement decisions include human review, and every enforcement decision can be appealed (see the Terms of Service, Section 11).
5. Processors — who handles data for us
These providers process personal data on our documented instructions under data-processing agreements:
| Processor | Role | Personal data touched |
|---|---|---|
| Vercel | Application hosting and edge network | All request data passing through the app: IP, headers, pages requested |
| Neon | PostgreSQL database hosting | Account, profile, content metadata, usage records, logs |
| Cloudflare R2 | Object storage for uploaded files and media; Cloudflare also provides the Turnstile CAPTCHA | Uploaded files; IP and browser signals during a CAPTCHA challenge |
| Meilisearch Cloud | Search index | Public listing data only: titles, taglines, tags, descriptions, creator usernames |
| Upstash | Redis for rate limiting and login-lockout counters | IP addresses, account identifiers, attempt counters |
| Resend | Transactional email delivery | Your email address and the content of emails we send you |
| Sentry | Error monitoring | Error reports, which may include IP, user-agent, and an internal user identifier |
| Plausible | Privacy-friendly analytics — cookieless | Aggregated page-view statistics; no cookies, no cross-site tracking, no advertising profiles |
Beyond this list, we disclose personal data only: (a) at your direction — content you publish is public by design; (b) to comply with law, enforceable governmental requests, or valid legal process; (c) to enforce our Terms or protect the rights, safety, and security of users and the Service; or (d) in a merger, acquisition, or asset sale, with notice to you.
6. We do not sell your data
We do not sell personal data, and we do not share it for cross-context behavioral advertising. There are no third-party advertising trackers on the Service. Because we neither sell nor share in the CCPA/CPRA sense, a "Do Not Sell or Share" link is not required; we nevertheless honor Global Privacy Control (GPC) browser signals, which for us change nothing in practice.
7. Your rights and how to exercise them
If you are in the EU/EEA/UK (GDPR / UK GDPR) you have the right to:
- Access — get a copy of your personal data and information about how we process it.
- Rectification — correct inaccurate data; most fields are directly editable in Settings.
- Erasure — have your data deleted; the self-serve account deletion flow implements this.
- Portability — receive your data in a machine-readable format; the data-export feature (Settings → Privacy → Export my data) delivers a JSON archive of your account, profile, activity, and reviews, plus your uploaded files.
- Objection and restriction — object to processing based on legitimate interest, or ask us to restrict processing while a dispute is resolved.
- Withdraw consent — anywhere processing rests on consent (for example optional email digests), withdraw it in Settings → Notifications at any time.
- Complain — lodge a complaint with your local supervisory authority (UK users: the ICO).
If you are a California resident (CCPA/CPRA) you have equivalent rights to know, delete, and correct, plus the right not to be discriminated against for exercising them. We do not sell or share personal data and do not use sensitive personal information beyond providing the Service.
How to exercise:
- Self-serve (fastest): Settings → Privacy → Export my data for access and portability; Settings → Account → Delete account for erasure (30-day grace, then purge); Settings → Profile and Account for rectification.
- Email:
privacy@aifeders.comfrom your registered address, or with enough information for us to verify you. We verify identity before fulfilling requests so impostors cannot extract your data; an authorized agent may act for you with proof of authorization.
We respond within one month (GDPR allows two further months for complex requests; we tell you if we need them). These requests are free unless manifestly unfounded or excessive.
8. International transfers
We operate from Pakistan, and our processors run infrastructure mainly in the United States and the European Union. Pakistan has no EU adequacy decision, so transfers of EU/EEA/UK personal data rely on the European Commission's Standard Contractual Clauses (SCCs) — with the UK Addendum or IDTA for UK data — plus the technical and organizational safeguards in Section 10. You may request a copy of the relevant safeguards at privacy@aifeders.com.
In Pakistan, the Operator complies with PECA 2016, including its prohibition (Section 38) on disclosing personal data without consent.
9. Children
The Service is not directed to children. Users under 13 are not permitted anywhere; users in the EEA must be at least 16. We do not knowingly collect personal data from underage users. If you believe a child is using the Service, report it to privacy@aifeders.com; on discovery we close the account and delete its personal data.
10. How we protect your data — security summary
The full technical detail lives in ../05-security/01-threat-model.md and ../05-security/02-auth-security.md. In summary:
- Passwords hashed with Argon2id; new passwords screened against known-breach lists; no plaintext credentials anywhere.
- TLS encryption in transit everywhere; encryption at rest at our infrastructure providers.
- Session cookies are
__Host--prefixed,httpOnly,Secure,SameSite=Lax, and rotated on login; you can review and revoke active sessions in Settings → Security. - Optional TOTP two-factor authentication for everyone; mandatory 2FA for moderators and admins, whose every action is audit-logged.
- Rate limiting, lockouts, CAPTCHA on abuse signals, and email alerts on new-device logins.
- Uploaded files live in private object storage, are scanned for malware, leaked secrets, and prompt-injection patterns, and are served from a separate media origin so they can never read your session.
- Production data access is restricted to the minimum personnel necessary — at launch, the Operator alone.
11. Breach notification
If a personal-data breach is likely to put your rights and freedoms at risk, we will: notify the competent supervisory authority within the legally required window (72 hours under GDPR where applicable), inform affected users without undue delay with a plain-language description of what happened and what to do, and document the incident and remediation.
12. Cookies
The Service runs on strictly necessary first-party cookies only, and our analytics are cookieless — so there is no cookie-consent banner. The exact inventory of every cookie and localStorage key, and what happens if that ever changes, is in the Cookie Policy.
13. EU representative — pre-launch requirement
As a controller established outside the EU offering services to EU users, the Operator is subject to GDPR Article 27, which requires appointing a representative in the Union (and the UK GDPR equivalent for UK users).
Pre-launch requirement: before the Service is offered to EU users, the Operator must appoint an EU-based Article 27 representative (commercial representative services are available at low annual cost), publish the representative's name and address in this section, and record the appointment in the launch checklist at ../09-build-plan/03-launch-checklist.md. EU/EEA data subjects and supervisory authorities may then contact the representative on all matters related to our processing. The same step covers appointing the EU legal representative required by Article 13 of the Digital Services Act, which may be the same provider.
14. Changes to this policy
Updates are posted here with a new effective date. For material changes — new data categories, new purposes, or new recipients — we notify registered users by email and in-app notice at least 30 days before the change takes effect. Prior versions are available on request at privacy@aifeders.com.
15. Contact
- Privacy requests and questions:
privacy@aifeders.com - General legal:
legal@aifeders.com - Postal address: published on the
/contactpage of the Service - EU representative: per Section 13, published in that section before launch
- EU/EEA users may also complain to their local data-protection authority; UK users to the ICO.