Privacy Policy

1. Introduction

NexMeme, Inc. ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered meme generation platform ("the Service").

This Privacy Policy applies to information we collect through:

• Our website located at https://nexmeme.com
• Our mobile applications (if applicable)
• Email, text, and other electronic communications
• API interactions with our Service

By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide Directly

We collect information that you provide directly to us, including:

• Account Information: Name, email address, username, password, and profile picture when you create an account
• Authentication Data: OAuth tokens from Google, Discord, or blockchain wallet connections
• Payment Information: Credit card details (processed securely through third-party payment processors), billing address, and transaction history
• User Content: Meme prompts, generated memes, custom templates you upload, and any other content you create or share through the Service
• Communications: Messages, feedback, support requests, and other communications you send to us
• Blockchain Data: Wallet addresses, transaction hashes, and X402 protocol payment data when using blockchain-based payments

2.2 Information Collected Automatically

When you access or use our Service, we automatically collect certain information, including:

• Device Information: IP address, browser type and version, operating system, device identifiers, and mobile network information
• Usage Data: Pages visited, features used, time and date of access, time spent on pages, clickstream data, and referring/exit pages
• Location Data: General geographic location based on IP address
• Cookies and Similar Technologies: We use cookies, web beacons, pixels, and similar tracking technologies (see Section 8 for details)
• API Usage: API calls, endpoints accessed, request/response data, and performance metrics
• Log Data: Server logs containing IP addresses, timestamps, error messages, and system activity

2.3 Information from Third Parties

We may receive information about you from third-party sources, including:

• OAuth Providers: Profile information from Google, Discord, or other authentication services you use to log in
• Payment Processors: Transaction verification and payment status from Stripe, PayPal, or other payment services
• Blockchain Networks: Publicly available transaction data from blockchain networks
• Analytics Providers: Usage statistics and demographic information from third-party analytics services

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 To Provide and Improve the Service

• Process your meme generation requests using AI technologies
• Create, maintain, and secure your account
• Process payments and manage your subscription
• Provide customer support and respond to your inquiries
• Improve our AI models and template matching algorithms
• Develop new features and enhance existing functionality
• Monitor and analyze usage patterns and trends

3.2 To Communicate With You

• Send you service-related notifications and updates
• Respond to your comments, questions, and support requests
• Send promotional materials and marketing communications (with your consent)
• Notify you about changes to our policies or Service

3.3 For Security and Legal Compliance

• Detect, prevent, and address fraud, security breaches, and illegal activities
• Enforce our Terms and Conditions and other policies
• Comply with legal obligations and respond to lawful requests from authorities
• Protect our rights, property, and safety, and that of our users and the public

3.4 For Research and Analytics

• Conduct research and analysis to understand user behavior
• Create anonymized and aggregated datasets for statistical analysis
• Measure the effectiveness of our marketing campaigns
• Generate insights to improve user experience

4. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We share information with third-party service providers who perform services on our behalf, including:

• OpenAI: For GPT-4o natural language processing (prompts and generated content)
• Cloud Hosting: AWS, Google Cloud, or similar providers for data storage and infrastructure
• Payment Processors: Stripe, PayPal, or similar services for payment processing
• Email Services: SendGrid, Mailgun, or similar providers for transactional and marketing emails
• Analytics Providers: Google Analytics, Mixpanel, or similar services for usage analytics
• Customer Support: Zendesk, Intercom, or similar platforms for support ticket management

These service providers are bound by contractual obligations to keep your information confidential and use it only for the purposes we specify.

4.2 Business Transfers

If we are involved in a merger, acquisition, reorganization, sale of assets, bankruptcy, or similar business transaction, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website of any change in ownership or use of your personal information.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Valid legal requests (subpoenas, court orders, warrants)
• Law enforcement or regulatory investigations
• National security requirements
• Obligations to comply with applicable laws and regulations

4.4 With Your Consent

We may share your information with third parties when you give us explicit consent to do so, such as:

• Sharing your generated memes publicly in our gallery
• Participating in marketing campaigns or case studies
• Integrating with third-party applications you authorize

4.5 Aggregated and Anonymized Data

We may share aggregated or anonymized information that cannot reasonably be used to identify you, such as statistical data about usage patterns, for research, marketing, or other purposes.

5. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:

• Account Data: Retained for the duration of your account plus 90 days after account deletion (for recovery purposes)
• User Content: Generated memes and prompts are retained while your account is active; deleted 90 days after account deletion
• Transaction Records: Retained for 7 years to comply with financial regulations and tax laws
• Support Communications: Retained for 3 years for quality assurance and legal purposes
• Analytics Data: Anonymized usage data may be retained indefinitely for research and improvement purposes
• Log Files: Retained for 90 days for security and troubleshooting purposes

When we no longer need your information, we will securely delete or anonymize it in accordance with applicable data protection laws.

6. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

6.1 General Rights (All Users)

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal obligations)
• Data Portability: Receive your data in a structured, machine-readable format
• Opt-Out of Marketing: Unsubscribe from promotional emails at any time

6.2 California Residents (CCPA Rights)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request information about the categories and specific pieces of personal information we collect, use, disclose, and sell
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt out of the "sale" of personal information (we do not sell personal information)
• Right to Non-Discrimination: Exercise your rights without discriminatory treatment

To exercise these rights, please contact us at privacy@nexmeme.com or use the "Privacy Settings" section in your account dashboard. We will respond to your request within 45 days.

6.3 European Economic Area (GDPR Rights)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR), including:

• Right to Access: Obtain confirmation of whether we process your data and access to that data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restriction: Limit how we use your data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to processing based on legitimate interests or direct marketing
• Right to Withdraw Consent: Withdraw consent for processing at any time
• Right to Lodge a Complaint: File a complaint with your local data protection authority

Please note that NexMeme primarily serves U.S. customers. If you are in the EEA and wish to use our Service, your data will be transferred to and processed in the United States.

7. Data Security

We implement reasonable administrative, technical, and physical security measures to protect your personal information from unauthorized access, use, disclosure, alteration, and destruction. These measures include:

• Encryption: Data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption
• Access Controls: Role-based access controls and multi-factor authentication for internal systems
• Regular Audits: Periodic security assessments and vulnerability testing
• Secure Infrastructure: Hosting on secure, SOC 2 compliant cloud platforms
• Employee Training: Regular security awareness training for all employees
• Incident Response: Established procedures for detecting and responding to security incidents

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

Data Breach Notification: In the event of a data breach that affects your personal information, we will notify you within 72 hours (or as required by applicable law) via email and/or prominent notice on our website.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and track information about your use of the Service. Types of cookies we use include:

8.1 Types of Cookies

• Essential Cookies: Required for the Service to function properly (e.g., authentication, security)
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand how you use the Service (Google Analytics, Mixpanel)
• Marketing Cookies: Track your activity to deliver targeted advertisements (if you consent)

8.2 Managing Cookies

You can control cookies through your browser settings:

• Most browsers allow you to refuse or accept cookies
• You can delete cookies that have already been set
• You can set your browser to notify you when cookies are being sent

Please note that disabling certain cookies may limit your ability to use some features of the Service.

9. Third-Party Links and Services

Our Service may contain links to third-party websites, applications, and services that are not operated by us, including:

• Social media platforms (Twitter, Discord, Reddit)
• OAuth authentication providers (Google, Discord)
• Payment processors (Stripe, PayPal)
• Blockchain networks and wallet providers

We are not responsible for the privacy practices or content of these third parties. We encourage you to review the privacy policies of any third-party sites or services you visit.

When you use third-party authentication (OAuth), we receive only the information you authorize through that service's privacy settings. Please review those settings to understand what information is shared with us.

10. Children's Privacy

Our Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@nexmeme.com.

In compliance with the Children's Online Privacy Protection Act (COPPA), if we learn that we have collected personal information from a child under 13 without parental consent, we will delete that information as quickly as possible.

Users between 13 and 18 years of age (or the age of majority in their jurisdiction) must have parental or guardian consent to use the Service. By using the Service as a minor, you represent that you have obtained such consent.

11. International Data Transfers

NexMeme, Inc. is based in the United States, and our servers and service providers are primarily located in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States.

The United States may have data protection laws that differ from those in your country. By using the Service, you consent to the transfer of your information to the United States and other countries where we or our service providers operate.

If you are in the European Economic Area (EEA), we rely on:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by the European Commission (where applicable)
• Your explicit consent for data transfers

12. AI and Machine Learning

Our Service uses artificial intelligence and machine learning technologies, including GPT-4o, to process your prompts and generate memes. Here's how we handle data in this context:

12.1 Prompt Processing

• Your prompts are sent to OpenAI's GPT-4o API for processing
• OpenAI processes your data according to their privacy policy and data usage policies
• We do not control how OpenAI uses data sent to their API; please review OpenAI's privacy policy
• Your prompts and generated content may be used to improve our template matching algorithms (anonymized and aggregated)

12.2 Model Training

• We may use anonymized, aggregated data from your usage to improve our AI models
• Personally identifiable information is removed before data is used for training
• You can opt out of having your data used for model improvement in your privacy settings

12.3 Automated Decision-Making

Our AI systems make automated decisions about template selection and meme generation. These decisions do not have legal or similarly significant effects on you. If you have concerns about automated decision-making, please contact us at privacy@nexmeme.com.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by:

• Email to the address associated with your account
• Prominent notice on our website
• In-app notification

The "Last Updated" date at the top of this page indicates when the Privacy Policy was last revised. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Your continued use of the Service after the effective date of the revised Privacy Policy constitutes your acceptance of the changes. If you do not agree with the revised Privacy Policy, you must stop using the Service and may request deletion of your account.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For California Residents: You may also contact us toll-free at 1-800-COGNIMEME (1-800-264-6463) to exercise your CCPA rights.

For EEA Residents: If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with your local data protection authority.

15. Additional Information for Specific Jurisdictions

15.1 Nevada Residents

Nevada residents have the right to opt out of the sale of certain covered information that we have collected or will collect. We do not sell covered information as defined under Nevada law. If you have questions, please contact privacy@nexmeme.com.

15.2 Virginia Residents

Virginia residents have rights under the Virginia Consumer Data Protection Act (VCDPA), including the right to confirm whether we process your personal data, access your personal data, correct inaccuracies, delete your personal data, and obtain a copy of your personal data. Contact us at privacy@nexmeme.com to exercise these rights.

15.3 Colorado Residents

Colorado residents have rights under the Colorado Privacy Act (CPA), similar to those described above for Virginia residents. Contact us at privacy@nexmeme.com to exercise these rights.