Machan AI logo Machan AI Hub

Privacy Policy

Effective Date: July 7, 2026

Welcome to Machan AI ("we," "us," "our," or the "Platform"). This Privacy Policy is a comprehensive legal document detailing our protocols regarding the collection, processing, retention, and deletion of your personal data when you use the Machan AI web application (the "Service"). Our architecture is designed with privacy-first principles; we act strictly as a routing interface between you and third-party Artificial Intelligence networks.

1. Data We Collect and Process

To provide a highly intelligent, context-aware, and secure Service, we collect data across several distinct categories:

A. Information You Provide Directly

  • Authentication Data: When registering via Email/Password, Google OAuth, or GitHub OAuth, we collect your Display Name, Email Address, and Profile Picture URL.
  • User-Generated Content: We securely store your conversation histories, text prompts, generated AI responses, and any files, documents, or images you actively upload or generate within the app.
  • Third-Party OAuth Tokens: If you authorize integrations (e.g., Google Drive or Puter.js), we store temporary, revocable cryptographic access tokens to fulfill your requests.
  • Diagnostic Reports: When utilizing the "Feedback & Reports" feature, your submission voluntarily includes your message, associated chat context, and client-side device state to aid in debugging.

B. Information Collected Automatically

  • Device & Telemetry Metadata: We log technical environment data including your User-Agent (browser type), Operating System, screen resolution, browser language, and connection type.
  • Geolocation & ISP Data: To mitigate abuse, enforce API rate limits, and secure accounts, we process your IP address through geolocation APIs (e.g., ipapi.co) to determine your approximate location (City, Region, Country) and Internet Service Provider (ISP). We do not track precise GPS coordinates.
  • Guest Session Telemetry: If you access the Service without an account ("Guest Mode"), we generate a volatile Session ID and log basic network metadata to prevent bot spam and enforce strict usage quotas.

2. Purpose of Data Processing

We process your data strictly to operate, secure, and optimize Machan AI. We do not sell your data to advertisers or data brokers. Data is used to:

  • Execute Core Services: Route prompts to LLMs, render multimedia previews, and maintain your persistent chat history and "Library" across devices.
  • Enforce Platform Security: Execute our mandatory 7-day email verification protocol, detect unauthorized automated access (DDoS/Scraping), and suspend accounts that violate our Acceptable Use Policy.
  • Maintain User Preferences: Save interface configurations (e.g., UI Theme, Sidebar state, Model selections) seamlessly.

3. Subprocessors and Third-Party API Sharing

Machan AI functions as an aggregation hub. To fulfill your prompts, your data is securely transmitted in real-time to the following essential subprocessors. By using Machan AI, you consent to this data routing:

  • Google Cloud & Firebase: Provides our foundational backend, handling user authentication, realtime database hosting, and secure cloud functions.
  • Google Gemini API: The default engine processing your text, document, and image-analysis prompts.
  • Puter.js & Nvidia APIs: If you manually select alternative models (e.g., Claude, DeepSeek, Llama, Nemotron), your prompts and attached contexts are transmitted to Puter or Nvidia servers for computation.
  • Hugging Face: Processes text-to-image generation requests via their Inference APIs.
  • Ceyon CDN: Hosts all user-uploaded files and AI-generated images to provide you with a persistent 128MB media Library.
  • Live Data Providers: We query Open-Meteo (Weather), ExchangeRate-API (Currency), and Yahoo Finance to fulfill real-time contextual requests.

4. Special Features & Data Handling

  • Temporary Chat Mode: When "Temporary Chat" is active, your prompts and the AI's responses are held entirely in your browser's volatile memory (RAM). They are transmitted to the AI provider for generation, but they are never written to our Firebase database. Once you refresh or close the tab, the chat is permanently unrecoverable.
  • URL Fetching & Proxies: If you ask the AI to summarize a live webpage, we route the URL through external proxy services (such as Jina AI, CorsProxy.io, or AllOrigins) to bypass CORS restrictions. Do not ask the AI to read URLs containing private security tokens, passwords, or highly confidential data.
  • Voice Input (Web Speech API): If you use the microphone feature, audio is processed directly by your operating system or browser's native speech-to-text engine. Machan AI does not record or store audio files.

5. Data Retention, Storage, and Security

Security: All communication between your browser and our servers occurs over encrypted connections (HTTPS/WSS). Our database is secured via Firebase Security Rules, ensuring users can only read and write data assigned to their specific cryptographic User ID (UID).

Retention: We retain your chat history, projects, and library files indefinitely until you choose to delete them, or until you delete your account. "Guest Mode" sessions are purged periodically. If an account is banned for Terms of Service violations, metadata regarding the ban is retained to prevent future circumvention.

6. Public Links and Shared Content

Machan AI features "Share Conversation" and "Share Project" functionalities. If you explicitly generate a share link, a snapshot of that specific conversation is duplicated to a public, unauthenticated database node. Anyone possessing the generated URL can read the contents. It is your sole responsibility to review the chat and ensure no Personally Identifiable Information (PII) or sensitive data is included before generating a public link. We are not liable for data exposures resulting from user-generated share links.

7. User Rights (GDPR/CCPA Compliance)

Regardless of your global jurisdiction, we grant all users the following data sovereignty rights directly within the application interface:

  • Right to Access & Portability: You may view your complete history within the UI. You may bulk-export your entire Library via the "Download as ZIP" function.
  • Right to Erasure (Right to be Forgotten): Deleting a chat, file, or project within the app immediately and permanently deletes the record from our database. Furthermore, you may permanently delete your entire account via the Profile Settings, which purges all associated data.
  • Right to Revoke Access: You can revoke third-party API access (like Google Drive) at any time from your external provider's security settings.

8. Policy Modifications

We reserve the right to amend this Privacy Policy to reflect architectural changes or regulatory requirements. Significant modifications will be indicated by an updated "Effective Date." Continued use of the Platform after such updates constitutes explicit acceptance of the revised policy.

9. Contact Information

For legal inquiries, data privacy concerns, or Data Subject Access Requests (DSARs), please contact the primary developer and Data Protection Officer at: contact.machanai@gmail.com.