Changes & Notifications

No updates available

Check back later for new updates

Privacy Policy

Last updated: January 14, 2025

1. Introduction

Ongkanon, operated by Exelitpro ("we", "us", or "our"), is committed to protecting your privacy. This Privacy Policy describes how we collect, use, and share information through our mobile and web applications, website, and related services (collectively, the "Services").

We process your information to provide personalized AI companion interactions and improve our Services. We will never use or disclose the content of your Ongkanon conversations for marketing or advertising purposes.

For users in the European Union (EU), European Economic Area (EEA), and United Kingdom (UK), this Privacy Policy explains your rights under the General Data Protection Regulation (GDPR) and how we comply with applicable data protection laws.

If you have any questions, please contact us at support@ongkanon.com or our Data Protection Officer at privacy@ongkanon.com.

2. Legal Basis for Processing

We process your personal data based on the following legal grounds:

- **Consent**: When you provide explicit consent for specific processing activities (e.g., marketing communications, analytics cookies) - **Contract Performance**: To provide our Services and fulfill our contractual obligations to you - **Legitimate Interest**: To improve our Services, ensure security, and conduct analytics (where your interests don't override ours) - **Legal Compliance**: To comply with applicable laws, regulations, and legal requests

Where we rely on consent, you have the right to withdraw your consent at any time through your account settings or by contacting us.

3. Information We Collect

We collect the following types of information:

**Account Information:** - Name, email address, and password - Username and display name - Profile picture and avatar

**Profile Information:** - Birth date, age, and gender - Location and preferences - Content filter settings (NSFW preferences) - Favorite categories and genres

**Content and Communications:** - Messages and conversations with AI companions - Media files you share (images, audio) - Companion creations and customizations - Personas and scenarios you create

**Usage and Analytics Data:** - How you interact with our Services - Pages visited and features used - Session duration and frequency - Device information and technical data

**Payment Information:** - Billing address and payment method details - Subscription status and transaction history - Processed securely through third-party payment providers

4. How We Use Your Information

We use your information for the following purposes:

**Service Delivery:** - Provide and maintain our AI companion Services - Personalize your companion interactions - Process payments and manage subscriptions - Provide customer support

**Service Improvement:** - Analyze usage patterns to improve our Services - Develop new features and functionality - Conduct research and analytics - Ensure platform security and integrity

**Communications:** - Send service-related notifications - Provide customer support responses - Send marketing communications (with your consent) - Notify you of important updates or changes

**Legal and Security:** - Comply with legal obligations - Protect against fraud and abuse - Enforce our terms of service - Resolve disputes and legal claims

We will not use the content of your conversations for marketing or advertising purposes.

5. Information Sharing and Third Parties

We may share your information with:

**Service Providers:** - Cloud hosting providers (for data storage and processing) - Payment processors (Stripe for subscription billing) - Analytics providers (PostHog for usage analytics) - Customer support tools - Security and fraud prevention services

**Legal Requirements:** - Legal authorities when required by law - Courts and regulatory bodies - Law enforcement agencies - Legal counsel and advisors

**Business Transfers:** - Potential buyers in case of merger or acquisition - Business partners in joint ventures - Successors in case of business reorganization

**With Your Consent:** - Third parties you explicitly authorize - Public sharing when you choose to make content public - Integration services you connect to your account

We do not sell your personal information or share your conversation content with third parties for marketing purposes. All third-party providers are contractually required to protect your data and use it only for specified purposes.

6. Data Retention

We retain your personal data for different periods depending on the type of information and purpose:

**Account Information:** - Retained while your account is active - Deleted within 30 days of account deletion request - Some information may be retained longer for legal compliance

**Conversation Data:** - Retained while your account is active - Automatically deleted after 2 years of inactivity - Can be deleted immediately upon request

**Analytics Data:** - Aggregated data retained for up to 3 years - Personal identifiers removed after 12 months - Used only for service improvement purposes

**Payment Information:** - Transaction records retained for 7 years for legal compliance - Payment method details deleted after subscription cancellation - Processed and stored by third-party payment providers

**Legal and Security Data:** - Retained as required by applicable laws - Deleted when no longer necessary for legal purposes - May be retained longer for ongoing legal matters

You can request deletion of your data at any time through your account settings or by contacting us.

7. Data Security

We implement comprehensive security measures to protect your information:

**Technical Safeguards:** - Encryption of data in transit and at rest - Secure cloud infrastructure with access controls - Regular security audits and vulnerability assessments - Multi-factor authentication for system access

**Organizational Measures:** - Employee training on data protection - Access controls and need-to-know basis - Regular security policy updates - Incident response procedures

**Third-Party Security:** - Due diligence on all service providers - Contractual security requirements - Regular security assessments of partners - Data processing agreements with all vendors

Despite these measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but continuously work to protect your data.

8. Your Rights and Choices

You have the following rights regarding your personal data:

**Access Rights:** - Request access to your personal data - Obtain a copy of your information - Understand how your data is processed

**Correction Rights:** - Correct inaccurate or incomplete data - Update your profile information - Modify your preferences and settings

**Deletion Rights:** - Request deletion of your personal data - Delete your account and associated data - Remove specific information or content

**Portability Rights:** - Export your data in a structured format - Transfer your data to another service - Receive your data in a commonly used format

**Objection Rights:** - Object to processing based on legitimate interests - Opt out of marketing communications - Withdraw consent for specific processing

**Restriction Rights:** - Restrict processing in certain circumstances - Limit how we use your data - Suspend processing while disputes are resolved

**Consent Management:** - Withdraw consent at any time - Manage cookie preferences - Control marketing communications

To exercise these rights, please: - Use the privacy controls in your account settings - Contact us at privacy@ongkanon.com - Submit a request through our support system

We will respond to your request within 30 days and may need to verify your identity before processing certain requests.

9. Cookies and Tracking

We use cookies and similar tracking technologies to enhance your experience:

**Essential Cookies:** - Required for basic site functionality - Authentication and security - Cannot be disabled

**Performance Cookies:** - Analytics and usage tracking (PostHog) - Service improvement and optimization - Can be disabled in cookie settings

**Preference Cookies:** - Remember your settings and preferences - Customize your experience - Can be managed in your account

**Marketing Cookies:** - Advertising and promotional content - Third-party advertising partners - Can be opted out of

**Cookie Management:** - Manage cookie preferences in our cookie banner - Control tracking in your browser settings - Opt out of analytics tracking - Disable non-essential cookies

For detailed information about our cookie usage, please see our Cookie Policy.

10. International Data Transfers

We may transfer your personal data internationally:

**EU/EEA Users:** - Primary data processing within the EU/EEA - Transfers to third countries with adequate protection - Standard contractual clauses for other transfers - Your rights remain protected regardless of location

**Transfer Safeguards:** - Adequacy decisions by European Commission - Standard contractual clauses (SCCs) - Binding corporate rules where applicable - Explicit consent for specific transfers

**Third-Party Transfers:** - Service providers may process data globally - Contractual protections for international transfers - Regular assessment of transfer mechanisms - Alternative solutions if transfer rules change

We ensure all international transfers comply with applicable data protection laws and maintain appropriate safeguards for your personal data.

11. Children's Privacy

Our Services are not intended for children under 13 years of age:

**Age Restrictions:** - Users must be at least 13 years old - Users under 18 require parental consent - NSFW content restricted for users under 18 - Age verification required for certain features

**Parental Controls:** - Parents can request deletion of child's data - Parental consent mechanisms in place - Educational resources for parents - Reporting mechanisms for underage users

**Data Protection for Minors:** - Enhanced protection for users under 18 - Stricter consent requirements - Limited data collection - Regular review of minor user accounts

If you believe a child under 13 has created an account, please contact us immediately at support@ongkanon.com.

12. Regional Privacy Rights

Additional rights for users in specific regions:

**California Residents (CCPA):** - Right to know what personal information is collected - Right to delete personal information - Right to opt out of sale of personal information - Right to non-discrimination for exercising rights

**EU/EEA/UK Residents (GDPR):** - All rights outlined in Section 8 apply - Right to lodge complaints with supervisory authorities - Right to effective judicial remedy - Enhanced consent requirements

**Other Jurisdictions:** - We comply with applicable local privacy laws - Additional rights may apply based on your location - Local data protection authority contacts available - Regular review of regional requirements

For region-specific privacy inquiries, please contact privacy@ongkanon.com with your location.

13. Data Breach Notification

In the event of a data breach:

**Our Response:** - Immediate investigation and containment - Assessment of risk to personal data - Notification to relevant authorities within 72 hours - User notification if high risk to rights and freedoms

**What We'll Tell You:** - Nature of the breach - Likely consequences - Measures taken to address the breach - Recommendations for protecting yourself

**Prevention Measures:** - Continuous monitoring for security threats - Regular security assessments - Employee training on data protection - Incident response procedures

**Your Actions:** - Monitor your account for suspicious activity - Report any concerns immediately - Follow our security recommendations - Update your passwords if advised

We are committed to transparency and will keep you informed throughout any incident response process.

14. Third-Party Links and Services

Our Services may contain links to third-party websites and services:

**Third-Party Privacy:** - We are not responsible for third-party privacy practices - Review privacy policies of linked services - Third-party terms and conditions apply - Contact third parties directly for privacy concerns

**Integrated Services:** - Social media login options - Payment processing services - Analytics and advertising partners - Customer support tools

**Your Choices:** - You can choose not to use third-party features - Review permissions before connecting accounts - Disconnect third-party services anytime - Manage third-party data sharing preferences

We encourage you to review the privacy policies of any third-party services you use in connection with our Services.

15. Changes to This Policy

We may update this Privacy Policy from time to time:

**Notification of Changes:** - Email notification for material changes - In-app notifications for significant updates - Prominent notice on our website - 30-day notice period for major changes

**Types of Changes:** - Legal requirement updates - Service feature additions - Third-party service changes - User rights enhancements

**Your Options:** - Review updated policy before acceptance - Contact us with questions about changes - Opt out of services if you disagree - Export your data before policy changes

**Version Control:** - Previous versions available upon request - Change log maintained for transparency - Effective date clearly indicated - Archive of historical policies

Continued use of our Services after changes indicates acceptance of the updated Privacy Policy.

16. Contact Information

For privacy-related questions and requests:

**General Privacy Inquiries:** - Email: privacy@ongkanon.com - Support: support@ongkanon.com - Response time: Within 30 days

**Data Protection Officer:** - Email: dpo@ongkanon.com - Responsible for GDPR compliance - Available for EU/EEA/UK residents

**Company Information:** - Exelitpro - [Company address to be added] - [Phone number to be added]

**EU Representative:** - [To be appointed if required] - [Contact details to be added] - [Available for EU residents]

**Supervisory Authority:** - You have the right to lodge complaints with your local data protection authority - Contact details available upon request - We will cooperate with investigations

**Emergency Contact:** - For urgent privacy concerns: emergency@ongkanon.com - Available 24/7 for security incidents - Immediate response for data breaches

We are committed to addressing your privacy concerns promptly and transparently.