Privacy Policy

Ongkanon, operated by Ongkanon GmbH ("we", "us", or "our"), is committed to protecting your privacy. This Privacy Policy describes how we collect, use, and share information through our mobile and web applications, website, and related services (collectively, the "Services").

We process your information to provide personalized AI companion interactions and improve our Services. We will never use or disclose the content of your Ongkanon conversations for marketing or advertising purposes.

For users in the European Union (EU), European Economic Area (EEA), and United Kingdom (UK), this Privacy Policy explains your rights under the General Data Protection Regulation (GDPR) and how we comply with applicable data protection laws.

If you have any questions, please contact us at support 'at' ongkanon.com or our Data Protection Officer at privacy 'at' ongkanon.com.

We process your personal data based on the following legal grounds:

• Consent: When you provide explicit consent for specific processing activities (e.g., marketing communications, analytics cookies)
• Contract Performance: To provide our Services and fulfill our contractual obligations to you
• Legitimate Interest: To improve our Services, ensure security, and conduct analytics (where your interests don't override ours)
• Legal Compliance: To comply with applicable laws, regulations, and legal requests

Where we rely on consent, you have the right to withdraw your consent at any time through your account settings or by contacting us.

We collect the following types of information:

Account Information:

• Name, email address, and password
• Username and display name
• Profile picture and avatar

Profile Information:

• Birth date, age, and gender
• Location and preferences
• Content filter settings (NSFW preferences)
• Favorite categories and genres

Content and Communications:

• Messages and conversations with AI companions
• Media files you share (images, audio)
• Companion creations and customizations
• Personas and scenarios you create

Usage and Analytics Data:

• How you interact with our Services
• Pages visited and features used
• Session duration and frequency
• Device information and technical data

Payment Information:

• Billing address and payment method details
• Subscription status and transaction history
• Processed securely through third-party payment providers

We use your information for the following purposes:

Service Delivery:

• Provide and maintain our AI companion Services
• Personalize your companion interactions
• Process payments and manage subscriptions
• Provide customer support

Service Improvement:

• Analyze usage patterns to improve our Services
• Develop new features and functionality
• Conduct research and analytics
• Ensure platform security and integrity

Communications:

• Send service-related notifications
• Provide customer support responses
• Send marketing communications (with your consent)
• Notify you of important updates or changes

Legal and Security:

• Comply with legal obligations
• Protect against fraud and abuse
• Enforce our terms of service
• Resolve disputes and legal claims

We will not use the content of your conversations for marketing or advertising purposes.

We may share your information with:

Service Providers:

• Cloud hosting providers (for data storage and processing)
• Payment processors for subscription billing
• Analytics providers (PostHog for usage analytics)
• Customer support tools
• Security and fraud prevention services

Legal Requirements:

• Legal authorities when required by law
• Courts and regulatory bodies
• Law enforcement agencies
• Legal counsel and advisors

Business Transfers:

• Potential buyers in case of merger or acquisition
• Business partners in joint ventures
• Successors in case of business reorganization

With Your Consent:

• Third parties you explicitly authorize
• Public sharing when you choose to make content public
• Integration services you connect to your account

We do not sell your personal information or share your conversation content with third parties for marketing purposes. All third-party providers are contractually required to protect your data and use it only for specified purposes.

We retain your personal data for different periods depending on the type of information and purpose:

Account Information:

• Retained while your account is active
• Deleted within 30 days of account deletion request
• Some information may be retained longer for legal compliance

Conversation Data:

• Retained while your account is active
• Automatically deleted after 2 years of inactivity
• Can be deleted immediately upon request

Analytics Data:

• Aggregated data retained for up to 3 years
• Personal identifiers removed after 12 months
• Used only for service improvement purposes

Payment Information:

• Transaction records retained for 7 years for legal compliance
• Payment method details deleted after subscription cancellation
• Processed and stored by third-party payment providers

Legal and Security Data:

• Retained as required by applicable laws
• Deleted when no longer necessary for legal purposes
• May be retained longer for ongoing legal matters

You can request deletion of your data at any time through your account settings or by contacting us.

We implement comprehensive security measures to protect your information:

Technical Safeguards:

• Encryption of data in transit and at rest
• Secure cloud infrastructure with access controls
• Regular security audits and vulnerability assessments
• Multi-factor authentication for system access

Organizational Measures:

• Employee training on data protection
• Access controls and need-to-know basis
• Regular security policy updates
• Incident response procedures

Third-Party Security:

• Due diligence on all service providers
• Contractual security requirements
• Regular security assessments of partners
• Data processing agreements with all vendors

Despite these measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but continuously work to protect your data.

You have the following rights regarding your personal data:

Access Rights:

• Request access to your personal data
• Obtain a copy of your information
• Understand how your data is processed

Correction Rights:

• Correct inaccurate or incomplete data
• Update your profile information
• Modify your preferences and settings

Deletion Rights:

• Request deletion of your personal data
• Delete your account and associated data
• Remove specific information or content

Portability Rights:

• Export your data in a structured format
• Transfer your data to another service
• Receive your data in a commonly used format

Objection Rights:

• Object to processing based on legitimate interests
• Opt out of marketing communications
• Withdraw consent for specific processing

Restriction Rights:

• Restrict processing in certain circumstances
• Limit how we use your data
• Suspend processing while disputes are resolved

Consent Management:

• Withdraw consent at any time
• Manage cookie preferences
• Control marketing communications

To exercise these rights, please:

• Use the privacy controls in your account settings
• Contact us at privacy@ongkanon.com
• Submit a request through our support system

We will respond to your request within 30 days and may need to verify your identity before processing certain requests.

We use cookies and similar tracking technologies to enhance your experience:

Essential Cookies:

• Required for basic site functionality
• Authentication and security
• Cannot be disabled

Performance Cookies:

• Analytics and usage tracking (PostHog)
• Service improvement and optimization
• Can be disabled in cookie settings

Preference Cookies:

• Remember your settings and preferences
• Customize your experience
• Can be managed in your account

Marketing Cookies:

• Advertising and promotional content
• Third-party advertising partners
• Can be opted out of

Cookie Management:

• Manage cookie preferences in our cookie banner
• Control tracking in your browser settings
• Opt out of analytics tracking
• Disable non-essential cookies

For detailed information about our cookie usage, please see our Cookie Policy.

We may transfer your personal data internationally:

EU/EEA Users:

• Primary data processing within the EU/EEA
• Transfers to third countries with adequate protection
• Standard contractual clauses for other transfers
• Your rights remain protected regardless of location

Transfer Safeguards:

• Adequacy decisions by European Commission
• Standard contractual clauses (SCCs)
• Binding corporate rules where applicable
• Explicit consent for specific transfers

Third-Party Transfers:

• Service providers may process data globally
• Contractual protections for international transfers
• Regular assessment of transfer mechanisms
• Alternative solutions if transfer rules change

We ensure all international transfers comply with applicable data protection laws and maintain appropriate safeguards for your personal data.

Our Services are strictly for users 18 years of age and older:

Age Requirements:

• Users must be at least 18 years old
• No exceptions or parental consent options
• Age verification required upon registration
• Immediate account termination for underage users

Enforcement:

• Strict age verification measures
• Regular monitoring and compliance checks
• Zero tolerance policy for underage access
• Reporting mechanisms for suspected violations

Data Protection:

• We do not knowingly collect data from users under 18
• Immediate deletion of data if underage user is identified
• Parents or guardians can report underage accounts
• Full cooperation with age-related compliance requests

If you believe someone under 18 has created an account, please contact us immediately at support 'at' ongkanon.com and we will take immediate action to terminate the account and delete all associated data.

Additional rights for users in specific regions:

California Residents (CCPA):

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt out of sale of personal information
• Right to non-discrimination for exercising rights

EU/EEA/UK Residents (GDPR):

• All rights outlined in Section 8 apply
• Right to lodge complaints with supervisory authorities
• Right to effective judicial remedy
• Enhanced consent requirements

Other Jurisdictions:

• We comply with applicable local privacy laws
• Additional rights may apply based on your location
• Local data protection authority contacts available
• Regular review of regional requirements

For region-specific privacy inquiries, please contact privacy 'at' ongkanon.com with your location.

In the event of a data breach:

Our Response:

• Immediate investigation and containment
• Assessment of risk to personal data
• Notification to relevant authorities within 72 hours
• User notification if high risk to rights and freedoms

What We'll Tell You:

• Nature of the breach
• Likely consequences
• Measures taken to address the breach
• Recommendations for protecting yourself

Prevention Measures:

• Continuous monitoring for security threats
• Regular security assessments
• Employee training on data protection
• Incident response procedures

Your Actions:

• Monitor your account for suspicious activity
• Report any concerns immediately
• Follow our security recommendations
• Update your passwords if advised

We are committed to transparency and will keep you informed throughout any incident response process.

Our Services may contain links to third-party websites and services:

Third-Party Privacy:

• We are not responsible for third-party privacy practices
• Review privacy policies of linked services
• Third-party terms and conditions apply
• Contact third parties directly for privacy concerns

Integrated Services:

• Social media login options
• Payment processing services
• Analytics and advertising partners
• Customer support tools

Your Choices:

• You can choose not to use third-party features
• Review permissions before connecting accounts
• Disconnect third-party services anytime
• Manage third-party data sharing preferences

We encourage you to review the privacy policies of any third-party services you use in connection with our Services.

We may update this Privacy Policy from time to time:

Notification of Changes:

• Email notification for material changes
• In-app notifications for significant updates
• Prominent notice on our website
• 30-day notice period for major changes

Types of Changes:

• Legal requirement updates
• Service feature additions
• Third-party service changes
• User rights enhancements

Your Options:

• Review updated policy before acceptance
• Contact us with questions about changes
• Opt out of services if you disagree
• Export your data before policy changes

Version Control:

• Previous versions available upon request
• Change log maintained for transparency
• Effective date clearly indicated
• Archive of historical policies

Continued use of our Services after changes indicates acceptance of the updated Privacy Policy.

For privacy-related questions and requests:

General Privacy Inquiries:

• Email: privacy 'at' ongkanon.com
• Response time: Within 30 days

Data Protection Officer:

• Email: privacy 'at' ongkanon.com
• Responsible for GDPR compliance
• Available for EU/EEA/UK residents

Company Information:

• Ongkanon GmbH

Supervisory Authority:

• You have the right to lodge complaints with your local data protection authority
• Contact details available upon request
• We will cooperate with investigations

Emergency Contact:

• For urgent privacy concerns: privacy 'at' ongkanon.com
• Available 24/7 for security incidents
• Immediate response for data breaches

We are committed to addressing your privacy concerns promptly and transparently.