Privacy Policy

Information We Collect

We collect several types of information to provide and improve our service. Below is a comprehensive breakdown of the data we collect:

Information You Provide Directly

• Seed Letters or Keywords: Any letters, keywords, or patterns you input into the generator
• Custom Letter Pools: Your custom letter selections and preferences
• Generation Settings: Your preferences for uppercase, lowercase, duplicates, and phonetic awareness
• Contact Information: Email address if you contact us for support

Information Collected Automatically

• Device Information: Browser type, operating system, device type
• IP Address: Your Internet Protocol address for security and analytics
• Usage Data: Pages visited, time spent, features used
• Generation Data: Number of letters generated, generation frequency
• Session Data: Session duration and interaction patterns
• Referral Data: The website that referred you to our service

Cookies and Similar Technologies

We use cookies and similar tracking technologies to enhance your experience. See our Cookies section below for detailed information.

How We Use Your Information

We use the collected information for the following purposes:

AI Technology & Data Processing

Our service utilizes artificial intelligence technology to generate random letters and words. Here’s what you need to know about our AI implementation:

How Our AI Works

Our AI-powered system analyzes patterns, phonetics, and letter sequences to generate meaningful random outputs. The AI processes your inputs in real-time to produce contextually relevant results.

AI Data Processing Safeguards

• Real-Time Processing: All AI processing happens in real-time during your session
• No Training Data: Your inputs are NOT used to train or improve our AI models
• Temporary Processing: Data is processed temporarily and discarded after generation
• No Personalization: The AI does not build personal profiles based on your usage
• Transparent Operation: All AI operations are disclosed and documented

AI Limitations & Disclaimers

Compliance with AI Regulations

We comply with the EU AI Act (effective August 2026) and other applicable AI regulations by:

• Clearly disclosing the use of AI technology
• Implementing human oversight in system design and monitoring
• Maintaining technical documentation of our AI systems
• Ensuring transparency in AI operations
• Providing users with information about AI limitations

Cookies & Tracking Technologies

We use cookies and similar technologies to enhance your experience and analyze website performance.

Types of Cookies We Use

Managing Cookies

You have control over cookies. You can:

• Accept or reject cookies through our cookie banner
• Modify your browser settings to block or delete cookies
• Use the Global Privacy Control (GPC) signal to automatically opt-out
• Withdraw consent at any time through our cookie preference center

Data Sharing & Third Parties

We may share your information with the following third parties under specific circumstances:

Service Providers

• Hosting Providers: To store and deliver our website content
• Analytics Services: To understand website usage (e.g., Google Analytics)
• Email Services: To respond to support inquiries
• Security Services: To protect against fraud and security threats

Legal Requirements

We may disclose your information when required by law or to:

• Comply with legal processes or government requests
• Enforce our Terms and Conditions
• Protect our rights, property, or safety
• Prevent fraud or security issues

We Do NOT Sell Your Data

Third-Party Services We Use

Your Privacy Rights

You have important rights regarding your personal information. These rights may vary depending on your location.

How to Exercise Your Rights

To exercise any of these rights, please contact us at:

• Email: [email protected]
• Subject Line: “Privacy Rights Request”
• Response Time: We will respond within 30 days (GDPR) or 45 days (CCPA)

Data Security

We implement industry-standard security measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction.

Security Measures

• Encryption: Data transmitted between your browser and our servers is encrypted using SSL/TLS
• Access Controls: Strict access controls limit who can view or process personal data
• Regular Audits: Periodic security assessments and vulnerability testing
• Secure Hosting: Servers hosted in secure, certified data centers
• Monitoring: Continuous monitoring for suspicious activity
• Incident Response: Established procedures for responding to security incidents

Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will:

• Notify affected users within 72 hours (GDPR requirement)
• Notify relevant supervisory authorities as required by law
• Provide information about the nature of the breach
• Explain steps taken to mitigate harm
• Offer guidance on protective measures you can take

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy.

Retention Periods

Data Deletion

After the retention period expires, or upon your request, we will:

• Permanently delete your personal information from our active systems
• Remove data from backups within 90 days
• Anonymize data where complete deletion is not feasible

Children’s Privacy

We are committed to protecting the privacy of children and comply with the Children’s Online Privacy Protection Act (COPPA).

Age Restrictions

Our service is designed for general audiences and does not knowingly collect personal information from children under 13 years of age without parental consent.

Parental Rights

If you are a parent or guardian and believe your child has provided us with personal information, you have the right to:

• Review the information we have collected from your child
• Request deletion of your child’s personal information
• Refuse to allow further collection of your child’s information

International Users

Our service is operated from the United States. If you are accessing our service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States.

International Data Transfers

When we transfer data internationally, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) approved by regulatory authorities
• Adequacy decisions where applicable
• Privacy Shield frameworks (where applicable)
• Binding corporate rules for intra-group transfers

Region-Specific Rights

Depending on your location, you may have additional rights under local privacy laws. Please refer to the California Privacy Rights and GDPR Compliance sections for specific regional protections.

California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

Your California Rights

• Right to Know: Request disclosure of personal information collected, used, or shared
• Right to Delete: Request deletion of personal information we have collected
• Right to Opt-Out: Opt-out of the sale or sharing of personal information
• Right to Correct: Request correction of inaccurate personal information
• Right to Limit: Limit the use of sensitive personal information
• Right to Non-Discrimination: Not be discriminated against for exercising your rights

Categories of Personal Information

We collect and process the following categories of personal information as defined by CCPA:

• Identifiers (IP address, device ID)
• Internet or network activity (browsing behavior, usage data)
• Inferences (preferences derived from usage patterns)

Do Not Sell or Share My Personal Information

Global Privacy Control (GPC)

We recognize and honor Global Privacy Control (GPC) signals from California residents. When we detect a GPC signal, we will automatically:

• Treat it as a valid opt-out request
• Stop sharing your personal information (if we were doing so)
• Apply your preference to your current and future visits

How to Exercise Your California Rights

California residents can exercise their rights by:

• Emailing us at: [email protected]
• Subject line: “California Privacy Rights Request”
• We will respond within 45 days (can extend to 90 days if needed)
• You may make up to two requests per 12-month period free of charge

Verification Process

To protect your privacy, we will verify your identity before processing rights requests. We may ask you to provide information that matches what we have on file.

Authorized Agents

You may designate an authorized agent to make requests on your behalf. The agent must provide proof of authorization, and we may require you to verify your identity directly.

GDPR Compliance (European Users)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have specific rights under the General Data Protection Regulation (GDPR).

Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Consent: You have given clear consent for specific processing activities
• Contract Performance: Processing is necessary to provide our services
• Legal Obligation: We must process data to comply with the law
• Legitimate Interests: Processing is necessary for our legitimate business interests

Your GDPR Rights

Right to Withdraw Consent

Where we process your data based on consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

Data Protection Officer

For GDPR-related inquiries, you can contact our designated privacy contact at: [email protected]

Right to Lodge a Complaint

You have the right to lodge a complaint with your local supervisory authority if you believe we have violated your privacy rights under GDPR.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

How We Notify You of Changes

• Material Changes: We will notify you via email (if provided) or prominent notice on our website
• Minor Updates: We will update the “Last Updated” date at the top of this policy
• Notice Period: Material changes will take effect 30 days after notification

Your Responsibility

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our service after changes become effective constitutes acceptance of the updated policy.

Previous Versions

We maintain an archive of previous versions of this Privacy Policy. If you would like to review a previous version, please contact us.