Privacy Policy

This Privacy Policy explains how Tengen AI Corp ("Tengen", "we") collects, uses, and shares personal information when you use the Yurivan website and Yurivan Credits AI generation service at https://www.yurivan.com (the "Service").

1. Information We Collect

Information you provide

• Account registration: email, chosen handle, password (stored as a bcrypt hash).
• Age verification: when required for credit purchases or generations, our verification provider (Persona for US users, Yoti for UK/EU users when those regions are unblocked) collects government ID, a selfie, and biometric facial-comparison data. The provider is the controller for that verification data; we receive only a pass/fail result and a verification ID.
• Payments: name, billing address, and payment instrument data are collected by our processor (Segpay, CCBill, or NOWPayments). We do not store full payment instrument data. We retain processor transaction ID, last 4 digits of card where applicable, processor name, amount, and timestamp.
• User-generated content: stories, galleries, video, and AI generation prompts and outputs you create or upload.
• Communications: messages sent via support, feedback, or DMCA channels.

Information collected automatically

• Device and browser: user agent, IP address, screen resolution, timezone.
• Usage: pages viewed, generations initiated, content viewed, search terms, click events. Aggregated for product analytics.
• Cookies: the age-gate cookie, the Supabase Auth session cookie, and limited functional cookies. We do not deploy third-party advertising cookies prior to age-gate acceptance.
• Logs: server logs retained 30 days; error logs (Sentry) per Sentry's retention with PII scrubbing applied.

Information from third parties

• Age verification result from Persona / Yoti.
• Payment processor confirmation events.
• Hive AI moderation classifier results on content you upload or generate.

We do not buy data from data brokers and do not link your Yurivan activity to any external profile.

2. How We Use Information

• Provide, operate, and maintain the Service.
• Process credit purchases and subscriptions.
• Verify age compliance.
• Moderate content per the Content Moderation Policy.
• Detect and prevent fraud, abuse, and chargeback fraud.
• Improve and develop new features (including, where you have not opted out, anonymized AI prompt/output data for model improvement).
• Communicate service-related notices, security alerts, and updates.
• Comply with legal obligations (NCMEC reports, tax records, subpoenas).

We do not sell personal information.

3. AI Generation Data

• Your prompts, story briefs, model selections, and generation parameters are logged and retained for 5 years.
• Generated outputs are retained per your account settings; private outputs are visible only to you and our safety pipeline.
• Outputs flagged by safety classifiers (Hive AI CSAM / Apparent Age / Celebrity) are not retained as durable copies; the rejection event is logged for compliance.
• By default, anonymized prompts and outputs may be used to fine-tune our models. You can opt out at Account Settings → Privacy → "Exclude my generations from model training" without losing access to any feature.

4. Sharing

We share personal information only as follows:

• Processors and service providers acting on our behalf under written contract: Segpay, CCBill, NOWPayments (payments); Persona, Yoti (age verification); Supabase, Cloudflare, Bunny Stream (infrastructure); Hive AI (content classification); OpenRouter, Anthropic, Google (AI inference); RunPod (GPU compute); Resend (transactional email); Sentry (error logging).
• Legal requirements: in response to subpoenas, court orders, NCMEC obligations under 18 USC § 2258A, or other legally compelled disclosures.
• Safety: to investigate suspected fraud, abuse, or harm to others.
• Business transfers: if Tengen is involved in a merger, acquisition, or asset sale, your information may transfer to the successor entity. You will be notified.

We do not share your information with advertisers and do not run third-party ad-targeting scripts on the Service prior to age-gate acceptance.

5. Retention

• Account record — life of account + 90 days after deletion request.
• Generated content (private) — until user deletes or 90 days after account closure.
• Generated content (published) — tied to public catalog lifecycle.
• Generation prompt and audit logs — 5 years (chargeback rebuttal and law-enforcement requests).
• Content moderation records — 7 years.
• Payment transaction records — 7 years (US tax-record minimum).
• Age verification records — per Persona / Yoti contract (typically 7 years).
• Server / access logs — 30 days.
• Error logs (Sentry) — Sentry's standard retention with PII scrubbing.

6. Your Rights

Depending on your jurisdiction you may have rights to:

• Access the personal information we hold about you.
• Correct inaccurate information.
• Delete your information (subject to retention required for legal compliance, e.g., NCMEC reports, tax records).
• Object to or restrict certain processing.
• Data portability — receive your information in a machine-readable format.
• Withdraw consent for processing based on consent.
• Lodge a complaint with your local data protection authority.
• California residents (CCPA/CPRA): rights to know, delete, correct, opt out of sale/sharing (we do not sell or share for cross-context behavioral advertising), and limit use of sensitive personal information.

To exercise these rights, contact privacy@yurivan.com. We respond within 30 days (45 for CCPA/CPRA, extendable per statute). We may request identity verification before responding.

7. Security

• TLS 1.3 in transit; encryption at rest in Supabase Postgres and Cloudflare R2.
• Bcrypt password hashing.
• Sentry PII scrubbing in error logs.
• Cloudflare WAF and bot management.
• Limited-privilege database roles for Edge Functions.
• 30–60 minute presigned URL expiry for media access.
• Tokenization of payment instruments by processors; we never see full card numbers.

No system is perfectly secure. If we discover a breach affecting your personal information we will notify you and applicable regulators per applicable law.

8. Children

The Service is for adults 18+ only. We do not knowingly collect personal information from anyone under 18. If you believe a child has provided us with personal information contact privacy@yurivan.com and we will promptly delete it and, where required, report under 18 USC § 2258A.

9. International Users

Tengen AI Corp is based in the United States. By using the Service you consent to your information being processed in the US. Where required, we use Standard Contractual Clauses or equivalent transfer mechanisms for transfers from the EU/UK/ Switzerland. The Service is currently not available to users in Japan, South Korea, or the United Kingdom; users in those jurisdictions are blocked at the network edge.

10. Changes

We will post material changes to this Policy on this page and notify registered users by email at least 30 days before they take effect.

11. Contact

• Privacy: privacy@yurivan.com
• DMCA: dmca@yurivan.com
• Legal: legal@yurivan.com
• Mail: Tengen AI Corp, 2224 Augusta Place, Santa Clara, CA 95051 USA