Privacy Notice

EverAI Limited ("EverAI", "we", "us" or "our") is the Controller for the processing implemented through this website accessible at https://candy.ai/ and/or any affiliated website to which visitors or users may be redirected (the "Services"). EverAI is duly incorporated in the Republic of Malta, having its address at 56 Central Business Centre, Triq Is-Soll, Santa Venera SVR 1833, Malta, and registered with the Malta Business Registry under the number C107181.

The Services are an online chat application that uses artificial intelligence algorithms to generate virtual and fictional characters (the "AI Companions"), with whom you as a user of the Services ("you") can chat and exchange messages. The Services also include, but are not necessarily limited to, other media such as images, videos and voice notes. Parts of the Services may require you to create a user account and/or become a paid subscriber.

This Privacy Notice details how EverAI collects, uses, discloses and handles your Personal Data for the Services and, as applicable, your rights under the European Union’s General Data Protection Regulation 2016/679, and Directive 2002/58/EC concerning the Processing of Personal Data and the protection of privacy in the electronic communications sector ("ePrivacy Directive") (together "EU GDPR"), the UK Data Protection Act 2018 and the Privacy and Electronic Communications, Regulations 2003 ("PECR") (together "UK GDPR"), or the Federal Act on Data Protection 235.1 ("FADP"), together referred to as "Applicable Data Protection Law".

By using the Services, you agree that you have read and understood our Privacy Notice.

All capitalized terms not otherwise defined in this Privacy Notice or in the GDPR shall have the following meaning:

- "Content": the information that you provide in order to register as a User and/or in the course of using our Services. Such information includes your Personal Data, inputs in the course of conversations with AI Companions, and outputs in response to the same;

- "Consent": any freely given, specific, informed and unambiguous indication of your wishes by which you, by a statement or a clear affirmative action, signifies agreement to the Processing of Personal Data relating to you;

- "Controller": the natural or legal person, alone or jointly with others, who determines the purposes and means of the Processing of Personal Data and for the purposes of the Services, EverAI;

- "Performance of our Services": the actions necessary for us to provide our Services;

- "Personal Data": any information relating to an identified or identifiable natural person (“Data Subject”), such as your name, address, marital status, date of birth, gender, office location, position, company name, spoken languages, photos, your account number, your location data;

- "Processing": any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

- "Subscription": an arrangement between EverAI Limited and you to enable you to benefit from and/or use the Services;

- "User", "you" and "your": collectively a person that has visited or is using the Services;

- "Visitor": anyone who is browsing the Services without a valid Subscription.

As we are committed to respecting your privacy, the Services will always be provided in accordance with the most relevant legal basis.

If you fail to provide your Personal Data, we may not be able to perform the Services pursuant to your Subscription. In such a case, we may have to cancel the Service, and we will notify you accordingly.

We may send you marketing communications about our Services, including alerts, newsletters, and invitations to events or functions which we believe might be of interest to you, or to update you with relevant information (such as commercial news).

If you do not wish to receive marketing communications, you can unsubscribe by:

a. Clicking on the 'Unsubscribe' or subscription preferences link in a direct marketing email from us; or

b. Contacting us using the contact details provided in Section 11.

Please note that opting out of marketing communications will not affect communications related to the Services.

We will obtain your express opt-in Consent before sharing your Personal Data with any company outside EverAI for marketing purposes.

You may request that we, or third parties, stop sending you direct marketing messages by adjusting your marketing preferences through the Services or via the opt-out links provided in marketing communications.

Candy.ai may share your information with:

a. Service providers to deliver the Services as follows:

   • Payment service providers (based in the EU for European users);

   • Hosting service providers (based in the US);

   • Email marketing tools providers (based in the US);

   • Affiliate partner tools (based in the EU).

b. Our professional advisers, as necessary for legal, accounting, IT, or public relations support.

c. Legal and regulatory authorities, as required by applicable laws and regulations; and

d. Our employees, as needed to perform their duties.

We will not disclose, sell, trade, or otherwise transfer your Personal Data to any third parties without your Consent, unless otherwise stated in this Privacy Notice.

In the event of a merger, acquisition, or asset sale, your Personal Data may be transferred to the relevant third parties, but will remain subject to this Privacy Notice.

We retain your Personal Data for as long as your account exists or as necessary to fulfill the purposes for which it was collected, or to provide you with the Services, unless otherwise required by law. When you terminate your account, we will retain your Personal Data for a period thereafter to address potential inquiries, legal requirements, or disputes.

Retention periods may be adjusted based on business or regulatory needs. Generally, we keep:

a. Personal Data related to your account for three to five years after your last use of the Services;

b. Financial and transactional data for seven years from their issuance date; and

c. Marketing data until you withdraw your Consent or for two years after your last interaction.

Our team is available to consider any account closure or requests to cease marketing communications.

EverAI Limited does not provide the Services or collect Personal Data from individuals under 18 years of age (or the applicable minimum age in your jurisdiction). The Services are intended for users who are at least 18 years old. If we discover that we have collected data from an underage individual, we will take immediate steps to delete such data and block the user.

The Services may contain links to third-party websites, plug-ins, and applications. Clicking on these links may allow third parties to collect or share information about you. We do not control these third-party websites and recommend reviewing their Privacy Notices.

You have the right to request a copy of your Personal Data that we hold in accordance with Article 15 GDPR. This includes information about:

a. The purposes of the Processing;

b. The categories of your Personal Data;

c. The recipients or categories of recipients to whom your Personal Data has been or will be disclosed, including in third countries or international organizations;

d. The duration for which your Personal Data will be stored, or the criteria used to determine that period;

e. The right to request rectification or erasure of Personal Data, or restriction of its Processing;

f. The right to lodge a complaint with a supervisory authority;

g. If your Personal Data was not collected directly from you, any available information about its source;

h. The existence of automated decision-making, including profiling.

You have the right to obtain from the Controller, without undue delay, the rectification of any inaccurate Personal Data about you. This allows you to have incomplete or inaccurate information corrected, subject to verification.

You can request the erasure of your Personal Data in circumstances where it is no longer necessary for the purposes for which it was collected; where you have withdrawn your Consent and no other legal basis applies; where it has been processed unlawfully; or in response to a successful objection. However, we may not be required to erase Personal Data if:

a. It is necessary for compliance with a legal obligation;

b. It is required for the establishment, exercise, or defense of legal claims; or

c. It is necessary for the performance of a contract.

You may request that we suspend the Processing of your Personal Data under certain conditions, such as when you contest the accuracy of the data, when the Processing is unlawful, or when you require the data to be retained for legal claims. We may continue to use your Personal Data if:

a. You have provided your Consent; or

b. It is necessary to establish, exercise, or defend legal claims, or to protect the rights of another person.

You can request that we provide your Personal Data in a structured, commonly used, and machine-readable format, or ask for it to be transferred directly to another Controller, where the Processing is based on your Consent or the performance of a contract.

You have the right to withdraw your Consent at any time and free of charge. Withdrawing Consent will not affect the lawfulness of Processing carried out before its withdrawal. However, if you withdraw your Consent, we may be unable to provide the Services to their full extent.

You can object to the Processing of your Personal Data based on our legitimate interests if you believe that your fundamental rights and freedoms override those interests. If you object, we will assess whether our compelling legitimate interests override your rights.

You can request that we change the manner in which we contact you for marketing purposes. You also have the right to withdraw your Consent for direct marketing at any time, free of charge.

You can request a copy of, or reference to, the safeguards under which your Personal Data is transferred outside of the EU, UK, or Switzerland, with any non-data protection related terms redacted.

If you have any questions, concerns, or complaints regarding this Privacy Notice or the Processing of your Personal Data, please attempt to resolve the issue with us first. If needed, you may also lodge a complaint with your local supervisory authority.

Privacy Team
Email: [email protected]
Mailing Address: EverAI Limited, 56 Central Business Centre, Triq Is-Soll, Santa Venera SVR 1833, Malta

We will make every reasonable effort to address your request promptly. We aim to respond to all legitimate requests within one month. In complex cases, we will keep you informed of any delays.

We have implemented appropriate security measures to prevent your Personal Data from being accidentally lost, used, or accessed in an unauthorized manner, altered, or disclosed.

We may update this Privacy Notice from time to time to reflect changes in our practices or applicable law. If we make substantial changes, we will notify you by other means (such as email) prior to the changes taking effect. Your continued use of the Services after such changes constitutes your acceptance of the revised Privacy Notice.