Legal

Privacy Policy

Effective 13 June 2026

This Privacy Policy explains how Nightveil.ai, KD Vassiliou Group Limited ("Nightveil.ai," "we," "our," and "us") collects, uses, stores, shares, and otherwise processes personal data when you access or use Nightveil.ai, our website at nightveil.ai, and any related products, applications, websites, features, or services that link to this Privacy Policy (collectively, the "Service").

This Privacy Policy is intended to provide information required under applicable European data-protection laws, including, where applicable, the General Data Protection Regulation, the UK General Data Protection Regulation, the UK Data Protection Act 2018, the Swiss Federal Act on Data Protection, and applicable ePrivacy and cookie rules.

For the purposes of applicable data-protection laws, Nightveil.ai is the controller of the personal data described in this Privacy Policy, unless we state otherwise.

Controller details

Nightveil.ai / KD Vassiliou Group Limited

[Registered address — to be completed]

Email: [email protected]

EU representative, if applicable: [To be confirmed]

UK representative, if applicable: [To be confirmed]

Data Protection Officer, if applicable: [To be confirmed]

By using the Service, you acknowledge that we process your personal data as described in this Privacy Policy. Your use of the Service is also subject to our Terms of Service.

1. Personal Data We Collect

"Personal data" means any information relating to an identified or identifiable individual. We may collect personal data directly from you, automatically when you use the Service, and from third parties.

A. Personal Data You Provide to Us

Account and registration information. If you create an account, we may collect information such as your email address, username, authentication method, account settings, and any other information you provide during registration.

No-account users. If you use the Service without creating an account, we may collect limited technical metadata, such as IP address, browser type, approximate time zone, device information, and usage information. We use this information to provide the Service, protect against abuse, secure the Service, and improve user experience.

Third-party login information. If you sign in using a third-party account, such as Google, Apple, Discord, or another supported provider, we may receive information from that provider, such as your email address, profile image, account identifier, and authentication status, depending on your settings with that provider.

Payment information. If you purchase a paid plan or other paid feature, payment-related information may be collected and processed by our payment service providers. We do not store full payment-card details unless expressly stated. We may receive limited billing, transaction, subscription, invoice, or payment-status information.

Service content. The Service may allow you to submit text, audio, voice recordings, images, documents, files, prompts, instructions, and other materials ("Inputs") and may generate, display, or return responses, outputs, images, videos, or other content ("Outputs"). Depending on how the Service is configured, we may process Inputs and Outputs to provide the Service, maintain safety and security, comply with legal obligations, and enforce our Terms.

Communications. If you contact us, we may collect your name, email address, the content of your message, attachments, support history, and any other information you choose to provide. Third-party vendors may process these communications on our behalf.

Marketing and social media interactions. If you interact with Nightveil.ai on social media or subscribe to marketing communications, we may collect information such as your name, username, email address, profile information, message content, and communication preferences.

Careers. If you apply for a job with us, we may collect your name, contact details, CV or résumé, employment history, education history, portfolio, references, interview notes, and any other information you provide during the recruitment process.

Other information you provide. We may collect other information you choose to provide, such as survey responses, event registrations, feedback, research participation, or beta-program information.

B. Personal Data Collected Automatically

Device and technical information. We may collect information about the device and software you use to access the Service, including IP address, device type, browser type and version, operating system, device identifiers, language settings, referral URLs, crash logs, and diagnostic information.

Usage information. We may collect information about how you use the Service, such as pages viewed, features used, session timestamps, log-in events, account actions, subscription actions, chat or project creation events, deletion actions, error messages, and other Service interactions.

Location information. We may infer your general location, such as city, region, or country, from your IP address. We do not collect precise location unless we provide separate notice and obtain any required consent.

Cookies and similar technologies. We and our partners may use cookies, pixels, SDKs, local storage, and similar technologies to operate the Service, remember preferences, analyze usage, prevent fraud, improve security, and, where permitted, provide or measure marketing. Where required by law, we will request consent before using non-essential cookies or similar technologies.

C. Likeness, Image, Voice, and Biometric-Adjacent Information

The Service may allow you to upload images, videos, voice recordings, or other materials that include your likeness, voice, or other identifiable characteristics. Where required by law, we will request your explicit consent before processing such information for features that require it.

You must only upload likeness, image, voice, or similar content relating to another person if you have the legal right to do so and, where required, that person's explicit consent.

Unless we state otherwise in a separate product notice, we do not use likeness, image, voice, or biometric feature data to identify you, authenticate you, or create biometric identifiers. If a feature involves biometric data or special-category data under applicable law, we will provide additional notice and obtain any consent required by law.

2. How We Use Personal Data

We process personal data for the following purposes:

To provide, operate, maintain, and secure the Service.
To create and manage accounts.
To authenticate users and prevent unauthorized access.
To process subscriptions, payments, invoices, and transactions.
To provide customer support and respond to inquiries.
To generate, display, or return Outputs based on your Inputs.
To maintain, troubleshoot, debug, and improve the Service.
To understand usage patterns and develop new features.
To detect, prevent, and address fraud, abuse, spam, security incidents, and harmful activity.
To enforce our Terms of Service and other legal rights.
To comply with legal, regulatory, tax, accounting, and court obligations.
To send administrative messages, such as service updates, security notices, and account notifications.
To send marketing communications, where permitted by law and subject to your choices.
To process job applications.
To create aggregated or de-identified information that does not identify you.
To carry out any other purpose disclosed to you at the time of collection.

3. Legal Bases for Processing European Personal Data

Where European data-protection laws apply, we process your personal data only when we have a valid legal basis. The legal bases we rely on may include:

Contract necessity. We process personal data where necessary to provide the Service, manage your account, respond to your requests, process payments, and perform our contract with you.

Legitimate interests. We process personal data where necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your rights and interests. These interests may include securing the Service, preventing abuse, improving performance, analyzing use of the Service, developing features, and protecting our legal rights.

Consent. We process personal data based on consent where required, such as for certain marketing communications, non-essential cookies, or features involving sensitive personal data or likeness processing. You may withdraw consent at any time.

Legal obligation. We process personal data where necessary to comply with legal obligations, such as tax, accounting, regulatory, law-enforcement, court, employment, or consumer-protection obligations.

Vital interests. In limited circumstances, we may process personal data where necessary to protect someone's vital interests.

Public interest. In rare circumstances, we may process personal data where necessary for a task carried out in the public interest, where applicable law permits.

4. Processing Purposes, Categories, and Legal Bases

Account registration and authentication. Categories: email address, login credentials, third-party login identifiers, account settings, technical metadata. Legal bases: contract necessity, legitimate interests, legal obligation where applicable.

Providing AI features and generating Outputs. Categories: Inputs, Outputs, account information, usage information, device information. Legal bases: contract necessity, consent where required, legitimate interests.

Security, fraud prevention, and abuse monitoring. Categories: IP address, device identifiers, usage logs, account actions, security events, technical metadata. Legal bases: legitimate interests, legal obligation.

Payments and billing. Categories: transaction records, subscription status, billing details, invoice information, limited payment-provider information. Legal bases: contract necessity, legal obligation, legitimate interests.

Customer support. Categories: contact details, messages, attachments, support history, account information. Legal bases: contract necessity, legitimate interests, legal obligation where applicable.

Product improvement and analytics. Categories: usage data, device data, diagnostics, aggregated or de-identified data. Legal bases: legitimate interests, consent where required for cookies or similar technologies.

Marketing. Categories: email address, communication preferences, engagement information. Legal bases: consent where required, legitimate interests where permitted by law.

Recruitment. Categories: contact details, CV or résumé, employment history, education history, interview information, references. Legal bases: contract necessity, legitimate interests, legal obligation, consent where required.

Legal compliance and rights enforcement. Categories: account information, transaction data, communications, usage logs, other relevant personal data. Legal bases: legal obligation, legitimate interests.

5. How We Share Personal Data

We may share personal data with the following categories of recipients:

Service providers and vendors. We use third-party service providers to help us operate the Service, including hosting providers, cloud infrastructure providers, analytics providers, payment processors, customer-support providers, communications providers, fraud-prevention providers, security providers, and professional advisers. These providers process personal data on our behalf and must protect it in accordance with applicable law and contractual obligations.

Model and infrastructure providers. Where necessary to provide AI features, Inputs and Outputs may be processed by model, compute, or infrastructure providers. We seek to use providers subject to appropriate contractual, security, confidentiality, and data-protection restrictions. Where we state that a provider is subject to zero-retention or limited-retention terms, this means the provider is contractually restricted from retaining or using Inputs or Outputs beyond what is necessary to provide the requested processing, subject to applicable law and the provider's applicable terms.

Affiliates. We may share personal data with our affiliates for purposes consistent with this Privacy Policy.

Analytics and measurement partners. Where permitted by law and subject to your cookie choices, we may use analytics tools to understand how users interact with the Service and improve it.

Payment processors. Payment processors may collect and process payment information to complete transactions, manage subscriptions, detect fraud, and comply with financial obligations.

Professional advisers. We may share personal data with lawyers, auditors, insurers, accountants, consultants, and other professional advisers where necessary.

Legal and safety disclosures. We may disclose personal data if we believe disclosure is necessary or appropriate to comply with law, legal process, court orders, regulatory requests, law-enforcement requests, enforce our Terms, protect rights, property, or safety, investigate fraud or abuse, or defend against legal claims.

Corporate transactions. If we are involved in a merger, acquisition, financing, restructuring, bankruptcy, sale of assets, or similar transaction, personal data may be disclosed or transferred as part of that transaction, subject to applicable law.

With your consent. We may share personal data where you direct us to do so or give us permission.

6. Cookies and Similar Technologies

We may use cookies and similar technologies for the following purposes:

Essential cookies. These are necessary to provide core Service functionality, such as login, security, session management, fraud prevention, and account features.

Preference cookies. These remember choices such as language, region, or interface settings.

Analytics cookies. These help us understand how the Service is used and improve performance and functionality.

Marketing cookies. Where used, these help measure or deliver marketing and may track interactions across services, subject to applicable law and your consent where required.

Where required by European law, we will request consent before placing or accessing non-essential cookies on your device. You may be able to manage cookie preferences through our cookie banner, privacy settings, or your browser settings.

7. International Transfers

Nightveil.ai may process and store personal data in countries outside your country of residence, including countries that may not provide the same level of data protection as your jurisdiction.

Where European data-protection laws apply and personal data is transferred outside the EEA, UK, or Switzerland, we will use appropriate safeguards where required. These may include adequacy decisions, standard contractual clauses, the UK International Data Transfer Agreement or Addendum, Swiss transfer safeguards, binding corporate rules, transfer risk assessments, or derogations permitted by law.

You may contact us at [email protected] for more information about the safeguards we use for international transfers.

8. Retention

We retain personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. When determining retention periods, we consider factors such as:

The type and sensitivity of the personal data.
The purposes for which we process it.
The duration of our relationship with you.
Whether you maintain an account with us.
Legal, regulatory, tax, accounting, or reporting requirements.
Security, fraud-prevention, dispute-resolution, and enforcement needs.
Applicable limitation periods.

We may retain aggregated or de-identified information that no longer identifies you.

Where the Service includes temporary processing of uploaded files, images, videos, audio, or other content, specific retention periods may be described in product notices, feature descriptions, or account settings.

9. Your European Privacy Rights

Depending on your location and applicable law, you may have the following rights:

Access. You may request confirmation of whether we process your personal data and request a copy of that personal data.

Portability. You may request a machine-readable copy of personal data you provided to us, where applicable.

Rectification. You may request correction of inaccurate or incomplete personal data.

Deletion. You may request deletion of your personal data, subject to legal exceptions.

Restriction. You may request that we restrict processing of your personal data in certain circumstances.

Objection. You may object to processing based on legitimate interests or direct marketing.

Consent withdrawal. Where we rely on consent, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

Marketing opt-out. You may unsubscribe from marketing emails using the link in those emails or by contacting us. You may still receive administrative or transactional messages.

Complaint. You may lodge a complaint with a data-protection supervisory authority in your country of residence, place of work, or where you believe an infringement occurred. We would appreciate the opportunity to address your concern first, so you may contact us at [email protected].

To exercise your rights, contact us at [email protected]. We may ask you to provide information reasonably necessary to verify your identity and process your request. Some rights are subject to limitations and exceptions under applicable law.

10. Likeness, Image, Voice, and Face-Asset Requests

Where the Service processes likeness, image, voice, or face-asset information, you may request access, correction, deletion, or a copy of the relevant personal data we hold, subject to applicable law.

You may also withdraw consent for processing that depends on consent by contacting [email protected] or using any available in-product controls.

If a feature uses third-party processing for image, video, voice, or likeness generation, we will require such providers to process the information only as instructed and subject to appropriate contractual safeguards, unless otherwise disclosed to you.

11. Security

We use technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, and disclosure. These measures may include access controls, encryption, logging, monitoring, vendor controls, and security reviews.

No electronic transmission or storage system is completely secure. We cannot guarantee absolute security, but we work to protect personal data using measures appropriate to the nature of the data and the risks involved.

12. Children's Privacy

The Service is not directed to children. We do not knowingly collect personal data from children below the age at which they may lawfully use online services under applicable law.

If you believe a child has provided personal data to Nightveil.ai in violation of this Privacy Policy, contact us at [email protected] and we will take appropriate steps.

13. Third-Party Services

The Service may contain links to third-party websites, applications, products, or services that we do not own or control. This Privacy Policy does not apply to third-party services. We are not responsible for the privacy practices of third parties. We encourage you to review their privacy policies before providing personal data to them.

14. Automated Decision-Making

We do not use personal data for decisions based solely on automated processing that produce legal or similarly significant effects, unless we provide separate notice and comply with applicable legal requirements.

The Service may use automated systems to generate Outputs, recommend content, detect abuse, improve safety, or operate features. These automated processes are used to provide and protect the Service and do not necessarily constitute automated decision-making with legal or similarly significant effects.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will post the updated version and update the effective date. Where required by law, we will provide additional notice or request consent.