Back to Home

Privacy Policy

Last Updated: October 18, 2025

1. Introduction

Difract AI, Inc. ("Difract," "we," "us," or "our"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Graph-Based Generative Video Engine platform, APIs, websites, and related services (collectively, the "Services").

By accessing or using our Services, you consent to the data practices described in this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.

2. Information We Collect

2.1 Information You Provide to Us

We collect information that you voluntarily provide to us, including:

  • Account Information: Name, email address, password, company name, and billing information when you create an account or subscribe to our Services.
  • User Content: Videos, images, text, scripts, narrative structures, and other content you upload, create, or generate using our Services.
  • Communications: Information you provide when you contact us for support, feedback, or inquiries.
  • Payment Information: Credit card numbers, billing addresses, and other payment details processed through our third-party payment processors.

2.2 Information Collected Automatically

When you access or use our Services, we automatically collect certain information, including:

  • Device Information: Device type, operating system, unique device identifiers, browser type, and version.
  • Usage Information: Pages viewed, features used, time spent on the Services, click patterns, and interaction data.
  • Log Data: IP address, access times, referring URLs, and system activity logs.
  • Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies to collect information about your interactions with our Services.

2.3 Information from Third Parties

We may receive information about you from third parties, including:

  • Authentication Providers: If you sign in using a third-party service (e.g., Google, GitHub), we receive your profile information from that service.
  • AI Service Providers: When you use integrated third-party AI services (e.g., Sora, Veo), we may receive usage and billing information.
  • Analytics Providers: We receive aggregated analytics data from third-party analytics services.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide and Maintain Services: To operate, deliver, and improve our Graph-Based Generative Video Engine and related features.
  • Process Transactions: To process payments, manage subscriptions, and fulfill your orders.
  • Personalize Experience: To customize and optimize your experience with the Services.
  • Communicate with You: To send you service-related notices, updates, security alerts, and support messages.
  • Improve Services: To analyze usage patterns, conduct research, and develop new features and products.
  • Train AI Models: With your consent, to improve our AI algorithms and Consistency Engine. You may opt out of this in your account settings.
  • Ensure Security: To detect, prevent, and address fraud, abuse, security risks, and technical issues.
  • Comply with Legal Obligations: To comply with applicable laws, regulations, and legal processes.

4. How We Share Your Information

We may share your information in the following circumstances:

  • Service Providers: We share information with third-party vendors who perform services on our behalf, such as payment processing, data analysis, email delivery, hosting, and customer service.
  • AI Service Partners: When you use integrated AI video generation services (e.g., Sora, Veo), your content may be processed by these third-party services in accordance with their privacy policies.
  • Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred as a business asset.
  • Legal Requirements: We may disclose your information if required by law, court order, or government request, or to protect our rights, property, or safety.
  • With Your Consent: We may share your information for other purposes with your explicit consent.

We do not sell your personal information to third parties.

5. Data Retention

We retain your information for as long as necessary to provide the Services, comply with our legal obligations, resolve disputes, and enforce our agreements. Specifically:

  • Account Information: Retained for the duration of your account plus 30 days after deletion request.
  • User Content and Generated Content: Retained until you delete it or close your account, unless required for legal purposes.
  • Usage Logs: Retained for up to 24 months for analytics and security purposes.
  • Payment Records: Retained for 7 years as required by tax and financial regulations.

6. Data Security

We implement industry-standard technical and organizational measures to protect your information, including:

  • Encryption of data in transit (TLS 1.3) and at rest (AES-256).
  • Regular security assessments and penetration testing.
  • Access controls and authentication mechanisms.
  • Employee training on data protection and security practices.
  • Incident response procedures for potential data breaches.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Your Rights and Choices

7.1 Access and Portability

You have the right to access the personal information we hold about you and to receive a copy of your data in a portable format.

7.2 Correction

You may update or correct your account information at any time through your account settings or by contacting us.

7.3 Deletion

You may request deletion of your personal information. We will delete your data unless we are required to retain it for legal purposes or legitimate business interests.

7.4 Opt-Out Rights

You may opt out of:

  • Marketing Communications: Unsubscribe from promotional emails using the link in any marketing email.
  • AI Training: Opt out of having your content used to train our AI models in your account settings.
  • Cookies: Manage cookie preferences through your browser settings or our cookie consent tool.

7.5 Do Not Track

Our Services do not currently respond to "Do Not Track" browser signals. However, you can manage tracking preferences through our cookie settings.

8. International Data Transfers

Difract is based in the United States. If you access our Services from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. We ensure appropriate safeguards are in place for international data transfers, including Standard Contractual Clauses approved by relevant authorities.

9. Children's Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: Request information about the categories and specific pieces of personal information we have collected.
  • Right to Delete: Request deletion of your personal information, subject to certain exceptions.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt-Out: Opt out of the sale or sharing of your personal information. Note: We do not sell personal information.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise these rights, contact us at privacy@difract.ai or use the privacy controls in your account settings.

11. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

  • Legal Basis: We process your data based on consent, contract performance, legitimate interests, or legal obligations.
  • Data Subject Rights: You have rights to access, rectify, erase, restrict processing, data portability, and object to processing.
  • Withdrawal of Consent: You may withdraw consent at any time without affecting the lawfulness of prior processing.
  • Supervisory Authority: You have the right to lodge a complaint with your local data protection authority.

12. Cookies and Tracking Technologies

We use the following types of cookies:

  • Essential Cookies: Required for the Services to function properly (e.g., authentication, security).
  • Analytics Cookies: Help us understand how users interact with our Services.
  • Preference Cookies: Remember your settings and preferences.

You can manage cookie preferences through your browser settings. Note that disabling certain cookies may affect the functionality of our Services.

13. Third-Party Links and Services

Our Services may contain links to third-party websites and integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last Updated" date. Your continued use of the Services after such changes constitutes your acceptance of the updated Privacy Policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Difract AI, Inc.
Data Protection Officer
Email: privacy@difract.com