Privacy Policy

Scope of the Privacy Policy

The company OttoLab Media Ltda., with CNPJ number 58.349.059/0001-70 and registered office at Avenida Alexandre Rasgulaeff, Doutor, n° 4370, Box Virtual 468, Jardim Imperial II, CEP 87.023-060, Maringá-PR, Brazil, in its capacity as Controller, collects and further processes your personal data only if strictly necessary, for clear and legitimate purposes, under Brazilian Law 13.709/2018 (LGPD), and where applicable, Regulation (EU) 2016/679 (GDPR) and the California Consumer Privacy Act (CCPA), during the operation of its website and platform pryda.ai (hereinafter referred to as the "Website" or "Platform") and for the processing of your personal data.

Useful Data Protection Terms

For the purposes of this Policy, the following terms are important to be defined:

  • personal data: any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified by reference to an identifier such as a name, an identification number, location data, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • personal data of special categories or sensitive personal data: personal information that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, and genetic data, biometric data which allows to uniquely identify a natural person, health data and/or data regarding sexual orientation.
  • minors' data: personal data of persons under the age of 18. We do not seek or obtain personal data directly from minors. As it is impossible to always determine the age of persons who access and use our services, we implement mechanisms for age verification and strictly prohibit access to individuals under 18 years old. We encourage parents or guardians to contact us if they notice any case of unauthorized data provision by minors, in order to exercise their rights, such as requesting immediate deletion of such data.
  • processing: any operation performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. In this case, OttoLab Media Ltda..
  • processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  • recipient: a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with applicable law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
  • third party: a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
  • consent of the data subject: any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he/she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him/her.
  • AI-generated content: any media, dialogue, or response generated by artificial intelligence based on user interaction within the Platform. Such content may be associated with pseudonymous identifiers, but will not be linked to personally identifiable information unless explicitly provided by the user.
  • Regulatory Framework: The relevant national and international data protection regulatory frameworks, namely the Lei Geral de Proteção de Dados (LGPD - Brazil, Law 13.709/2018), the California Consumer Privacy Act (CCPA), and, where applicable, the Regulation (EU) 2016/679 (GDPR). This also includes the jurisprudence of the Court of Justice of the European Union (CJEU), as well as the Decisions, Directives and Opinions of the European Data Protection Board (EDPB), the Brazilian National Data Protection Authority (ANPD), and other competent supervisory authorities.

B. Data collected by the Company through the website pryda.ai

When browsing and using the site, the following are collected and further processed:

B.1 Registration

Categories of Personal Data

  • Identification data (e.g. First name, IP address)
  • Communication data (e.g. Email address)
  • Gender or pronouns (optional)

Origin: You / Google / X / Apple (if you sign up via those accounts)

Purpose: Account creation and personalization of your experience

Legal Basis: Article 6(1)(b) GDPR, Art. 7(V) LGPD (contractual necessity)

Retention Period: 5 years after the erasure of your account

Recipients:

  • Hosting providers
  • Payment processors
  • Analytics platforms

B.2 Chat Usage

Categories of Personal Data

  • Text input during conversations
  • AI companion configuration preferences
  • Media shared by the user (image, audio, video – if allowed)
  • Fetish-related or NSFW textual preferences (optional)

Purpose: To deliver personalized and interactive AI-based experiences, including optional NSFW content

Legal Basis: Article 22(2)(a) GDPR (automated processing with explicit consent), Art. 11(1) LGPD (explicit consent for sensitive data)

Retention Period: 5 years after account deletion or as required by law

Recipients:

  • AI model providers (e.g. OpenAI, Anthropic)
  • Hosting infrastructure
  • Image generation services
  • Security/moderation partners

C. Automated Decision-Making and Conversation Audits

Our service is based on an AI platform; therefore, we perform automated decision-making processing. It is important to highlight that, for purposes of quality control and model improvement, periodic sample checks may be carried out on conversations by Pryda's internal team. These audits are conducted with clear and legitimate purposes, strictly limited in scope, and never involve continuous or unrestricted monitoring of users.

Your communication with the chatbot may become visible to our employees, exclusively for technical or safety purposes, and such employees are bound by strict confidentiality and data protection agreements. These audits are not used for profiling or personal targeting and serve only to enhance platform safety, detect abuse, and improve AI response quality.

D. Data Collected Automatically

When you use our website, we collect certain data automatically—some of which may qualify as personal data. These include, but are not limited to:

  • Language settings
  • IP address
  • Approximate location
  • Device configuration and operating system
  • Time and duration of activity
  • Referring URLs and status codes
  • Browser version and type
  • User behavior (e.g., visited pages, viewed content)
  • User type (visitor or registered account)

Legal basis: The legal basis for collecting this data is our legitimate interest in ensuring platform security, optimizing user experience, monitoring technical performance, and preventing abuse and fraud (GDPR Art. 6(1)(f), LGPD Art. 7, IX).

For more information, please see our Cookie Policy

E. Collection and Further Processing of Minors' Personal Data

In principle, Pryda does not collect or process data from minors (i.e., individuals under the age of 18). However, since we cannot always verify the real age of individuals accessing the platform, we ask parents and legal guardians to notify us immediately if they become aware of any unauthorized use or disclosure of personal data involving minors under their responsibility.

In such cases, Pryda commits to promptly delete any minor-related data and take all necessary steps to safeguard the affected individual. You may contact us at: pryda.ai@gmail.com

F. Transfer of Personal Data Outside the EEA

Although Pryda operates globally, we strive to store and process your personal data within compliant jurisdictions.

In cases where personal data is transferred to countries outside the European Economic Area (EEA), such transfer will take place in accordance with Chapter V of the GDPR and the LGPD, based on one of the following legal bases:

  • Adequacy Decisions by the European Commission (GDPR Art. 45)
  • Standard Contractual Clauses (SCCs) or other appropriate safeguards (GDPR Art. 46, LGPD Art. 33)

In limited cases, where applicable:

  • Your explicit consent, after being informed of potential risks
  • Contractual necessity, such as data processing to deliver a service
  • Public interest or legal claims, or
  • Vital interest of the data subject (GDPR Art. 49)

Our service providers (e.g., cloud hosting, payment gateways) are required to adhere to data protection agreements and use standard mechanisms to protect your information across borders.

G. Your Rights

We ensure that it can respond directly and promptly to user requests regarding the exercise of their data protection rights, in full compliance with the applicable Regulatory Frameworks, including the General Data Protection Regulation (GDPR), the Lei Geral de Proteção de Dados (LGPD), and the California Consumer Privacy Act (CCPA).

Every data subject has the following rights:

  • Access: The right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data.
  • Rectification: The right to request the correction of inaccurate or incomplete personal data.
  • Erasure (Right to be Forgotten): The right to request deletion of your personal data, under certain conditions.
  • Restriction of Processing: The right to request a limitation on the processing of your personal data when accuracy is contested, processing is unlawful, or data is no longer needed.
  • Portability: The right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format and the right to transmit that data to another controller.

To exercise any of these rights, please contact us at pryda.ai@gmail.com. We will respond to your request within the period specified by applicable laws, typically within 30 days.

If you are located in the European Union, Brazil, or the United States (California) and believe that your data rights have not been respected, you may lodge a complaint with your local data protection authority.

Additional Rights and Contact Information

In addition to the rights listed above, you may also request the portability or transmission of your personal data to yourself or to a third party. Furthermore, you may withdraw your consent to processing at any time, without affecting the lawfulness of processing carried out before the withdrawal.

You are also entitled to object to the processing of your personal data when such processing is based on our legitimate interests.

To exercise any of the above rights, or for any matter related to the processing of your personal data by OttoLab, you may contact us via email at: 📧 privacy@pryda.ai

We will respond to your request promptly and, in any case, within thirty (30) days of receipt, in accordance with applicable data protection laws. You will be informed in writing of the progress or outcome of your request.

If you are not satisfied with our response or handling of your data, you may lodge a complaint with your local Data Protection Authority. For example:

  • European Union users may contact their national supervisory authority.
  • Brazilian users may contact the ANPD – Autoridade Nacional de Proteção de Dados.
  • United States (California) users may exercise their rights under the CCPA and contact the California Attorney General's Office if needed.

Disclaimer for Third-Party Sites and Social Media Buttons

Our Platform may include links or integrations with third-party websites and social media buttons (such as Google, Instagram, X/Twitter, YouTube, etc.). These features may collect certain information, such as your IP address or pages you visit, and may set cookies to enable proper functionality.

When interacting with these services while logged into your social media accounts, a digital footprint may be created. In such cases, OttoLab and the respective social media platforms act as joint controllers for the initial collection of data. However, OttoLab does not control or take responsibility for any further data processing carried out by these platforms beyond the scope of our website.

The purpose of such integrations is to enhance website functionality and analyze traffic, based on our legitimate interest in connecting with users through modern digital channels (in accordance with Article 6(1)(f) GDPR and similar provisions under applicable laws).

For more information about how these third parties process your data and how you can manage your settings, please consult their respective privacy policies:

  • Google Privacy Policy
  • X (Twitter) Privacy Policy
  • Instagram Privacy Policy
  • YouTube Privacy Policy

For questions about this Privacy Policy, please contact us at privacy@pryda.ai