Privacy Policy

Privacy Overview

At Mammouth AI, your privacy is of utmost importance to us. As a company based in Europe, we are committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable privacy laws. Transparency is at the heart of what we do, and we ensure your data is used only to provide the best possible service. Importantly, we make money exclusively from the subscriptions you pay, not by selling or monetizing your data in any other way.

1. Who We Are

The data controller for your personal data is Mammouth AI, registered and based in Paris, France. If you have questions about this Privacy Policy or want to exercise your rights, you can contact us.

2. What Data We Collect

We may collect and process the following categories of personal data to provide and improve our services:

User Data: This includes your prompts, system interactions, and conversations with our AI services.
Account Data: Information like your name, email address, and payment details (processed securely via third-party payment providers).
Security Data: Information related to usage logs, IP addresses, and device information for fraud prevention and security purposes.
Communication Data: Emails and support interactions to provide better customer service.

3. How and Why We Use Your Data

The purposes for which we collect and use your data include:

Providing the Services you request: To deliver AI-based functionality and support.
Improving our Services: For troubleshooting, technical improvements, and security monitoring.
Communication: Sending updates about your account, billing, and product changes (you can opt out of non-essential communications).
Compliance: Meeting legal, regulatory, and compliance obligations.

We process your personal data on the following legal bases:

Performance of a contract: To provide the services you’ve subscribed to.
Consent: When you explicitly agree (e.g., for customer service requests).
Legitimate interests: To prevent abuse, operate our services, and enhance security.
Legal compliance: To meet legal obligations, such as financial audits or fraud prevention.

4. How Long Do We Retain Your Data

We retain your personal data only for as long as it is necessary to fulfill the purposes for which it was collected or to comply with legal, regulatory, and contractual obligations. Below is a breakdown of our retention periods:

User Data

Purpose: Retained for the display of past conversations in history and to provide user assistance.
Retention Period:
- Active Users: Stored as long as your subscription is active.
- Deleted Data: Once you delete your data, we might retain it for up to 30 rolling days for abuse detection (e.g., to monitor for spam or misuse). After this period, it is permanently deleted.

Account Data

Purpose: Required for managing your subscription and resolving disputes.
Retention Period:
- Active Users: Stored for the duration of your registration.
- After Account Termination: Retained for up to 1 year after the end of your subscription for evidentiary and legal compliance purposes, after which it is securely deleted.

Security Data

Purpose: Stored to monitor system integrity, detect fraud, and prevent unauthorized access.
Retention Period: Retained for up to 1 rolling year, then deleted automatically.

Payment Data

Purpose: Processed securely by third-party payment providers for billing and fraud prevention.
Retention Period: Follows the retention period required by financial and tax regulations, usually 5 to 7 years, depending on your country of residence.

Communication Data

Purpose: Manage customer support inquiries and improve service delivery.
Retention Period: Retained for up to 2 years from the date of your last interaction, unless deletion is requested earlier.

Legal Obligations

If required by law, we may retain certain data beyond the retention periods outlined above, but only to the extent necessary to comply with applicable laws (e.g., tax regulations or court orders).

We may disclose your Personal Data to third parties to deliver you the promised services. Disclosures will only be so that we can process your Personal Data for the purposes set out above. Mammouth may share your Personal Data to the following third parties:

Third-party Service Providers:
To operate and deliver our services, we use trusted providers, including payment processors, email providers, and AI model API vendors. These providers are bound by contractual agreements to process your data only for the agreed purposes, in compliance with privacy laws.
Compliance with Laws:
We may disclose your data if required to do so by law, a court order, or other legal processes.

We do not sell or share your data for advertising purposes.

6. Data Security

We have robust measures in place to protect your personal data against unauthorized access, loss, destruction, or alteration. These include:

Encryption: Data in transit and at rest are encrypted. We use PostgreSQL and Google Cloud Platform.
Regular Audits: We periodically review our systems and data-handling processes for vulnerabilities and ensure security updates are applied promptly.

7. International Data Transfers

As we are based in Europe, your personal data is processed and stored within the European Economic Area (EEA). If data must be transferred outside the EEA (e.g., for certain AI model providers or third-party services), we ensure that it is done under adequate safeguards, such as through Standard Contractual Clauses (SCCs) or equivalent mechanisms approved by the European Commission.

8. Your Rights

As a resident of the European Economic Area (and where applicable in other regions), you have the following rights under the GDPR and similar privacy regulations:

Right to Access: You have the right to request a copy of the personal data we hold about you.
Right to Rectification: You can request corrections or updates to your data if it’s inaccurate or incomplete.
Right to Erasure (Right to Be Forgotten): You can request deletion of your data, subject to specific retention requirements under the law.
Right to Restrict Processing: You can request that we limit the processing of your data in certain situations.
Right to Objection: You can object to the processing of your data where we rely on legitimate interests as a legal basis.
Right to Data Portability: You have the right to request your data in a portable format for reuse elsewhere.
Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time.

You can exercise any of these rights by contacting us at [email protected]. If you feel we haven’t adequately addressed your rights, you have the right to lodge a complaint with your local Data Protection Authority (DPA).

9. Cookies and Tracking

We use cookies to authenticate your sessions.

Types of Cookies:
- Essential Cookies: Necessary for the operation of our services (authentication, language selection).

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, legal requirements, or industry standards. Notification of significant changes will be provided via email or within the service itself. Please check this page periodically for updates.

Last Updated: 22-05-2025

11. Contact Us

For questions, concerns, or requests regarding this Privacy Policy, you can contact us at:

Email: [email protected]

The Mammouth AI Team

We aim to deliver exceptional AI services while prioritizing your privacy every step of the way. Thank you for trusting us with your data. 🦣✨

Privacy Policy ​

Privacy Overview ​

1. Who We Are ​

2. What Data We Collect ​

3. How and Why We Use Your Data ​

4. How Long Do We Retain Your Data ​

User Data ​

Account Data ​

Security Data ​

Payment Data ​

Communication Data ​

Legal Obligations ​

5. When and with whom do we share your Personal Data? ​

6. Data Security ​

7. International Data Transfers ​

8. Your Rights ​

9. Cookies and Tracking ​

10. Changes to This Privacy Policy ​

11. Contact Us ​

The Mammouth AI Team ​