Privacy Policy

Effective Date: May 13, 2026

1001480245 ONTARIO INC. ("Ophelia", "we", "us", or "our") operates an AI-powered content and video generation platform that helps users create images, videos, audio, and marketing materials. This Privacy Policy describes how we collect, use, store, and protect personal information when you access or use our website at ophelias.ai and any related services (collectively, the "Service").

We may provide additional or supplemental privacy notices for specific products or features at the time we collect information.

NOTICE TO EUROPEAN USERS: Please see the Notice to European Users section below for additional information that applies to individuals located in the European Economic Area (EEA) or United Kingdom.

NOTICE TO CALIFORNIA USERS: Please see the Notice to U.S. State Residents section below for additional rights under the CCPA/CPRA and similar U.S. state privacy laws.

NOTICE TO CANADIAN USERS: Please see the Notice to Canadian Users section below for information specific to PIPEDA and provincial privacy laws.

Index

Personal Information We Collect
How We Use Your Personal Information
Our Position on AI Training
Retention
How We Share Your Personal Information
Your Choices
Other Sites and Services
Security
International Data Transfers
Children
Changes to This Privacy Policy
Notice to European Users
Notice to U.S. State Residents
Notice to Canadian Users
How to Contact Us

1. Personal Information We Collect

1.1 Information you provide to us

Contact data: first and last name, email address, billing and mailing address, phone number.
Profile data: username, password, biographical details, links to social profiles, preferences, and any other information you add to your account profile.
Demographic data: where voluntarily provided, such as date of birth, age, and location.
Communications data: the contents of messages you send us through the Service, social media, email, or other channels.
Transactional data: information related to your orders, subscriptions, and credit purchases on the Service, including order numbers, credit balances, and transaction history.
Payment data: payment card information or bank account details needed to complete transactions. Payment data is collected and stored by our payment processors (e.g., Stripe), not by Ophelia directly.
Marketing data: your preferences for receiving marketing communications and your engagement with them.
User-shared multimedia data: text, prompts, images, videos, audio, and other content you upload to or generate through the Service, including associated metadata (such as how, when, and by whom a piece of content was created or edited, and keywords or location data added to content).
Query and prompt data: commands, descriptions, comments, questions, and other input you provide through the Service, including associated metadata.
Feedback data: information about your experience with the Service.
Other data not listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.

YOU SHOULD NOT PROVIDE US WITH ANY CONFIDENTIAL, SENSITIVE, UNLICENSED PROPRIETARY, OR BIOMETRIC INFORMATION THROUGH THE SERVICE.

1.2 Third-party sources

We may combine information you provide with information we obtain from:

Public sources, such as public records and publicly available platforms.
Service providers that help us operate the Service.
Third-party authentication services you use to sign in (for example, Google). The information we receive depends on your account settings on that third-party service. Our use and disclosure of information received from Google's APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

1.3 Automatic data collection

We and our service providers may automatically log information about you, your device, and your interactions with the Service, including:

Device data: operating system, manufacturer and model, browser type, screen resolution, IP address, unique identifiers, language settings, network information, and general location (city, state, or geographic area).
Online activity data: pages or screens viewed, time spent, referring website, navigation paths, access times, and whether you opened our emails or clicked links.
Location data: where you authorize the Service to access your device's location.
Communication interaction data: your interactions with our emails or other communications, sometimes via pixel tags embedded invisibly in our emails.

1.4 Cookies and similar technologies

Some of our automatic data collection is facilitated by cookies, web beacons, pixels, and similar technologies. Most browsers let you remove or reject cookies through your browser settings. Note that disabling cookies may affect the Service's functionality.

2. How We Use Your Personal Information

We may use your personal information for the following purposes, or as otherwise described at the time of collection:

2.1 Service delivery and operations

Provide and operate the Service;
Develop new features and services;
Enable security features;
Establish and maintain your account;
Process your content, prompts, and generation requests;
Communicate with you about the Service, including announcements, updates, security alerts, and support messages;
Respond to your requests, questions, and feedback.

2.2 Service personalization

Understand your preferences and interests;
Personalize your experience and our communications;
Remember your selections as you use the Service.

2.3 Service improvement and analytics

We may analyze your usage of the Service (such as which features are most used and how users navigate the platform) to improve the Service, develop new products, and understand user activity. See Section 3 for our specific policy on AI training.

2.4 Marketing

We and our service providers may send you direct marketing communications. You can opt out as described in Section 6.

2.5 Compliance and protection

Comply with applicable laws, lawful requests, and legal process;
Protect our, your, or others' rights, privacy, safety, or property;
Audit our internal processes for legal and contractual compliance;
Enforce our Terms of Service;
Prevent, identify, and deter fraudulent, harmful, or illegal activity, including cyberattacks and identity theft.

2.6 Aggregated and de-identified data

We may create aggregated, de-identified, or anonymized data from your personal information. This data does not identify you and may be used for any lawful business purpose, including analyzing and improving the Service.

3. Our Position on AI Training

We do not use your user-shared multimedia data, prompts, or generated outputs to train our AI models.

Ophelia's content generation is powered by third-party AI model providers. We route your prompts and inputs to these providers solely to fulfill your generation requests. We do not retain your content for the purpose of training, fine-tuning, or improving any AI model owned or operated by Ophelia.

Third-party model providers are bound by their own data handling policies, which may apply when your prompts are processed by them. We work to select model providers that align with our privacy commitments, and where available, we use API tiers that exclude customer inputs and outputs from provider training. Because these providers operate independently, you should review their privacy policies if you want to understand their practices in detail.

If we ever change this position, we will update this Privacy Policy and notify you before the change takes effect.

4. Retention

4.1 General

We retain personal information for as long as necessary to fulfill the purposes for which we collected it, including to comply with legal, accounting, or reporting requirements, to establish or defend legal claims, and to prevent fraud.

To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the information, the potential risk from unauthorized use or disclosure, the purposes for which we process it, and applicable legal requirements.

4.2 Content deletion

You may remove content from your account at any time. Removed content may remain on our active servers for up to 30 days, and copies may persist in backups for a limited additional period before being purged.

If you cancel your account, your content will become inaccessible and should be purged from our systems within 90 days, subject to legal holds or audit requirements.

4.3 When information is no longer needed

When we no longer need personal information, we will either delete it, anonymize it, or isolate it from further processing.

5. How We Share Your Personal Information

We may share your personal information with:

Affiliates: our corporate parent, subsidiaries, and affiliates.
Service providers: third parties that provide services on our behalf, including hosting, cloud infrastructure, AI model providers, customer support, email delivery, analytics, and security.
Payment processors: such as Stripe. Payment information you provide is processed by them under their own privacy policies (see Stripe's Privacy Policy).
AI model providers: third-party AI services we use to fulfill generation requests. Your prompts and inputs may be transmitted to them solely to generate your requested output. See Section 3 for more on AI training.
Third parties you designate: where you instruct us or consent to share your content or information.
Authorities and others: law enforcement, government authorities, and private parties where we believe in good faith that disclosure is necessary or appropriate for compliance, legal process, or protection of rights, property, or safety.
Professional advisors: such as lawyers, auditors, and insurers, where necessary.
Business transferees: in connection with an actual or prospective merger, acquisition, financing, sale of assets, or similar transaction. We may also disclose personal information to an acquirer or successor.
Other users and the public: profile information and content you make public will be visible to other users and the public. We are not responsible for how others may use, cache, or copy this information.

6. Your Choices

6.1 Access or update your information

You may review and update certain account information by signing in to your account.

6.2 Opt out of marketing communications

You may opt out of marketing emails by following the unsubscribe instructions in the email or by contacting us. You may continue to receive non-marketing service messages (such as billing notices).

6.3 Cookies

Most browsers let you remove or reject cookies through your browser settings. Visit www.allaboutcookies.org for more information.

6.4 Do Not Track

Our Service does not currently respond to "Do Not Track" browser signals.

6.5 Declining to provide information

You are not required to provide personal information. However, if you do not provide information we identify as required, we may not be able to provide some or all of the Service.

6.6 Linked third-party services

If you connect to the Service through a third-party platform (such as Google), you may be able to use your settings on that platform to limit what we receive. Revoking access on the third-party platform does not apply to information we have already received.

6.7 Delete your content or close your account

You can delete certain content directly from your account. To close your account, contact us at hello@ophelias.ai. See Section 4.2 for our deletion timelines.

7. Other Sites and Services

The Service may contain links to third-party websites and services. These are not under our control, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you use.

8. Security

We employ technical, organizational, and physical safeguards designed to protect personal information. However, no method of transmission or storage is fully secure, and we cannot guarantee the security of your personal information.

9. International Data Transfers

Ophelia is based in Canada. Your personal information may be transferred to and processed in Canada, the United States, the European Union, or other locations where we or our service providers operate. Privacy laws in those locations may differ from those in your jurisdiction.

Where required, we use appropriate safeguards (such as Standard Contractual Clauses) for international transfers.

10. Children

The Service is not intended for anyone under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us at hello@ophelias.ai and we will take appropriate steps to delete it.

11. Changes to This Privacy Policy

We may modify this Privacy Policy at any time. If we make material changes, we will notify you by updating the effective date and posting the updated policy on the Service, or by other appropriate means. Your continued use of the Service after the effective date constitutes acceptance of the modified policy.

12. Notice to European Users

12.1 Where this notice applies

This section applies to individuals located in the European Economic Area (EEA) or the United Kingdom ("Europe").

12.2 Controller

1001480245 ONTARIO INC. is the "controller" of personal information processed under this Privacy Policy for purposes of the GDPR.

12.3 Legal bases for processing

We rely on the following legal bases:

Contractual necessity: where processing is necessary to deliver the Service or take steps you have requested.
Legitimate interests: where processing is necessary for our legitimate interests (such as operating, securing, and improving the Service) and your interests and fundamental rights do not override those interests.
Compliance with law: where processing is necessary to comply with a legal or regulatory obligation.
Consent: where you have given specific consent.

12.4 Your rights

Subject to applicable law, you may have the right to:

Access the personal information we hold about you;
Correct inaccurate or incomplete information;
Delete your personal information where there is no good reason for us to continue processing it;
Restrict processing in certain circumstances;
Object to processing where we rely on legitimate interests, including for direct marketing;
Data portability: receive a machine-readable copy of certain information;
Withdraw consent where we rely on consent.

To exercise these rights, contact us at hello@ophelias.ai. We may need to verify your identity before responding. We aim to respond within one month.

12.5 Right to lodge a complaint

You have the right to lodge a complaint with the data protection regulator in your country of residence. For EEA users, contact information is available at edpb.europa.eu. For UK users, see the ICO.

12.6 No automated decision-making

We do not engage in automated decision-making that produces legal or similarly significant effects on you.

13. Notice to U.S. State Residents

This section provides additional information for residents of U.S. states with comprehensive privacy laws, including California (CCPA/CPRA), Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and Utah (UCPA).

13.1 Categories of personal information collected and disclosed

In the past 12 months, we have collected the categories of personal information described in Section 1 and have disclosed those categories to the recipients described in Section 5 for the purposes described in Section 2.

13.2 Sale and sharing

We do not sell your personal information for monetary consideration. We do not share your personal information for cross-context behavioral advertising.

13.3 Your rights

Depending on your state of residence, you may have the right to:

Know what personal information we collect, use, and disclose;
Access and obtain a copy of your personal information;
Correct inaccurate personal information;
Delete personal information;
Opt out of the sale or sharing of personal information (where applicable);
Limit the use of sensitive personal information;
Not face discrimination for exercising these rights.

To exercise these rights, contact us at hello@ophelias.ai. We will verify your identity before responding. You may also designate an authorized agent to make requests on your behalf.

13.4 Shine the Light

Under California Civil Code §§ 1798.83–1798.84, California residents may contact us to prevent disclosure of personal information to third parties for those third parties' direct marketing purposes.

14. Notice to Canadian Users

This section provides additional information for individuals in Canada. We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation.

14.1 Consent

We collect, use, and disclose your personal information with your consent, except where otherwise permitted or required by law. Consent may be express or implied depending on the sensitivity of the information and the context. You may withdraw your consent at any time, subject to legal and contractual restrictions, by contacting us at hello@ophelias.ai.

14.2 Your rights

You may request access to and correction of your personal information. We will respond within the timeframes required by applicable law.

14.3 Complaints

If you believe we have not complied with applicable privacy laws, you may contact us at hello@ophelias.ai. You also have the right to file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca or the relevant provincial authority.

15. How to Contact Us

If you have questions or concerns about this Privacy Policy or our privacy practices, please contact us at:

1001480245 ONTARIO INC. 1007-215 Lonsdale Road, Toronto, ON M4V 0B4, Canada Email: hello@ophelias.ai