How SereChat collects, uses, shares, and protects your personal data.
Welcome to SereChat, a product of Luvarly. We respect your privacy and are committed to protecting your personal data in compliance with applicable laws, including the General Data Protection Regulation (GDPR) in the European Union/EEA, the California Consumer Privacy Act (CCPA), and other applicable data protection legislation. This Privacy Policy explains how we collect, use, share, and safeguard your information when you use our service.
By using SereChat, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our service.
When you register and use SereChat, we may collect the following categories of information:
We process your personal data on the following legal bases under Article 6 of the GDPR:
Your data is used strictly to provide and improve the SereChat service:
SereChat uses only strictly functional cookies. We do not use tracking, analytics, or advertising cookies.
We do not sell your personal data. However, to provide our service, your data is shared with the following categories of third-party processors. Each sub-processor is contractually bound to process data only as instructed by us and to implement appropriate security measures.
AI Model Providers (Chat & Text Generation)
When you send a chat message, your conversation content (including messages, system context, character data, and any attached files) is transmitted to third-party AI model providers for processing. We route requests through an AI gateway service, which in turn may forward your data to the specific model provider you have selected. These upstream providers include companies such as OpenAI, Anthropic, Google, and others.
Important: Some AI model providers may use data submitted via their APIs to improve or train their models, unless you or we have opted out. While many major providers (e.g., OpenAI, Anthropic) currently state that API data is not used for training by default, policies vary by provider and may change over time. We recommend that you do not share sensitive personal information (such as real names, addresses, financial details, or health information) in your chat conversations. SereChat displays the model name in the interface so you can see which provider is processing your data.
Media Generation Providers
When you use image, SVG, music, or video generation features, your prompts and any reference images or files you upload are transmitted to third-party generation services to produce the requested output. Generated outputs are downloaded and stored on our infrastructure.
Infrastructure & Storage
Our application is hosted on Cloudflare's global edge network. Your data (database records, uploaded files, generated media, and vector embeddings for memory features) is stored using Cloudflare's infrastructure services (Workers, D1, R2, Vectorize, and Workers AI for text embeddings). Cloudflare acts as a data processor and does not use customer data to train AI models.
Payment Processing
Subscription billing and credit purchases are handled by Stripe. When you make a purchase, you interact directly with Stripe's payment form. We never receive or store your full credit card number. Stripe is PCI-DSS Level 1 certified.
Email Services
Transactional emails (verification codes, password resets) are sent through a third-party email delivery service. Only your email address, display name, and the relevant code are shared.
Authentication
If you choose to sign in with Google, we receive your name, email address, and profile picture URL through Google's OAuth 2.0 protocol. Google does not receive any of your SereChat usage data.
External Resources
Our application loads fonts from Google Fonts and stylesheets from a CDN (jsDelivr). These services may receive your IP address and standard HTTP request headers when your browser fetches these resources. No personal content data is shared with them.
SereChat does not support customer-supplied API keys or tokens. When you use chat or generation features, your data is processed through SereChat-managed provider accounts and infrastructure. The relevant third-party provider still receives the data needed to complete your request, and its privacy terms may apply to that processing.
We implement robust security measures to protect your information from unauthorized access, alteration, or destruction, including:
We retain your personal data for as long as your account is active and as needed to provide the service. Specifically:
Upon account deletion, all associated personal data (sessions, Anima data, memories, uploaded files, generated media, usage logs, and authentication tokens) is permanently and irreversibly erased from our systems.
Your data is processed on Cloudflare's global edge network, which operates data centers worldwide, including in the United States and other countries outside the EU/EEA.
Additionally, when your chat messages are processed by AI model providers, your data may be transferred to and processed in various jurisdictions, including the United States and other countries. Some AI models available through our service are operated by providers based in jurisdictions that may not have data protection laws equivalent to those in the EU/EEA.
For transfers of personal data outside the EU/EEA, we rely on:
If you have concerns about data being processed in specific jurisdictions, you may choose to use only AI models operated by providers in jurisdictions with adequate data protection standards.
Depending on your jurisdiction, you have the following rights regarding your personal data:
To exercise any right that cannot be self-serviced through the application, please contact us at privacy@serechat.com. We will respond within 30 days (or within the timeframe required by applicable law).
SereChat is not intended for children under the age of 13. We do not knowingly collect personal data from children under 13. If we become aware that we have collected personal data from a child under 13, we will take steps to delete that information promptly. If you believe we may have collected data from a child under 13, please contact us at privacy@serechat.com.
We may update this Privacy Policy from time to time. Material changes will be communicated via email or an in-app notice. The "Last updated" date at the bottom of this page reflects the most recent revision. Continued use of SereChat after notification constitutes acceptance of the updated Privacy Policy.
If you have any questions or concerns regarding this Privacy Policy, or wish to exercise any of your data protection rights, please contact the Luvarly data protection team:
If you are located in the EU/EEA and believe your data protection rights have not been adequately addressed, you have the right to lodge a complaint with your local Data Protection Authority. For residents of the Netherlands, this is the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).