Privacy Policy
Effective Date: 20 April 2025
1. Who We Are
Name Buddy AI Inc. ("NameBuddy," "we," "us") operates the website https://namebuddy.ai and related services (collectively, the "Service"). For GDPR purposes we are the controller of your personal data.
Contact
Email: [email protected]
Postal: 16192 Coastal Hwy, Lewes, DE 19958, USA
EU Representative (Article 27 GDPR): VeraSafe Ireland Ltd., 25/28 North Wall Quay, Dublin 1, Ireland.
UK Representative: VeraSafe United Kingdom Ltd., 37 Albert Emb R, London SE1 7TL, UK.
2. Information We Collect
| Category | Examples | Source |
|---|---|---|
| Account Data | Name, email, password (hashed), billing address, payment tokens (no raw card data) | You |
| Service Data | Domain-search prompts, AI outputs, copy clicks, registration clicks | You / automated |
| Usage Data | IP address, browser type, device ID, referral URL, timestamps | Automated |
| Cookie & Tracking Data | First-party cookies for sign-in; optional analytics/advertising cookies; web beacons | Automated |
| Marketing Data | Newsletter opt-ins, promo codes, campaign attribution | You / third-party partners |
3. How & Why We Use Your Data
| Purpose | GDPR Legal Basis | Typical U.S. State Basis |
|---|---|---|
| Provide & secure the Service | Art 6(1)(b) Contract | Performance of contract |
| Improve models & features | Art 6(1)(f) Legitimate interest (balanced test documented) | Legitimate interest / business purpose |
| Personalised offers & ads | Art 6(1)(a) Consent (for EEA "consent-or-pay" clarified below) | Opt-in/opt-out per state |
| Compliance & fraud prevention | Art 6(1)(c) Legal obligation | Legal obligation |
| Corporate transactions | Art 6(1)(f) Legitimate interest | Legitimate interest |
Consent-or-pay: If you refuse optional advertising cookies, you still receive core service features; any premium or ad-free tier offered will comply with EDPB Opinion 08/2024 (free, genuine choice and no unfair pressure).
4. Cookies & Similar Tech
We classify cookies as: Essential, Analytics, Advertising.
On your first visit we present a GDPR-compliant banner that (a) blocks non-essential cookies until you click "Accept all" or granular toggles, and (b) provides a Reject All button on the same layer. This aligns with EDPB Guidelines 05/2020 on consent.
You can later adjust preferences via "Cookie Settings" in the footer or through browser controls.
5. Sharing & Disclosure
- Processors & infrastructure (cloud hosting, payment, email, analytics) under written DPA/SCCs.
- Advertising & promo partners (only if you opt-in) receive hashed IDs or pseudonymous cookie IDs.
- Business transfers (mergers, acquisitions).
- Legal requests (courts, regulators) – assessed under EDPB Guidelines 02/2024 on Art 48 GDPR cross-border requests.
We do NOT sell personal data for monetary consideration as "sale" is defined by the CPRA. We may "share" data for cross-context behavioural advertising unless you opt-out.
6. International Transfers
We are U.S.-based. For EEA/UK/Swiss data we rely on:
- EU-U.S. Data Privacy Framework (if certified), or
- 2024 Standard Contractual Clauses for Importers issued by the European Commission, with supplementary measures where required.
UK addendum & Swiss annexes are appended where applicable.
7. Data Retention
| Data Type | Retention Standard |
|---|---|
| Account data | Life of the account + 90 days (backup purge) |
| Billing records | 7 years (tax law) |
| Prompts & outputs | 24 months (aggregate stats thereafter) |
| Cookie identifiers | As listed in the Cookie Settings panel (max 13 months for analytics) |
8. Security
We follow ISO 27001-aligned controls: at-rest encryption (AES-256), TLS 1.3 in transit, role-based access, regular penetration testing, incident-response plan within 72 hours (GDPR Art 33).
9. Your Privacy Rights
9.1 EU/EEA/UK/Swiss
Right to access, rectify, erase, restrict, data portability, object, and withdraw consent at any time. Lodge complaints with your local supervisory authority (e.g., DPC Ireland, ICO UK).
9.2 U.S. Residents
California (CPRA) – right to know, delete, correct, opt-out of sale/share, limit sensitive data.
Virginia, Colorado, Connecticut, Utah, Maryland, Minnesota, Vermont, etc. – similar rights to access, delete, opt-out of targeted ads and profiling.
Submit requests by email or via the self-service privacy portal; we will verify identity (two-factor email link) and respond within the statutory period (45 days extendable to 90).
Non-discrimination: Exercising rights will not result in different prices or service levels except where permissible under law (e.g., CPRA loyalty programs).
10. Children
The Service is not directed to children under 16. We do not knowingly process data from children. If you believe we have, contact us and we will delete it.
11. Changes to This Policy
We may update this Policy. Material changes will be emailed to account holders and posted here at least 15 days before taking effect. Continued use constitutes acceptance.
12. Contact Us
Questions or complaints?
Email: [email protected]
EU/UK residents may also contact our representatives above.