Privacy Policy

AKAPULU PRIVACY POLICY Last updated: 2026-03-24 This Privacy Policy explains how Akapulu LLC ("Akapulu," "we," "us," or "our") collects, uses, discloses, and retains personal information when you use our websites, applications, APIs, and related services (collectively, the "Services"). By using the Services, you acknowledge this Privacy Policy. 1. Scope This Privacy Policy applies to: - individual users of Akapulu websites and applications, and - developer/API users and organizations using Akapulu APIs and integrations. When Akapulu provides Services to a business customer under a separate contract, Akapulu may process information on that customer's behalf as a service provider/processor. In those cases, that customer's contract with Akapulu may control certain processing terms. If your data is processed on behalf of one of our business customers, requests about that data may need to be directed to that customer first. Website usage terms are addressed separately at https://akapulu.com/website-terms. 2. Information We Collect We may collect the following categories of information: 2.1 Account and profile information - account identifiers and contact information (such as first name, last name, and email address), - authentication/account metadata, - plan and account configuration details. 2.2 Avatar and training information - video and audio media recorded by users through Akapulu avatar creation workflows, - voice and likeness data used for avatar creation, - derived files and model-related artifacts generated in processing pipelines, - avatar metadata (such as description and public/private settings). If you choose to make an avatar public, that avatar may be displayed in catalog/public contexts within the Services and made available for use by other logged-in Akapulu users in real-time conversations. 2.3 Conversation and interaction information - conversation session metadata, - transcript content and transcript metadata, - recording-related metadata, including recording identifiers, references, links, and status data for recordings processed or stored by third-party media providers, - conversation configuration and tool settings. 2.4 Developer and integration information - API key metadata, - endpoint configuration data, - stored secret configuration values, - request/response operational metadata. 2.5 Knowledge base and document information - uploaded documents and metadata, - embeddings/vectorized content and retrieval metadata. 2.6 Billing and usage information - billing/customer and subscription metadata, - usage metrics (for example minutes, concurrency, and usage limits), - payment-related metadata from billing processors. 2.7 Device, log, and operational data - service logs, timestamps, performance/error diagnostics, and security events, - technical metadata such as IP address, device/browser details, request metadata, and general usage telemetry. 2.8 Information about other people you upload or configure If you upload or submit personal information about another person (for example face/voice media, contact details, or identifying information), you represent that you have all rights and permissions required to do so. 3. Sensitive and Biometric-Related Information Our Services process voice and visual likeness data to create and operate avatars. Depending on applicable law, this may be treated as biometric or biometric-related information. Examples may include facial geometry inferred from in-app recorded video and voice characteristics inferred from in-app recorded audio. We use this information to provide avatar creation and operation features, improve service quality/model performance, and support security, abuse prevention, and legal compliance. You are responsible for obtaining all legally required notices, rights, and consents for any person whose voice, image, likeness, or personal data you submit to the Services. 3.1 Biometric Data Notice Where required by applicable law, this section serves as notice regarding biometric or biometric-related processing. We may collect, infer, use, store, and process biometric or biometric-related data included in user-submitted media to provide avatar functionality, identity and misuse controls, safety and abuse prevention, legal compliance, and model/platform improvement. We may disclose this data to service providers only as necessary to deliver the Services and only subject to contractual data protection obligations. We retain biometric or biometric-related data according to the retention principles in this Policy, including operational, legal, safety, and compliance needs, and may delete or de-identify such data when no longer required. 4. How We Use Information We use personal information to: - provide, operate, maintain, and improve the Services, - create and run avatars and related AI features, - process recordings, transcripts, and conversation flows, - support developer and API functionality, - enforce safety, abuse prevention, fraud prevention, and security, - manage billing, metering, and account limits, - comply with legal obligations and respond to lawful requests. We may also use submitted and generated content to develop, evaluate, maintain, and improve our models and platform performance. If you want to opt out of model-improvement use of your content, contact william@akapulu.com. We review and process opt-out requests in good faith according to operational and legal constraints. Opt-out requests may apply prospectively and may not require removal of prior training, derived artifacts, safety records, or previously completed processing. 5. How We Share Information We may share information with: - infrastructure and hosting providers, - realtime media, transcription, and AI processing providers, - storage/database and data-processing providers, - payment and billing processors, - security and compliance providers, - professional advisors and legal/compliance recipients where required. For biometric/conversation media processing (where used), providers may include third parties used for cloud infrastructure, realtime media, speech processing, model serving, and related operations. For other service functions, providers may include third parties used for billing, payments, database infrastructure, security, and AI/ML functionality. A list of subprocessors may be made available upon request. We may also disclose information: - to comply with law, regulation, legal process, or government request, - to protect rights, safety, security, and prevent abuse/fraud, - in connection with a merger, acquisition, reorganization, financing, or sale of all or part of our business. 6. Sales and Advertising We do not sell personal information. We do not share personal information for cross-context behavioral advertising. 7. Cookies and Similar Technologies We do not currently use cookies for advertising or cross-site tracking. We may use necessary technical mechanisms (for example session/local storage or equivalent functionality) required to operate core service features. 8. Data Retention We retain information for as long as reasonably necessary for business operations, model/platform improvement, security, safety, abuse prevention, legal compliance, dispute resolution, and enforcement. Retention periods vary by data type and legal/operational requirements. Depending on service operations and legal requirements, some data may be retained long-term or indefinitely unless deletion is requested and applicable law requires or permits deletion. We may delete, de-identify, or aggregate data when no longer needed, subject to legal and operational exceptions. If you request that a public avatar be removed, we will stop future platform-wide use of that avatar. You may also request broader data deletion by contacting us. Certain records may still be retained where required or permitted by law, including conversation recordings already created using that avatar. 9. Your Privacy Rights and Requests Depending on your jurisdiction, you may have rights to request: - access to personal information, - correction of inaccurate personal information, - deletion of personal information, - portability of certain data, - information about our data practices. You may also request that an avatar be switched from public to private by contacting us. To submit a privacy request, contact: william@akapulu.com If your data is processed by Akapulu on behalf of a business customer, we may direct you to submit your request to that customer and coordinate with that customer as required by applicable law and contract. We may request information to verify your identity and authority before fulfilling a request. We respond within timelines required by applicable law. In some cases, we may decline or limit requests where permitted by law, including for security, fraud prevention, legal compliance, or technical/operational reasons. Where permitted by law, you may submit a request through an authorized agent. We may require proof of the agent's authority and may still require identity verification from you directly. If we deny your request, you may contact us to appeal or request additional review at william@akapulu.com. We will not unlawfully discriminate against you for exercising applicable privacy rights. 10. California Privacy Disclosures For California residents, this section summarizes our practices under applicable California privacy law (including CPRA, where applicable): - categories collected: identifiers, account data, audio/video content, transcript and interaction data, internet/network activity, usage and billing metadata, and other information described in this Policy, - purposes: service delivery, security/fraud prevention, billing, legal compliance, and service/model improvement, - sources: directly from users, from user-integrated tools/configurations, and from service providers, - disclosures: to service providers, contractors, and other recipients described above for business purposes, - sale/share: we do not sell personal information and do not share personal information for cross-context behavioral advertising. California residents may submit requests using william@akapulu.com. 11. International Data Processing If you access the Services from outside the United States, your information may be processed and stored in the United States or other jurisdictions where our providers operate. Data protection laws in those jurisdictions may differ from those in your location. 11.1 Notice for EEA/UK users If you are located in the EEA or UK, where applicable we process personal data under one or more of these legal bases: contract necessity, legitimate interests, legal obligations, and consent. Where personal data is transferred internationally, we use legally recognized transfer mechanisms where required by applicable law (for example, adequacy decisions, standard contractual clauses, or comparable lawful mechanisms). 12. Security We use reasonable administrative, technical, and organizational safeguards designed to protect personal information. However, no system is completely secure, and we cannot guarantee absolute security. 13. Children's Privacy The Services are not directed to children. You must be 18 or older to use the Services. 14. Changes to This Privacy Policy We may update this Privacy Policy from time to time. For material updates, we may provide notice by email, in-product notice, posting, or similar means. Updates are effective when posted unless otherwise stated. Your continued use of the Services after an update means you acknowledge the updated Policy applies. Previous versions may be available upon request. 15. Contact Akapulu LLC Email: william@akapulu.com Mail: c/o UNITED STATES CORPORATION AGENTS, INC. (1505 Corporation), 500 N Brand Blvd, Suite 890, Glendale, CA 16. Other Sites and Services The Services may link to or interoperate with third-party websites, applications, and services. We are not responsible for the privacy practices of third parties, and you should review their policies separately.