Privacy Policy

MSN complies with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) when we collect, hold, use, and disclose personal information about individuals in Australia.

This Privacy Policy applies to personal information processed when you use the Platform, communicate with support, or interact with marketing properties we control.

"Personal information" means information that identifies or relates to an identified or identifiable individual. Aggregated or de-identified information that cannot reasonably be linked back to you is not personal information.

Account and profile data: name, username, email address, password hash, avatar, preferences, language, marketing opt-ins, and verification status.

Billing and transaction data: payment instrument tokens, billing address, purchase history, subscription state, invoices, tax identifiers where required, and fraud signals from processors.

Technical and usage data: IP address, approximate geolocation derived from IP, device identifiers (such as advertising IDs where permitted and resettable device IDs), browser type and version, operating system, referrer URLs, pages viewed, session timestamps, clickstream, crash logs, and performance diagnostics.

Communications: messages you send to support, survey responses, and metadata about in-app messages necessary to deliver chat (including routing, moderation logs, and abuse-prevention signals).

Creator and fan content: media uploads, gallery and vault metadata, chat transcripts where stored for delivery, replay, safety, or legal compliance, and reports submitted by users.

We collect information directly from you, automatically through your device and our servers, from payment processors and identity verification vendors, and in limited cases from public sources or partners where permitted by law.

We process personal information to provide and personalize the Platform, authenticate users, process payments, prevent fraud and abuse, conduct security monitoring, comply with legal obligations, improve reliability and performance, communicate service and policy updates, and analyze aggregate usage trends.

Where GDPR applies, we rely on legal bases such as performance of a contract, legitimate interests (balanced against your rights), consent where required, and legal obligation. Where consent is the basis, you may withdraw it without affecting prior processing that was lawful.

MSN uses transient processing of chat data to facilitate AI Digital Twin interactions. Short-lived conversation context may also be held in your browser’s session storage while you use the product; that device-side state is separate from records we store on our servers for delivery, safety, or legal compliance, as described in our Cookie Policy. We do not sell your private conversations to third-party data brokers.

We implement 'Privacy by Design' to ensure that AI Twin prompts are stripped of unnecessary PII (Personally Identifiable Information) before being sent to our LLM subprocessors.

We use automated systems, including large language models, to power AI Twin conversations. Operational processing of chat content is required to generate responses, enforce safety policies, investigate reports, and maintain session integrity.

Unless we expressly notify you otherwise in-product or in a supplemental notice, we do not use your private chat transcripts to train general-purpose foundation models for unrelated products. We may use de-identified, aggregated, or differentially private statistics (for example, token volume, category-level safety outcomes, or latency metrics) to improve reliability, moderation, and product design.

Where optional research or model improvement programs apply that could involve pseudonymous conversation snippets, we will provide clear notice and, where required by law, obtain opt-in consent or offer opt-out mechanisms. Creators may have additional controls where productized.

You should not paste highly sensitive personal data into chat. Even with safeguards, generative systems may inadvertently surface or store content in ways you do not intend.

We use cookies, local storage, session storage, pixels, and SDKs for authentication, preferences, analytics, and fraud prevention. Our Cookie Policy describes categories, retention, and browser controls, including how session-scoped storage may hold transient AI Twin chat context on your device.

We disclose personal information to vendors who assist with hosting, CDN, databases, email delivery, analytics, customer support tooling, payments, tax, identity verification, content moderation, and security operations. Contracts require processors to use data only on our instructions and implement appropriate confidentiality and security measures.

Your data may be stored or processed in Australia, the United States, and the European Union. By using the Platform, you consent to the transfer of information to these jurisdictions, where we ensure our vendors (such as Supabase, Stripe, and Fal.ai) maintain high-level security standards.

Where overseas disclosure is required by the Privacy Act 1988 (Cth), we take steps that are reasonable in the circumstances so that overseas recipients handle personal information in a way that is consistent with the APPs, except where a permitted exception applies. Where GDPR applies, we may rely on transfer mechanisms such as Standard Contractual Clauses and supplementary measures assessed in light of applicable guidance.

We retain personal information for as long as your account is active and for a reasonable period afterward to resolve disputes, enforce agreements, comply with law, and maintain backups. Retention periods vary by category; for example, billing records may be retained longer than transient server logs.

We implement administrative, technical, and organizational measures designed to protect personal information. No method of transmission or storage is completely secure; you use the Platform at your own risk.

To investigate reports, respond to lawful requests, prevent fraud and abuse, and enforce our Terms of Service and Acceptable Use Policy, authorised MSN personnel may access personal information and user content—including public gallery and Secret Vault uploads—on a need-to-know, role-restricted basis. This access is not used for advertising profiling or unrelated commercial purposes.

We log and restrict administrative access in line with our security programme and the safeguards described in our Terms of Service under Platform safety and moderation.

Depending on applicable privacy law in your jurisdiction, you may have rights to access, rectify, delete, restrict, or object to certain processing, and to data portability. To exercise rights, contact us via Support with sufficient detail for us to verify your identity.

Australian users have the right to access and correct personal information under the Privacy Act 1988 (Cth). If you are unsatisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC).

Where other privacy laws apply, you may lodge a complaint with the competent supervisory authority for your region.

The Platform is not directed to children under the age required in our Age Policy, and we do not knowingly collect personal information from them. If you believe we have collected such information, contact us promptly.

We will post updates on this page and revise the "Last updated" date. Where changes materially affect your rights, we will provide additional notice as required by law.