Privacy Policy

Welcome to THE NANOVERSE, a unified AI-powered creative ecosystem. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and its interconnected applications including Aura Labs, Vector Labs, Cognitive Canvas, NANOVERSE Studio, Blueprint Architect, Team App, Deep Research Engine, LightBook, and Forge Builder.

THE NANOVERSE is a web application platform providing AI-powered creative tools for generating images, videos, music, code, text, 3D models, and research documents. By accessing or using THE NANOVERSE, you agree to this Privacy Policy. If you do not agree with the terms of this policy, please do not access the platform.

We collect information necessary to provide our AI-powered creative services. Here is exactly what we collect:

Account Registration Data:

• Username: A unique identifier you choose (3-50 alphanumeric characters)
• Email Address: Used for account recovery and important notifications
• Password: Stored only as a cryptographic hash (never in plain text)
• Full Name: Optional display name (up to 120 characters)

Profile & Personalization Data:

• Interests: Topics you select to personalize your experience (up to 50 items)
• Work Type: Your profession or role (e.g., developer, designer, student)
• Preferred Categories: Content categories for your discovery feed
• Onboarding Status: Whether you have completed initial setup

Subscription & Payment Data:

• Subscription Plan: Your current tier (Explorer/Free, Pro, or Monk)
• Credits Balance: Your available AI generation credits
• Stripe Customer ID: Links your account to Stripe for payment processing
• Payment Details: Credit card and billing information is processed and stored exclusively by Stripe—we never see or store your full card numbers

Google OAuth Data (if you sign in with Google):

• Google User ID (sub): A unique identifier from Google for account linking
• Email & Profile: Your Google email address and basic profile information
• Access Tokens: Short-lived tokens stored to maintain your session
• Refresh Tokens: Stored securely to keep you logged in

Project & Content Data:

• Vector Labs Projects: Code files, project structure, and development history
• Aura Labs Projects: Generated images, 3D models, videos, and creative assets
• Studio Projects: Text, code, music, conversations, and data analyses you generate
• Team Projects: AI agent configurations, communication logs, and virtual file systems
• LightBooks: Documents, notes, and archived search results
• Blueprint Projects: Project roadmaps and architectural plans
• Deep Research Sessions: Research queries, results, claims, and knowledge graphs

Social & Community Data:

• Social Posts: Content you share publicly on THE NANOVERSE community
• Follows & Likes: Users you follow and content you like
• Comments & Reactions: Your interactions with other users' content
• Messages: Private messages sent through the platform
• Notifications: Activity alerts and updates

Usage & History Data:

• Search History: Your Cognitive Canvas search queries and timestamps
• Conversation Logs: Episodic memory of your interactions with our AI assistant "Light"
• Feature Interest: Features you've expressed interest in accessing
• Persistent Login Sessions: Secure tokens for "Remember Me" functionality

We use your information exclusively to provide and improve THE NANOVERSE services:

• Authentication: Verify your identity when you log in using JWT tokens
• AI Generation: Process your prompts and inputs through our AI services (Groq, Fal.ai, OpenAI) to generate content
• Credit Management: Track your credit balance and deduct credits when you use AI features
• Project Storage: Save your projects, assets, and documents in our MongoDB database
• Personalization: Customize your discovery feed and recommendations based on your interests
• Memory & Context: Store conversation history so our AI can provide contextually relevant responses
• Social Features: Enable community interactions including posts, follows, likes, and messaging
• Payment Processing: Process subscriptions through Stripe and sync your billing status
• Code Execution: Run your code in isolated Docker containers (Vector Labs sandbox feature)

THE NANOVERSE integrates with the following third-party services to provide our features. Your data may be shared with these providers as necessary:

AI & Generation Services:

• Groq Cloud: Large language model (LLM) API for text generation, reasoning, and chat functionality
• Fal.ai: Image generation, 3D model creation, video generation, music composition, and audio processing
• OpenAI: GPT models for advanced reasoning and the Deep Research Engine

Payment & Billing:

• Stripe: All payment processing, subscription management, and billing. We store only your Stripe customer ID—Stripe handles all sensitive payment data

Authentication:

• Google OAuth 2.0: Optional sign-in method. We receive your email, name, profile picture, and a unique ID from Google

Search & Discovery:

• Google Custom Search API: Powers web search features in Cognitive Canvas and Deep Research Engine

Optional Storage Services (if configured):

• MongoDB Atlas: Cloud database hosting for user data and projects
• S3-Compatible Storage: Object storage for larger project assets (optional)
• Cloudinary: Image and media asset storage (optional)
• LiveKit: Real-time communication for collaborative features (optional)

We do not sell your personal information. Each third-party service operates under its own privacy policy, and we only share the minimum data necessary for their services to function.

We implement specific security measures to protect your data:

• Password Hashing: Passwords are hashed using bcrypt with SHA-256 (bcrypt_sha256). We also support legacy PBKDF2 for existing accounts with automatic upgrade on login
• JWT Authentication: Access tokens are signed using an algorithm with a cryptographic secret key and expire after 30 days
• Persistent Login Security: "Remember Me" tokens are one-time use, regenerated on each validation, hashed before storage, and expire after 30 days
• Transport Security: All data in transit is encrypted using HTTPS/TLS
• Sandbox Isolation: User code in Vector Labs runs in isolated Docker containers with resource limits and automatic cleanup after 15 minutes of inactivity
• HTML Sanitization: User-generated HTML content is sanitized using bleach to prevent XSS attacks
• CORS Protection: Cross-origin requests are controlled via configurable CORS policies
• Webhook Signatures: Callbacks from external services are validated using HMAC-SHA256 signatures

While we implement strong security practices, no system is completely secure. We encourage you to use a unique, strong password and keep your credentials confidential.

THE NANOVERSE uses cookies and browser storage for essential functionality:

• Authentication Cookies: Store your JWT access token to keep you logged in
• Persistent Login Cookies: Store a secure token for "Remember Me" functionality (30-day expiration)
• Local Storage: Cache project data, editor state, and user preferences for better performance
• Session Storage: Temporary data for your current browsing session

We do not use third-party tracking cookies or advertising pixels. The cookies we set are strictly for platform functionality.

You have control over your data on THE NANOVERSE:

• Access Your Data: View your profile, projects, and stored content through your account dashboard
• Update Your Information: Edit your profile, interests, and preferences at any time via profile settings
• Delete Projects: Remove individual projects from any Lab or Studio
• Delete Your Account: Request complete deletion of your account and associated data
• Export Content: Download your generated content and projects
• Revoke Google Access: Disconnect Google OAuth through your Google account settings
• Manage Subscriptions: Modify or cancel subscriptions through the Stripe billing portal

To exercise these rights, access your account settings or contact us directly.

We retain your data as follows:

• Account Data: Retained while your account is active
• Projects & Content: Stored indefinitely unless you delete them or your account
• Search History: Stored to improve your experience and provide personalized results
• Conversation Memory: Episodic and semantic memories are stored to maintain AI context
• Persistent Login Tokens: Automatically expire after 14 days
• Docker Sandboxes: Automatically cleaned up after 15 minutes of inactivity
• Credit Reset Tracking: Your credit balance resets monthly based on your subscription

Upon account deletion, we remove your personal data from active databases. Some data may be retained in encrypted backups for a limited period as required for legal or operational purposes.

THE NANOVERSE is not designed for or directed at children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal information from children.

If you are a parent or guardian and believe your child has created an account or provided personal information on THE NANOVERSE, please contact us immediately. We will take steps to delete such information and terminate the account.

We may update this Privacy Policy as our platform evolves. When we make changes:

• We will update the "Last Updated" date at the top of this page
• For material changes, we will provide notice through the platform or via email
• Your continued use of THE NANOVERSE after changes constitutes acceptance of the updated policy

We encourage you to review this policy periodically to stay informed about how we handle your data.