Privacy Policy for Ninja AI (tryninja.co)
1. Introduction to Our Privacy PolicyThis Privacy Policy outlines how Ninja AI (operated by NinjaTech AI, Inc. or its affiliates, hereinafter referred to as "Ninja AI," "we," "us," or "our") collects, utilizes, shares, and safeguards personal information when individuals interact with our website at tryninja.co and engage with our AI-powered Google Maps ranking services (collectively, "Services"). By accessing or using our Services, users implicitly consent to the collection, use, and disclosure of their information as articulated within this Privacy Policy. This policy is universally applicable to all users of our Services.While the Terms of Service for NinjaTech AI explicitly state that its "Services are controlled or operated (or both) from the United States, and are not intended to subject NinjaTech to any non-U.S. jurisdiction or law" 5, the inclusion of a wide array of international payment methods such as Alipay and WeChat Pay 3 strongly indicates an intention or capability to cater to a global user base. This presents a significant legal consideration. If the service does indeed attract users from outside the United States, particularly from the European Union or the United Kingdom, then data protection regulations like the General Data Protection Regulation (GDPR) 7 and other international privacy laws would apply, irrespective of the jurisdictional disclaimer in the Terms of Service. A comprehensive Privacy Policy should proactively address the principles of GDPR and the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA) to prepare for such international engagement. This potential discrepancy between the stated jurisdictional intent and the operational reality should be carefully reviewed by the client.
2. Information We CollectNinja AI collects various categories of information to provide and improve its Services. This includes data voluntarily provided by users, information collected automatically through their interactions with the Services, and data obtained from other sources.Personal Information Voluntarily Provided: This encompasses data that can directly or indirectly identify an individual. Examples include contact information such as name, email address, and phone number; identity details like business name and registration information; and financial and transaction data, including payment information and billing addresses.6 This information is typically provided when users register for Services, express interest in our products, participate in activities on the platform, or otherwise communicate with us.6Information Collected Automatically: As users interact with our Services, certain data is automatically gathered. This includes usage data related to internet or similar activity, such as IP addresses, online behavior patterns, interest data, and interactions with our websites, applications, and systems.6 Approximate location data may also be derived from a user's IP address.6 Furthermore, non-identifying information is collected through the use of cookies and other tracking software.9 This automatically collected data is primarily essential for maintaining the security and operational integrity of our Services, as well as for internal analytics and reporting purposes.6 The broad spectrum of data collected, from direct user input to automated usage metrics and third-party sources, necessitates a commitment to data minimization principles. This means collecting only the information strictly necessary for the stated purposes. The policy must clearly articulatewhy each type of data is collected, ensuring transparency in accordance with regulations like GDPR 7 and CCPA.10Information from Other Sources: We may also obtain personal information from external sources, such as publicly available databases and joint marketing partners.6
3. How We Use Your InformationThe information collected by Ninja AI is utilized for several key purposes to deliver, improve, and secure our Services:To Facilitate Account Creation and Management: User information is processed to enable the creation of accounts, facilitate logins, and ensure the ongoing functionality and maintenance of user accounts.6To Deliver and Facilitate Services: We use collected information to provide the requested AI-powered Google Maps ranking boost services. This includes automated profile optimization, continuous daily ranking improvements, AI-optimized updates with geotags, synchronization with relevant Google data fields, and monitoring of traffic to implement further AI-driven changes.1To Request Feedback: We may process information to contact users regarding their experience with our Services and to solicit feedback for improvements.6For Marketing and Personalization: Information is used to send marketing-related communications about our Services, new products, and company news.6 It also enables us to analyze user interests and preferences to personalize interactions and offers that are tailored to individual needs.6 Additionally, we facilitate social sharing functionality chosen by the user.6To Evaluate and Improve Services: Data helps us identify usage trends, assess the effectiveness of promotional campaigns, and continuously enhance our Services, products, marketing efforts, and the overall user experience.6 This involves analyzing how users interact with our Services to gain a deeper understanding of usage patterns.6For Legal Compliance and Security: Information is processed to maintain the security and operational integrity of our Services.6 We are legally obligated to retain basic customer information, including contact, identity, financial, and transaction data, for a period of six years after a customer ceases using our services, for tax and other regulatory compliance purposes.9For Aggregation and Anonymization: Personal information may be aggregated or anonymized so that it no longer identifies an individual. This de-identified data is then used for various purposes, as it no longer constitutes personal information.6It is important to clarify how user data contributes to the development of our AI models. While the Privacy Policy from ninjatech.ai mentions using data for "improving the platform" and "creating aggregate data" 12, it does not explicitly detail whether user input or generated output is used fortraining the underlying AI models. This distinction is paramount for AI services and is a common user concern. The pricing details for the Business plan explicitly state that "your data is never used for training models".3 This specific exclusion for Business plans implies that for other tiers (Basic, Standard, Pro, Ultra, and Max Individual plans), user datamight be utilized for model training or similar AI development purposes. This is a significant privacy consideration for users and must be explicitly addressed within this Privacy Policy to ensure full transparency and to obtain informed consent, particularly in light of GDPR's explicit consent requirements.7
4. How We Share Your InformationNinja AI may share user information with various entities under specific circumstances, always striving to uphold data protection standards.Third-Party Service Providers: Personal information is disclosed to third-party service providers who perform functions on our behalf. These services include website hosting, data analysis, payment processing, order fulfillment, fraud prevention, provision of information technology and related infrastructure, customer service, email delivery, and auditing.6 The extensive sharing of data with these providers necessitates formal Data Processing Agreements (DPAs) under regulations like GDPR 7 and requires careful due diligence to ensure these third parties adhere to Ninja AI's data protection standards.Affiliates and Business Transfers: We reserve the right to share personal information collected with our affiliates, or to transfer such information to a successor entity or to an entity that acquires substantially all of the assets of Ninja AI.9Legal Requirements and Law Enforcement: We may disclose personal information if legally compelled to do so, or if we believe in good faith that such action is necessary to comply with a legal obligation, protect and defend our rights or property, prevent or investigate potential wrongdoing related to the Services, protect the personal safety of users or the public, or mitigate legal liability.Marketing Partners: We may share personal information with selected third parties for the purpose of sending marketing communications. Information regarding these marketing partnerships, including methods to opt-out of such communications, will be provided.6 We endeavor to ensure that these third parties comply with our Privacy Policy.6User-Elected Disclosure: Users may choose to disclose personal information through specific functionalities of the Services, including when interacting with third parties. This may involve directing us to share, or consenting to our sharing of, relevant information with those third parties as part of the requested service
5. Your Data Protection RightsUsers of Ninja AI Services possess various rights concerning their personal data, which we are committed to upholding in accordance with applicable laws.General Rights (Applicable to All Users):Access: Users have the right to request access to their personal information, enabling them to receive a copy of the data we hold about them and verify its lawful processing.7Correction/Rectification: Users can request the correction of any incomplete or inaccurate personal information we hold.7Erasure (Right to be Forgotten): Users may request the deletion or removal of their personal information where there is no legitimate reason for its continued processing, or where the processing is unlawful.7 It is important to note that we may not always be able to comply with such requests for specific legal reasons, which would be communicated at the time of the request.9Objection to Processing: Users have the right to object to the processing of their personal information when we rely on a legitimate interest as the legal basis, or for direct marketing purposes.7Restriction of Processing: Users can ask us to suspend the processing of their personal information in certain scenarios, such as when they dispute the data's accuracy or when our use of the information is unlawful but they prefer not to have it erased.9Data Portability: Users can request the transfer of their personal information to themselves or to a third party in a structured, commonly used, and machine-readable format.7 This right typically applies to automated information for which consent was initially provided or where the information was used to perform a contract.9Withdraw Consent: Users have the right to withdraw their consent at any time where we rely on consent to process their personal information. This withdrawal will not affect the lawfulness of any processing carried out before consent was withdrawn, but it may impact our ability to provide certain services.7Specific Rights for California Residents (CCPA/CPRA):Right to Know: California residents can request disclosure of the categories and/or specific pieces of personal information collected about them, the sources of that information, the purposes for which it is used, and the categories of third parties with whom it is shared.10Right to Opt-Out of Sale/Sharing: Residents can direct businesses not to sell or share their personal information, including through the Global Privacy Control (GPC).10 Businesses are prohibited from selling or sharing personal information after receiving an opt-out request unless subsequently authorized by the consumer.10Right to Limit Use and Disclosure of Sensitive Personal Information: Consumers can direct us to limit the use of sensitive personal information (e.g., financial account information, precise geolocation) to only limited purposes.10Non-Discrimination: Generally, we are prohibited from discriminating against users for exercising their CCPA rights.10Notice at Collection: Users have the right to be informed, at or before the point of collection, about the types of personal information being collected and how it may be used.10Methods for Requests: Businesses must provide at least two methods for submitting these requests, such as an email address or a website form.11 A clear "Do Not Sell or Share My Personal Information" link is often required in the website footer.11Specific Rights for EU/UK Residents (GDPR):GDPR reinforces the general rights with a strong emphasis on consent being explicit, informed, specific, granular, unambiguous, and easily withdrawable.7 Data sovereignty principles dictate that data protection laws apply based on the location of the data subject, not solely the data processor.7 Furthermore, in the event of a data breach, notification to the relevant supervisory authority is required within 72 hours, and affected customers must be informed immediately if the breach poses a high risk to their rights and freedoms.8Implementing these diverse data protection rights, particularly across different jurisdictions like GDPR and CCPA, necessitates robust internal processes, dedicated communication channels (e.g., a specific privacy email address or web form), and potentially the designation of a Data Protection Officer (DPO) or an equivalent role. The Privacy Policy must not merely list these rights but also provide clear, practical instructions on how users can exercise them. Internally, Ninja AI needs to ensure its data management systems and personnel are adequately equipped to handle these requests efficiently and in full compliance with legal requirements.
6. Data Security and RetentionNinja AI is committed to protecting user data through a combination of technical and organizational measures. We implement industry-standard security practices, including encryption of data both at rest and in transit, and strict access controls to limit who can view or modify customer data.7 Our platform operates on enterprise AI technology, the same caliber used by Fortune 500 companies, which provides top-graded AI capabilities, enterprise-level security, and adherence to Google's compliance standards.1 While "enterprise security" is a strong general statement, the policy benefits from mentioning more specific, yet non-sensitive, descriptions of security practices, such as security audits and employee training, to further build user trust.Regarding data retention, we are legally required to retain basic information about our customers, including contact, identity, financial, and transaction data, for a period of six years after they cease being customers, primarily for tax and other legally mandated purposes.9 Beyond these legal obligations, we retain personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
7. International Data TransfersGiven the implied global reach of our services, as evidenced by the support for various international payment methods 3, and the stated location of our servers in the United States 5, personal information collected by Ninja AI may be transferred to, stored, and processed in countries other than a user's own, including the United States. This section directly addresses the potential conflict between the US-centric jurisdictional statement in the Terms of Service and the operational reality of serving a global user base.We are committed to taking all reasonably necessary steps to ensure that user data is treated securely and in accordance with this Privacy Policy and applicable data protection laws. For transfers of personal data from the European Union or the United Kingdom, we will implement appropriate legal mechanisms, such as Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs), to ensure compliance with GDPR requirements.7 This commitment to international data transfer safeguards is crucial if Ninja AI anticipates or serves non-US users, providing transparency and demonstrating adherence to global privacy standards.
8. Changes to This Privacy PolicyNinja AI may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. Any modifications will be effective upon posting the revised Privacy Policy on this page, and the "Last Updated" date will be updated accordingly. Users are encouraged to review this Privacy Policy regularly for any changes.
9. Contact UsFor any inquiries or concerns regarding this Privacy Policy or to exercise your data protection rights, please contact us at help@tryninja.co . We are committed to responding to all legitimate requests in accordance with applicable legal requirements.