KIARA SPICY
Privacy Terms Refunds Cookies Acceptable use

Legal

Privacy Policy

A clear privacy document for an 18+ AI content platform: accounts, uploads, prompts, payments, credits, model providers, voice features, analytics, retention, and deletion.

Last updated May 27, 2026

Kiara Spicy is operated from the Netherlands. Operator KVK registration details will be added when the production entity is finalized.

On this page

OverviewWho We AreData We CollectHow We Use DataAI Model and Provider ProcessingGoogle Login and OAuth DataHow We Share DataCookies and Browser StorageRetention and DeletionSecurityYour RightsInternational ProcessingChildren and MinorsChanges to This Policy

Read first

Overview

Kiara Spicy is an adults-only AI content creation platform. The service lets signed-in users buy credits, upload references, write prompts, use AI chat and voice assistance, generate images and videos, manage outputs, and publish selected creations.

This Privacy Policy explains what we collect, why we collect it, who may process it, how long we keep it, and how you can ask us to access, correct, delete, or export it.

For privacy questions, deletion requests, account questions, Google OAuth review, or provider-data questions, contact us at kacinka74@gmail.com.

Kiara Spicy is 18+ only. Do not use the service if you are under 18, or under the age required to view adult content in your location.

Who We Are

Kiara Spicy (kiaraspicy.com) is operated under the Kiara Intelligence brand. The operator is based in the Netherlands and subject to Dutch and European Union law, including the General Data Protection Regulation (GDPR / AVG).

For legal, privacy, data-protection, and developer-console notices, use the contact email listed in the overview above. For physical correspondence, contact us by email first to request a mailing address.

We are registered with the Netherlands Chamber of Commerce (KVK). Registration details will be published on this page when the production entity is finalized. In the meantime, the operator can be reached via the contact email above.

The service is in beta. Some model lanes, payment methods, voice features, dashboard tools, and account settings may change as the platform moves toward full production.

Data We Collect

Account and login data

  • Email address when you use email magic-link login.
  • Telegram profile data when you use Telegram login, including Telegram id, username, display name, and profile photo where provided.
  • Google account data when Google login is enabled, limited to login/account information such as email, name, profile image, and Google account identifier.
  • Internal user id, session issue time, last seen time, visit count, country, browser, device type, and a short login history used for security and account support.

Generation, chat, and workspace data

  • Prompts, negative prompts, model selections, aspect ratios, durations, resolution choices, quality settings, seeds, reference tags, and generation metadata.
  • Uploaded reference images and videos, generated outputs, thumbnails, published feed posts, attachment records, and deletion records.
  • Chat messages, AI assistant context, Lexa Canvas notes when enabled, voice-call metadata, tool results, and task status used to make the assistant and UI work.
  • Model output status, provider errors, content-filter outcomes, refund events, and retry/debug data.

Payment and credit data

  • Credit purchases, subscription-pack selections, invoice ids, order numbers, payment provider, payment status, amount, currency, credits granted, credits debited, refunds, expiry dates, and ledger metadata.
  • For crypto payments, the payment provider may process blockchain transaction details, wallet-side metadata, exchange-rate data, and network-fee information. Kiara Spicy does not store your private wallet keys.
  • For card payments if enabled, payment information is handled by the card processor. We do not intentionally store full card numbers on our own servers.

Device, analytics, and security data

  • Page path, referrer, country, region, city, browser, operating system, device type, session id, click/view/scroll/video/error events, form-focus events, page performance metrics, and presence status.
  • IP addresses are used server-side for security, rate limits, fraud prevention, geolocation, and analytics. Where our code stores an IP-derived identifier for analytics, it stores a hash rather than the raw IP.
  • Server logs, error logs, abuse signals, content-filter results, rate-limit decisions, and operator alerts.

How We Use Data

  • Provide accounts, login, sessions, dashboard, library, chat, voice assistant, credits, payments, uploads, generation, polling, delivery, deletion, and support.
  • Send prompts, references, settings, and relevant metadata to AI model, workflow, voice, search, payment, hosting, email, and authentication providers when needed to perform the user-requested action.
  • Maintain the credit ledger, prevent double-spend, create invoices, confirm payment webhooks, issue automatic credit refunds on eligible failures, and show receipts.
  • Detect abuse, prevent fraud, enforce the Terms, enforce the Acceptable Use Policy, rate-limit endpoints, investigate security events, and comply with legal obligations.
  • Improve reliability, latency, user experience, model routing, prompt UX, safety filters, dashboards, and support workflows.
  • Measure traffic, conversions, feature usage, errors, page performance, and active presence. We do not currently run behavioral advertising or sell personal data.

AI Model and Provider Processing

When you generate content, ask the AI assistant for help, upload a reference, use voice calling, or request a model feature, your prompts, references, outputs, and settings may be processed by third-party AI and infrastructure providers.

These providers may include, depending on the feature and deployment: OpenAI, Google/Gemini, xAI, DeepSeek, Runware, RunningHub, WaveSpeed, Cartesia, Cloudflare, payment providers, email providers, and other model or workflow partners integrated into Kiara Spicy.

Provider names shown in the UI may be Kiara-branded for simplicity. We do not expose confidential node ids, workflow ids, internal provider urls, API keys, or backend routing details to users.

  • AI outputs can be inaccurate, unexpected, delayed, blocked, filtered, or unavailable.
  • Model providers may apply their own safety systems, content policies, logging, retention, moderation, security review, or legal-compliance processes.
  • Do not upload content that you do not have the right to use. Do not upload private images of another person unless you have permission and a lawful reason.

Google Login and OAuth Data

If you use Google login after it is enabled, Kiara Spicy uses Google OAuth only to authenticate you and create or access your Kiara Spicy account.

We do not use Google account data for advertising, sell it, or transfer it except as needed to provide the login/account feature, comply with law, prevent fraud or abuse, or protect the service.

We only request the minimum Google account scopes needed for sign-in. If the Google login setup changes, this policy will be updated before broader production use.

How We Share Data

We share data only where necessary to operate the service, process user requests, protect the platform, or comply with law.

  • Hosting, storage, security, and edge infrastructure providers, including Cloudflare services used to serve pages, storage, functions, and abuse protection.
  • AI model, workflow, voice, search, and captioning providers that process prompts, references, generated content, audio, tool requests, or model selections.
  • Payment providers, including crypto-payment and card-payment processors where enabled, so invoices, payments, webhooks, fraud checks, and receipts can work.
  • Authentication and communication providers, including Telegram, Google login when enabled, and email delivery providers.
  • Law enforcement, courts, regulators, rights holders, or safety organizations when required by law or when we reasonably believe disclosure is necessary to prevent serious harm, protect minors, investigate abuse, or defend legal rights.
  • A successor entity if the service is merged, sold, financed, reorganized, or transferred, subject to reasonable privacy protections.

Cookies and Browser Storage

We use essential cookies and browser storage to keep you signed in, remember age-gate confirmation, remember language or local UI state, and secure requests. We also use lightweight analytics and presence beacons to understand service performance and abuse patterns.

Read the Cookie Policy for the detailed cookie and browser-storage list.

Retention and Deletion

We keep data only as long as needed for the service purposes described in this policy, unless law, security, abuse prevention, accounting, tax, chargeback, or dispute obligations require a longer period.

  • User session cookies are designed to last up to 90 days unless you sign out or we invalidate sessions.
  • Credit ledger records, invoices, payment events, refunds, and subscription expiry records may be kept for accounting, dispute, fraud, and legal compliance.
  • Current invoice records are stored for a limited operational period, and per-user invoice indexes may be retained longer so the dashboard and support tools can show payment history.
  • Generated media and uploaded references remain available until you delete them, delete your account where supported, or we remove them for policy, security, storage, or legal reasons.
  • When you delete a generation, we remove the generation record and attempt to delete related stored media. Backups, CDN caches, logs, provider records, payment records, abuse records, and legal holds may persist for a limited period.
  • Public posts, shared URLs, or content that other users have already accessed may remain visible in cached or copied forms outside our control.

Security

We use technical and operational measures intended to protect the service, including HTTPS, signed session cookies, same-origin checks, rate limits, server-side payment verification, upload type checks, metadata scrubbing for generated media where supported, and provider-error scrubbing so backend details are not exposed to users.

No internet service is perfectly secure. You are responsible for keeping your email, Telegram, Google account, wallet, and device secure.

Your Rights

Depending on your location, you may have rights to request access, correction, deletion, export, restriction, objection, or withdrawal of consent. Send requests to kacinka74@gmail.com. We may need to verify your account before acting on the request.

Some data cannot be deleted immediately when we must retain it for payment records, fraud prevention, abuse investigation, safety, tax/accounting, legal defense, or compliance.

International Processing

Kiara Spicy and its providers may process data in the United States, Europe, and other countries. Laws in those countries may differ from the laws where you live. By using the service, you understand that data may be transferred and processed internationally as needed to provide the service.

Children and Minors

Kiara Spicy is not for children. We do not knowingly allow minors to create accounts or use the service. We also prohibit generating, uploading, requesting, or distributing sexualized, exploitative, or suggestive content involving minors or age-ambiguous people.

If you believe a minor has used the service or that content involving a minor is present, contact kacinka74@gmail.com immediately.

Changes to This Policy

We may update this Privacy Policy as the product, laws, providers, or payment methods change. The updated date at the top shows when the current version took effect. Material changes may also be surfaced in the UI or by requiring a renewed acknowledgement.

Reference

Related Documents

Privacy Policy How Kiara Spicy collects, uses, shares, and deletes data. Terms of Service The rules for accounts, credits, AI generation, and platform access. Refund Policy How failed generations, subscriptions, crypto payments, and credits are handled. Cookie Policy Essential cookies, analytics beacons, and third-party browser storage. Acceptable Use Policy Strict safety rules for adult AI content, likenesses, minors, and abuse.

These external policy links are included so users can understand the main providers that may process authentication, payments, hosting, voice, model, email, or safety-related requests.

OpenAI Privacy and API Data Controls OpenAI Usage Policies Google API Services User Data Policy Google Generative AI Prohibited Use Policy Cloudflare Turnstile Privacy Addendum Cloudflare Cookie Policy Stripe Privacy Policy Stripe Terms of Service Plisio Terms of Use Plisio Privacy Policy Runware Terms of Service Runware Privacy Policy Cartesia Terms of Service Cartesia Privacy Policy xAI API Security FAQ xAI Terms of Service xAI Privacy Policy DeepSeek Terms of Use DeepSeek Privacy Policy Groq Privacy Policy Groq Website Terms of Use Groq Services Agreement MiniMax Terms of Service MiniMax Privacy Policy Resend Privacy Policy Resend Terms of Service Telegram Privacy Policy RunningHub Terms of Service RunningHub Privacy Policy WaveSpeed Terms of Service

Sign in to Kiara Spicy

Continue with one of the methods below.

or email

Check your inbox

We sent a magic link to …. Click it to finish signing in. Link expires in 15 minutes.

By continuing you agree to the Terms & Privacy.

…