Effective Date: 9 February 2026
Last Updated: 27 February 2026
Dear Users,
This Privacy Policy (the “Policy”) is adopted by Neksai Inc., a company with headquarter address at the offices of Conyers Trust Company (Cayman) Limited, Cricket Square, Hutchins Drive, PO Box 2681, Grand Cayman, KY1-1111 and is represented by CFO Tran Anh Tuan (“we”, “us” or “our”), which acts as the data controller in respect of the processing of personal data in connection with the mobile application A2V - AI Avatar Vortex App (the “A2V App”), its related websites, and any other services operated under the A2V - AI Avatar Vortex brand (collectively, the “Services”).
By accessing or using the A2V App and/or the Services, you may generate, provide, share, upload, or otherwise disclose your personal data to us. Any such personal data shall be processed in accordance with, and protected pursuant to, the terms and conditions of this Policy. If you do not agree with this Policy, you should not use the Services.
PERSONAL DATA COLLECTION
Your use of the Services will result in the generation, provision or disclosure of your personal data. We may collect the following categories of your personal data:
Categories of Personal Information Collected (CCPA Disclosure)
In the preceding 12 months, we have collected the following categories of personal information from consumers, as defined under the California Consumer Privacy Act (CCPA):
| CCPA Category | Examples Collected | Collected |
| Identifiers | Username, display name, email address, device IDs, IP address, advertising identifiers | Yes |
| Personal information under Cal. Civ. Code § 1798.80(e) | Name, email address | Yes |
| Protected classification characteristics | Age, gender (if provided) | Yes |
| Commercial information | Purchase history, transaction details, subscription status | Yes |
| Biometric information | Facial expression data, voice recordings | Yes |
| Internet or network activity | App usage data, interactions with advertisements, features used | Yes |
| Geolocation data | IP-based location | Yes |
| Sensory data | Audio, visual, or similar information (voice recordings, photos, videos) | Yes |
| Professional or employment information | Not collected | No |
| Education information | Not collected | No |
| Inferences | Preferences and characteristics derived from usage patterns | Yes |
| Sensitive personal information | Account credentials; biometric data; racial/ethnic origin, health data, sexual orientation (if voluntarily disclosed through AI conversations) | Yes |
Sources of Personal Information
We collect personal information from the following categories of sources:
Directly from you: When you create an account, provide profile information, make purchases, interact with AI features, or communicate with our support team.
Automatically from your devices: Through cookies, pixels, and similar technologies when you access or use our Services, including device identifiers, IP address, and usage data.
From third parties: When you log in via social media or third-party accounts (such as Apple, Google, Facebook, or TikTok), we receive limited profile information from those platforms.
From service providers: We may receive information from analytics providers, advertising networks, and payment processors that assist in operating our Services.
Categories of Collected Personal Data
| Categories | Collection Methods |
| Account Data | We collect account-related information that you provide when you create or manage an account. This may include your username, display name, email address, password (in encrypted form), profile information, account preferences, and other information necessary to authenticate you, maintain your account, and provide core app/Services functionality. |
| Social Media Data | If you choose to interact with the A2V App through social media features or connect your social media accounts, we may collect data that you make available via those platforms. This may include your social media username, profile information, profile image, and other content or data that you authorize the social media platform to share with us, in accordance with its privacy settings and policies. |
| Third-Party Account Data | If you choose to register or log in to the A2V App using a third-party account (such as Apple ID, Google, or other supported services), we will receive certain information associated with that account, such as a unique user identifier, email address, and basic profile details, as permitted by the third-party provider and your privacy settings. We do not control how third-party providers process your data, and their use of your information is governed by their own privacy policies. |
| Biometric Data | If you choose to enable Face ID, we collect and process facial recognition data to authenticate your identity and secure access to your account. This may be classified as sensitive personal data under appliable data protection laws. Use of this feature is optional and can be disabled at any time. |
| Financial information | If you make a purchase through the A2V App or our integrated online store, payment-related information is processed by third-party payment providers, such as app marketplaces (e.g., Apple App Store or Google Play Store) or e-commerce platforms like Shopify. We do not receive or store your full payment details, such as credit or debit card numbers or bank account information. By completing a purchase, you acknowledge that your financial information is collected and processed directly by these third-party providers in accordance with their own terms and privacy policies. |
| Technical data |
We automatically collect your hardware and software information such as IP address, operating system type and version, app version, device ID and type, performance logs, crash data, advertising IDs and identifiers associated with cookies or other technologies that may uniquely identify a device or browser.
Location information may be inferred from your IP address; precise geolocation, which may be classified as sensitive personal under applicable personal data protection laws, is only collected if you enable it in your device settings. |
| Usage Data | Using the Services will generate data about your activity, including how you use it (e.g., when you logged in, features you’ve been using, actions taken, information shown to you, referring webpages, ads you interacted with) and how you interact with others (e.g., searching, matching, communicating). We may also receive data related to interactions you had with our ads on third party websites or apps. |
THE PURPOSE OF OUR PERSONAL DATA PROCESSING
Your collected personal data will be processed for the main purposes of
Our provision of the Services;
Your entertainment, training, and performance tracking while using our Services;
Improving the Services and user experience;
Advertisement and promotion purposes to the extent permitted by laws; and
Compliance and legal purposes.
Our data processing activities may include but are not limited to collection, recording, organisation, structuring, storage, retrieval, use, disclosure by transmission, dissemination or other activities affecting available of your personal data.
Business and Commercial Purposes for Collection (CCPA Disclosure)
We collect personal information for the following business and commercial purposes:
Providing, maintaining, and improving our Services
Processing transactions and enabling in-app purchases
Personalizing user experience and avatar interactions
Communicating with you about your account, purchases, and updates
Conducting research and analytics to improve our products
Detecting, preventing, and addressing fraud, abuse, or security issues
Complying with legal obligations and enforcing our terms
Advertising and marketing (to the extent permitted and with your consent)
You agree and understand that before generating, uploading, providing or otherwise disclosing any personal information through your use of our Services, you must consent to us and our authorized processors to process your personal data. Otherwise, we may not be able to provide the Services to you. Your personal data will be processed by us for the following specific purposes:
| Data Processing Purposes | Legal Basis for Data Processing | Categories of Processed Data |
| Account creation and maintenance of your profile on the Services | Your consent for personal data processing and our Privacy Policy. |
Account Data, Social Media Data, Third Party Account Data, Biometric Data
|
| Enabling your enjoyment various functions and features of the Services | Your consent for personal data processing and our Privacy Policy. |
Account Data, Social Media Data, Biometric Data, Third Party Account Data, Technical Data, Usage Data
|
| Enabling you to perform in-app purchases on the Services | Your consent for personal data processing and our Privacy Policy. |
Account Data, Social Media Data, Third Party Account Data, Biometric Data, Financial and Transaction Data, Technical Data, Usage Data
|
| Advertisement and marketing purposes |
Your consent for personal data processing and our Privacy Policy; Our legitimate interest: It is our legitimate interest to promote the Services.
|
Account Data, Social Media Data, Third Party Account Data, Biometric Data, Financial Information, Technical Data, Usage Data
|
| Enhancing the Services and user experience |
Your consent for personal data processing and our Privacy Policy; Our legitimate interest: It is our legitimate interest to improve the Services over time
|
Account Data Social Media Data, Third Party Account Data, Biometric Data, Financial and Transaction Data, Marketing Data, Technical Data, Usage Data
|
| Monitoring the well functioning of the Services and troubleshooting and fixing issues as needed | Your consent for personal data processing and our Privacy Policy. |
Technical data, Usage data
|
| For compliance with applicable law, disclosure upon requests of competent State authorities; reporting of crimes or illegal activities; and/or litigation | It is our legitimate interests and obligations to comply with applicable laws, to respond to law enforcement upon request, and/or to protect the legal rights of ourselves and other users of the Services. | The categories of shared personal data will be determined based on the specific circumstances. |
DATA PROCESSING
Your data will be disclosed to our authorized processors and/or third parties for the purposes set forth under Section 2 of this Policy. All authorized processors will have the following responsibilities:
Provide sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of applicable laws and ensure the protection of your rights as a data subject;
Cooperate with us to enable the timely response to and fulfillment of your lawful and valid requests;
Process your data in an accurate manner in accordance with applicable law on personal data protection and data processing contracts signed between us and each authorized processor; and
Not to engage any other processor without prior specific or written authorization from us; and
Authorized processors act solely on our documented instructions and are contractually prohibited from using personal data for their own purposes.
TRANSFER OF PERSONAL DATA
Given our Services are operated globally, by disclosing your personal data while using our Services, your data may be transferred to authorized processors and/or third parties who operate in different jurisdictions who partner with us to process for the purposes set forth under Section 2 of this Policy. Any such cross-border transfer will be carried out in accordance with applicable data protection laws, and data processing agreements between us and our authorized processors and/or third parties, which bind the processors to apply appropriate safeguards to protect the privacy and security of your data and your rights as a data subject.
We may use and/or share your information with law enforcement agencies, public authorities or other organizations if legally required to do so, or if such use is reasonably necessary to comply with legal obligation or to reporting of crimes or illegal activities; and/or litigation.
SALE AND SHARING OF PERSONAL DATA
We do not sell personal information for monetary consideration, nor do we “share” personal information for cross-context behavioral advertising purposes, as those terms are defined under the California Consumer Privacy Act (CCPA). Because we do not sell or share personal information, we have not included a “Do Not Sell or Share My Personal Information” link on our website. If our practices change in the future, we will update this Policy and provide the required opt-out mechanism.
YOUR RIGHTS
As a data subject, you retain rights and exercise control over our processing of your personal data. The scope and extent of these rights may vary depending on the jurisdiction in which you reside, and we will comply with and give effect to such rights in accordance with applicable laws and regulations. For the purposes of this Policy, we recognize and observe the following standard rights of data subjects to the extent permitted by applicable laws:
-
Request us to provide you with the following information at any time:
The identity and contact details of us and our legal representatives;
The contact details of our data protection officers;
The purpose of data processing and relevant legal bases;
Our legitimate interests for lawful data processing;
Recipients or categories of recipients of the personal data, if any;
Information on data transfer, applicable safeguards for data protection in the case of data transfer;
Confirmation of existence of the processing;
Access to your personal data;
Correction of incomplete, inaccurate or outdated data, other rectification of your data;
The existence of automated decision-making used by us;
Anonymization, blocking or erasure of unnecessary or excessive data or data processed;
Portability of data to another service provider or product provider;
Erasure of your personal data despite you had given a consent;
Information on entities with which we have shared your data;
Information on the possibility of denying consent and the consequences of such denial; and
Revocation of your consent.
Request us to restrict our data processing to the extent permitted by applicable laws;
Object our legitimate rights for lawful data processing;
Object our processing for direct marketing purposes;
Object to being subjected to a decision based solely on automated processing, including profiling which produces legal effects and similar significant effects for you;
Oppose to the processing based on the events of waiver of consent and/or our noncompliance of applicable laws on personal data protection;
Petition regarding your data before the a competent authorities;
Brazilian-Specific Rights (LGPD):In accordance with Article 18 of the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados – LGPD), Brazilian users have the right to obtain confirmation of the existence of processing, access to personal data, correction of incomplete or outdated data, anonymization, blocking or deletion of unnecessary data, portability, information regarding data sharing with public and private entities, and revocation of consent. Brazilian users also have the right to lodge complaints with the Brazilian National Data Protection Authority (ANPD).
Vietnam-Specific Rights: Users in Vietnam have the rights to be informed, consent or not consent or withdraw consent to processing; access, correct; request the provision, delete, restrict, and object to the processing of their personal data and other rights in accordance with the Law on Personal Data Protection.
Users in Vietnam may lodge complaints or initiate lawsuits with competent Vietnamese authorities or courts where applicable. Users in Vietnam also have certain obligations regarding their personal data in accordance with the Law on Personal Data Protection.[BMVN1]
Japan-Specific Rights: We will cease to provide personal data that can be used to identify Japan users to a third party at the request of Japan users in accordance with the Act on the Protection of Personal Information of Japan (“APPI”).
California-Specific Rights
This section applies to California residents and supplements the information provided elsewhere in this Privacy Policy. If you are a California resident, you have the following rights under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (“CCPA”):
Right to Know/Access. You have the right to request that we disclose to you the categories of personal information we have collected about you, the categories of sources from which we collected the personal information, the business or commercial purposes for collecting, selling, or sharing the personal information, the categories of third parties to whom we have disclosed personal information, and the specific pieces of personal information we have collected about you.
Right to Delete. You have the right to request that we delete personal information we have collected from you, subject to certain exceptions permitted by law.
Right to Correct. You have the right to request that we correct inaccurate personal information that we maintain about you.
Right to Opt-Out of Sale or Sharing. You have the right to opt out of the “sale” of your personal information or the “sharing” of your personal information for cross-context behavioral advertising purposes. As stated in this Policy, we do not sell or share your personal information for these purposes.
Right to Limit Use of Sensitive Personal Information. If we collect sensitive personal information (as defined under the CCPA), you have the right to limit our use of such information to purposes necessary to provide the Services.
Sensitive Personal Information Collected
This app may collect the following categories of sensitive personal information as defined under the CCPA: (i) account login credentials; (ii) biometric information (facial expressions and voice recordings); and (iii) personal information that reveals racial or ethnic origin, religious beliefs, health information, or sexual orientation, if such information is voluntarily disclosed by you during conversations with AI. We use this information solely for the purposes of providing the Services and do not use it for purposes that would require offering a right to limit under the CCPA beyond those permitted by law.
Right to Non-Discrimination. We will not discriminate against you for exercising any of your CCPA rights. We will not deny you goods or services, charge you different prices, provide a different quality of service, or suggest you will receive a different price or quality based on your exercise of these rights.
How to Exercise Your California Rights. To submit a request to exercise any of the rights described above, please contact us at: dpo@aiavatar.work. We will verify your identity before processing your request and may require you to provide additional information to confirm your identity. If you use an authorized agent to submit a request, we may require verification that you authorized the agent to act on your behalf.
Authorized Agents. You may designate an authorized agent to submit a request to exercise your California privacy rights on your behalf. To do so, you must provide the authorized agent with written permission to act on your behalf, and we may require you to verify your own identity directly with us and confirm that you provided the authorized agent permission to submit the request.
Verification Process. When you submit a request to know, delete, or correct personal information, we will verify your identity by matching the information you provide with information we already maintain about you. For requests for specific pieces of personal information, we apply a heightened verification standard and may require a signed declaration under penalty of perjury that you are the consumer whose personal information is the subject of the request.
Response Timing. We will respond to verifiable consumer requests within 45 days, or notify you if we require additional time (up to an additional 45 days).
Metrics Disclosure. In accordance with CCPA requirements, we will publish annually the number of requests to know, delete, and opt-out received, complied with in whole or in part, and denied.
OUR PROCESS OF HANDLING YOUR REQUESTS TO EXERCISE YOUR DATA SUBJECT RIGHTS
We have appointed Data Protection Officers responsible for overseeing data protection compliance.
For any request to exercise your rights, please contact our Data Protection Officers via email: dpo@aiavatar.work. Your request to exercise your above rights will be handled by us free of charge, within the time periods and terms provided under applicable laws. Nevertheless, we may reject your requests including if we are unable to authenticate you; if the request is unlawful or invalid; or if it may infringe on trade secrets or intellectual property, or the privacy and other rights of others. Once your request is accepted and performed accordingly by us, we are further obligated to ensure that our authorized processors take necessary actions to conform with your rightful requests.
EXISTENCE OF AUTOMATED-DECISION MAKING
We may use automated processing, including profiling, to support certain functionalities of the Services, such as content personalization, performance analytics, service optimization, security monitoring, and the delivery of relevant advertisements or recommendations. Such automated processing is used solely to enhance user experience and improve the performance, safety, and efficiency of the Services. Where automated processing is used, appropriate safeguards are implemented to protect your relevant rights and interests.
RETENTION OF PERSONAL DATA
We retain information for as long as necessary to provide the Services and for the other purposes set out in this Policy. In case you delete your account from our Services, to the extent permitted and/or requested by applicable laws, we will retain your personal data for legal and compliance purposes for a maximum period of five years from the date of your account closure. The criteria to determine the retention window are as follows:
| Scope of Retained Data | Purposes | Retention Period |
| All Personal Data | For compliance with applicable laws and regulations, and for the establishment, exercise, or defense of legal claims arising out of or in connection with the Services. | six months from the date of account closure |
| Customer services exchange, records, supporting data | For compliance with applicable laws and regulations, and for the establishment, exercise, or defense of legal claims arising out of or in connection with the Services. | two years from the date of the exchange |
| All Personal Data | Where there is a reasonable basis to believe that the Services may have been used in violation of applicable law or our terms, we may retain relevant personal data as necessary for investigation, compliance, and the establishment, exercise, or defense of legal claims. | five years from the date of account closure |
Following the expiration of the applicable retention period, personal data will be deleted or restricted from further processing unless continued retention is required or permitted by law for compliance, legal, or legitimate business purposes. Where possible, data will be anonymized or aggregated so that it can no longer be attributed to an identifiable individual and may be used for service improvement and development purposes.
Retention by Category of Personal Information (CCPA Disclosure)
We retain each category of personal information for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. The following table summarizes our retention practices:
| Category of Personal Information | Retention Period or Criteria |
| Identifiers (account data, device IDs) | Duration of account plus six months after account closure; up to five years if required for legal compliance |
| Transaction and financial data | Two years from transaction date for general records; up to five years for tax/legal compliance |
| Biometric data (facial expressions, voice recordings) | Only for the session in which it is used, unless retained as part of user-generated content; deleted or anonymized upon account closure |
| Usage and technical data | Two years from collection |
| User communication data (AI conversations) | Duration of account plus six months after closure; may be anonymized for research |
| Sensitive personal information | Retained only as long as necessary for the disclosed purpose; subject to user deletion requests |
CHILDREN’S PRIVACY
Our Services are intended solely for individuals who are 13 years of age or older. We do not knowingly collect, use, or process personal data from children under the age of 13, and individuals under 13 are not permitted to create accounts or otherwise use the Services. If we become aware that personal data has been collected from a child under the age of 13, we will take appropriate steps to promptly delete such data and terminate the associated account.
Parents or legal guardians who believe that a child under the age of 13 has provided personal data to us may contact us at dpo@aiavatar.work to request review or deletion of such information. We may take reasonable steps to verify the identity and authority of the requesting party before acting on such requests.
We reserve the right to implement age-verification or other measures, where required or appropriate, to prevent access to the Services by individuals under the age of 13 and to ensure compliance with applicable child protection and data protection laws.
Additional Rights for California Minors
If you are a California resident under 18 years of age and a registered user of the Services, you may request removal of content or information you have publicly posted on the Services. To request removal, please contact us at dpo@aiavatar.work with a description of the content you wish to have removed. Please note that removal does not ensure complete or comprehensive removal of the content, as there may be circumstances under which the law does not require or allow removal.
POLICY CHANGES
We may update this Privacy Policy periodically. Material changes will be communicated to you, and we will obtain your consent if required by applicable laws, before material changes take effect.
SHARED USE OF PERSONAL DATA
We may jointly use personal data within our corporate group or with designated service providers for the purposes described in this Policy.
The shared personal data may include Account Data Social Media Data, Third Party Account Data, Biometric Data, Financial and Transaction Data, Marketing Data, Technical Data, Usage Data, interaction content (such as chat messages or voice inputs), interaction memory and preferences, user-generated media metadata, customer support communications, subscription and transactional metadata, security and fraud-prevention signals, and compliance-related records, to the extent necessary for service operation, safety, and legal compliance.
The purpose of shared use is limited to service operation, security, customer support, analytics, and legal compliance.
The entity responsible for the management of jointly used personal data is Neksai Inc, a company with headquarter address at the offices of Conyers Trust Company (Cayman) Limited, Cricket Square, Hutchins Drive, PO Box 2681, Grand Cayman, KY1-1111 and is represented by CFO Tran Anh Tuan
Shared use will be conducted in accordance with APPI and subject to appropriate safeguards.
CONTACT INFORMATION
If you have questions, concerns, or requests related to this Privacy Policy or the processing of your personal information, please contact our Data Privacy Officers: dpo@aiavatar.work.