Privacy Policy

Welcome to Dify.AI. LangGenius, Inc. (hereinafter referred to as “LangGenius”) operates the Dify.AI service as one of its products. Throughout this Privacy Policy, references to “Dify,” “Dify.AI,” “we,” “us,” “our,” and similar terms refer to LangGenius and its affiliates, including but not limited to Dify.AI. By using the Dify.AI service, you acknowledge and agree that LangGenius is the entity responsible for the collection, use, and protection of your personal information as described in this Privacy Policy.

Please carefully read this Policy before you use or submit any information through or in connection with the Services. If you do not agree with this Policy, please do not access or use our Services or interact with any other aspect of our business. Unless otherwise required by laws in your residence, by using our Services, you accept our privacy practices described in this Policy.

1. What information we collect about you?

We collect and store personal information that you directly provide us through our Site, when using our Products, and other ways：

Information you provide to us

We will collect and store personal information that you provide to us directly through our website when using our products, as well as through other means (such as through user support requests, interacting through social media, participating in surveys or promotions, applying for a job, and interacting on our website and at events). The information we collect includes:

• Account and profile information. When you register for an account, create or modify your profile, set preferences, sign-up for or make purchases through the Services, we collect information about you which includes without limitation your name, business telephone number and your email address, passwords, and similar security information used for authentication and account access. You may also choose to provide us with a display name, profile photo, job title, and other details to your profile information to be displayed in our Services.

• Content you provide through our products: As part of the service, we collect and store the content you post, send, receive, and share through our product. This includes any data you enter in any “free text” box on our product, as well as files and links you upload to the service. Examples of the content we collect and store include applications you create in Dify.AI, descriptions of application-related commands, links to access applications, links to privacy policies for applications, or any other information you provide.

• Content provided by you through community platforms, instant messaging tools, or our website: We also collect other content that you submit to us for operation of website channels (such as social media or social networking sites). For example, when you provide feedback or participate in any interactive features, surveys, contests, promotions, sweepstakes, events, or activities, you provide content to us through phone, community interaction, IM services, etc. (such as GitHub, Twitter, Discord, WeChat, Slack, etc.)

• Information provided through our support channels: Through our user support, you can choose to submit information about any issues you encounter while using our services. You may contact us through email, third-party IM tools to directly communicate with our support team. You will be asked to provide contact information, a summary of the issue you are facing, and any additional documents, screenshots, or information that may help to resolve the problem.

• Payment and billing information: When you use certain paid services on Dify.AI, we collect your payment and billing information. You may also be required to provide credit card information to third-party secure payment processing service providers (such as Stripe). We do not store your credit card information.

Information we collect automatically when you use the Services

When you use our services (including browsing our website and taking certain actions within the service), we may collect information about you.

• Your Use of the Services: When you access any of our services and interact with them, we may track certain information about you, including but not limited to the features you use; the links you click on; the type, size, and filenames of attachments you upload to the services; and how you interact or click on our product services.

• Device and Connection Information: We collect information about the devices you use to access our services, such as your computer, phone, tablet, or other devices. This type of device information also includes your connection type and settings when installing, accessing, updating, or using our services. We also collect information about your operating system, browser type, URL of referring/exit pages, IP address, device identifiers, and crash data through your device.

• Geolocation Data: Based on your device settings, we may collect geolocation data when you access our website and use our products. For example, we may use your IP address to infer your approximate location.

• Cookies and Other Tracking Technologies: We and our third-party partners, such as our advertising and analytics partners, use various common technologies to provide functionality and identify you across different services and devices. Such technologies typically include tracking pixels, JavaScript, and various “local storage data” technologies, such as cookies and local storage. Such data may include text, personal information (such as your IP address), and information about how you use our services, depending on the technologies we use. For the purposes of this policy, we collectively refer to the cookies and other technologies identified here as “Cookies.” Most web browsers have a feature to block cookies. You can also choose to clear all cookies stored on your computer.

Information we receive from other sources

We receive information about you from other service users, our partners, and third-party service providers, social media platforms, and public databases. We may combine this information with the information we collect through other means. This helps us update and improve our records, identify new customers, create more personalized advertising, and recommend services that you may be interested in. When asked to provide personal information, you may refuse. However, if you choose not to provide the information required for certain products, these products or some of their features may not be available or may not function properly.

We are not responsible for the data policies and procedures or content of any third party. We recommend that you review the privacy policies of each website you visit.

2. How we use information we collect?

We collect and process personal information about you as necessary to provide the Products you use, operate our Sites and business, meet our contractual and legal obligations, protect the security of our systems and our customers, or fulfil other legitimate interests as described in this Privacy Policy and in our notices to you.

For example, we may use any of the categories of personal information we describe above to:

• Operate, maintain and improve our internal operations, systems, Sites, and Products.

• Understand you and your preferences to enhance your experience and enjoyment using our Sites and Products, to provide recommendations, to solicit feedback, and to better market and advertise to you.

• Monitor and analyze user interactions with our Sites and Products to identify trends, usage, and activity patterns.

• Respond to your comments and questions and provide technical support or customer service.

• Provide and deliver the Products you request.

• Comply with applicable laws, rules, or regulations and cooperate and defend legal claims and audits.

• Communicate with you about promotions, upcoming events, and other news about products and services offered by LangGenius and our partners.

• Plan and host corporate events.

• Protect the Site and Products, and investigate and deter against fraudulent, unauthorized, or illegal activity.

We may also use such information in any other way we may describe when you provide the information or for any other purpose with your consent.

3. How we share information we collect?

We may share your personal information with your consent. We may also share any category of personal information described above:

• Sharing with our business partners and other third-party service providers. We share information with third parties who help us operate, provide, improve, integrate, customize, support, and market our services. For example, to provide services to you, we may share information with third-party service partners who provide consulting support. We work with third-party service providers who provide website and application development, hosting, maintenance, backup, storage, virtual infrastructure, payment processing, analytics, and other services to us. Such services may require the service provider to access or use information about you. If a service provider needs to access information about you to act on our behalf in performing services, they will do so under our close instruction and adopt appropriate security and confidentiality procedures to protect your information.

• Sharing with potential buyers and advisors. If there is a company sale, merger, reorganization, dissolution, similar event, or measures taken in anticipation of such an event (such as due diligence in a transaction), your personal information may (in accordance with applicable law) be shared with our advisors and any potential buyer’s advisors and be transferred to the new owner of the business.

• Sharing information to maintain compliance with laws and regulations. We may share information as required by law or subpoena, or if we reasonably believe that such action is necessary to comply with applicable laws or the reasonable requests of law enforcement, enforce our terms of service, or protect the security or integrity of our website and products, or to exercise or protect the rights, property, or personal safety of our customers, users, or others.

4. Data Retention and Security

We retain personal information for as long as necessary for the purposes for which the personal information is processed and for longer periods as necessary for us to comply with applicable laws. For example, we retain your account information for as long as your account is active or as needed to provide you with Products you have requested or authorized, including maintaining and improving the performance of the Products and protecting system security. We also retain personal data as needed to maintain appropriate business and financial records, protect our legal interests, resolve disputes, or comply with legal or regulatory requirements. Thereafter, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will store your personal information using appropriate security measures and take appropriate steps designed to isolate it from any further processing until deletion is possible.

The information collected through our website and our products may be stored and processed in any country/region where LangGenius or its affiliated companies or service providers maintain facilities, including your region, the United States, Australia, Canada, China, and the European Economic Area (including the United Kingdom). Our choice of processing location is to ensure efficient operations, improve performance, and create redundancy to protect data in the event of disruptions or other issues. We take measures to ensure that the data we collect in accordance with this Privacy Policy is processed in compliance with this Privacy Policy and applicable laws, regardless of where the data is located.

When we transfer personal information from the European Economic Area (including the UK) and Switzerland to the United States or other countries/regions where the European Commission has not determined their laws provide adequate data protection, we use legal mechanisms designed to help ensure your rights and protections, including contracts. Specifically, our website servers are located in the United States, and our affiliates, partners, third parties, and service providers operate in the United States, European Economic Area, and China. This means that when we collect your personal information, we may process it in any of these countries. However, we have taken appropriate safeguards to require that your personal information is protected in accordance with this privacy policy. The main safeguard relied upon by LangGenius is the Standard Contractual Clauses for Data Protection approved by the European Commission. For more information about these mechanisms, please contact us using the detailed contact information provided in the “How to Contact Us” section below.

LangGenius cares about the security of your information and takes reasonable and appropriate technical and organizational measures designed to prevent loss, misuse, and unauthorized access, disclosure, alteration, and destruction of personal information. However, no security system is impenetrable, and we cannot guarantee the security of our systems or your information.

5. How to access and control your information?

You have certain rights regarding your personal information, subject to the applicable laws. These include the following rights to:

• Access your personal information: You have the right to ask us to confirm whether we are processing your personal information, and, where that is the case, access to the personal information and receive information on how your data is processed as well as ask us to provide a copy of your personal information.

• Rectify your personal information: You have the right to have any incorrect, incomplete or inaccurate data we hold about you corrected.

• Erase your personal information: You have the right to ask us to delete your personal information when, for example, the data we hold on to you is no longer needed or when your data has been processed unlawfully.

• Object to processing: You have the right to object to the processing of your personal information and request us to cease processing of it if, for example, this data is being processed for the purpose of direct marketing or where we are relying on a legitimate interest (or those of a third party). Under certain circumstances, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

• Restrict the processing: You have the right to ask us to suspend the processing of your personal information in the following scenarios: (a) if you want us to establish the accuracy of the personal information; (b) if our use of the data is illegal but you do not want it erased; © if you require us to hold the data even if we no longer need it as you require it to establish, exercise or defend legal claims; or (d) if you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

• Receive your personal information in a usable electronic format and transmit it to a third party (right to data portability): If we are processing your personal information based on your consent or a contract, you can ask to receive your personal information in a structured, commonly used and machine-readable format. Without any obstacle from us, you can also ask us to transmit those data to another controller.

• Withdraw consent: Where we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we will no longer process that personal information, but we may be unable to continue providing certain products or services to you for which the personal information was sought. At the time you withdraw your consent, we will advise you if this is the case.

• Opt-out of communications: By using the unsubscribe link within each email, updating your email preferences within your Service account settings menu, or by contacting us as provided below to have your contact information removed from our promotional email list or registration database, you may opt-out of receiving promotional communications from us. You will continue to receive transactional messages from us regarding our Services even after you opt-out from receiving promotional messages from us. You can opt-out of some notification messages in your account settings. Please note, you will continue to receive generic ads.

• Send “Do Not Track” Signals: Some browsers have incorporated “Do Not Track” (DNT) features that can send a signal to the websites you visit indicating you do not wish to be tracked. Our Services do not currently respond to browser DNT signals since there is not yet a common understanding of how to interpret the DNT signal. You can use the range of other tools we provide to control data collection and use, including the ability to opt-out of receiving marketing from us as described above.

These rights may be limited in some situations – for example, where we can demonstrate that we have a legal requirement to process your data (such as where tax authorities require us to retain it) or where it is needed for the proper performance of a contract. Under certain circumstances, this may mean that we are able to retain data even if you withdraw your consent.

To exercise any of these rights or to submit a data request, please visit our dedicated Data Request Portal at https://langgeniusinc.gdprlocal.com/eu. Through this portal, you can:

• Submit requests related to accessing, rectifying, or erasing your personal information

• Object to processing or request restrictions on processing

• Request data portability

• Withdraw consent for data processing

• Update your communication preferences

When submitting a request, please provide sufficient information to identify yourself and the specific action you’re requesting. We will respond to your request within the timeframe required by applicable law. In some cases, we may need to verify your identity or request additional information to process your request accurately.

6. Our policy toward children

Our Services are NOT directed to children under the age of 18 and we do not knowingly collect personal information from children under 18. If we become aware that a child under 18 has provided us with personal information, we will promptly delete such personal data from our systems. If you become aware or have reason to believe that a child has provided us with personal information through our Services, please contact us at privacy@dify.ai and we will delete that information from our databases.

7. Changes to our policy

We may modify this Policy at any time, without prior notice, and changes may apply to any personal information we already hold about you, as well as any new personal information collected after the Policy is modified. If we make changes, we will notify you by revising the date at the top of this Policy. We will provide you with advanced and more prominent notice if we make any material changes to how we collect, use or disclose your personal information that impacts your rights under this Policy. Unless otherwise required by laws in your residence, your continued access or use of our Services after receiving the notice of changes, constitutes your acknowledgement that you accept the updated Policy.

In addition, we may provide you with real-time disclosures or additional information about the personal information handling practices of specific parts of our Services. Such notices may supplement this Policy or provide you with additional choices about how we process your personal information. If you disagree with any changes to this Policy, you will need to stop using the Services and deactivate your account(s), as outlined above.

8. Lawful basis for processing personal information (EEA only).

This section below is specifically for you if you are located in the European EconomicArea (EEA), United Kingdom or Switzerland. LangGenius is the data controller of your personal information when we use it as described in these Lawful Basis for Processing Personal Infomation, meaning that we determine and are responsible for how your personal information is processed.

Personal Information You Provide to Us

We collect the following categories of personal information that you submit directly to us when you use the Service:

(a) Contact information, such as first name, last name and email address

Recipients of Contact Information：

We may share this information with the following service providers through the provision of the Service: Stripe, Amazon Web Services, Google Workspace, Brevo.

(b) Your registration / account information. When you create an account and access the Service as an individual, if you use an email to sign up to the service we will collect your email address. If you use Github or Google, we use single sign-on (“SSO”) such as Github and Google to allow a user to authenticate their account using one set of login information. The data we receive is dependent on your privacy settings with the social network.

Recipients of your registration/account information:

We may share this information with the following service providers through the provision of the Service: Github, Google, Amazon Web Services.

(c) Payment transaction and billing information. When you make a purchase through your account on the Service, we collect information such as your billing address and Tax ID and other information such as date and time of your transaction and products / services purchased.

Recipients of payment transaction and billing information:

We may share this information with the following service providers through the provision of the Service: Stripe, and Amazon Web Services

(d) Chat, comments and opinions. When you contact us directly, e.g. by email or phone or through our feedback form we will record your comments and opinions.

Recipients of Chat, comments and opinions:

We may share this information with the following service providers through the provision of the Service: Google Workspace, Front

(e) Information received from third parties, such as social networks. If you interact with us through a social network, we may receive information from the social network such as your name, profile information, and any other information you permit the social network to share with third parties.

Information we collect about your Use of the Site and Service

We also automatically collect the following personal information about how you access and use the Service, and information about the device you use to access the Service:

(a) Approximate Location information. When you visit our Service, we may collect information about your location. This information may be derived from your IP address.

Recipients of approximate local Information:

We may share this information with the following service providers through the provision of the Service: Sentry, Cloudflare, and Amazon Web Services.

(b) Information about how you access and use the Service. For example, the time you access the Service and how long you use it for, the approximate location that you access the Service from, the site from which you came, our product website pages you visited, our product feature you used, and other actions you take on the Service.

Recipients of information about how you access and use the Service:

We may share this information with the following service providers through the provision of the Service: Sentry, Cloudflare, and Amazon Web Services.

We may anonymize and aggregate any of the personal information we collect (so that it does not directly identify you). We may use anonymized information for purposes that include testing our IT systems, research, data analysis, improving the Service. We may also share such anonymized and aggregated information with others.

9. How to contact us?

Your information is controlled by LangGenius. If you have questions or concerns about how your information is handled, please direct your inquiry to LangGenius, which is responsible for facilitating such inquiries.