Privacy Policy

Last updated May 26, 2026

This privacy notice for Uni Creative Inc ("we," "us," or "our"), describes how and why we might collect, store, use, and/or share ("process") your information when you use our services ("Services"), such as when you:

Visit our website at https://4149.ai, or any website of ours that links to this privacy notice
Engage with us in other related ways, including any sales, marketing, or events

Questions or concerns? Reading this privacy notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at hi@4149.ai.

Summary of Key Points

This summary provides key points from our privacy notice.

What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use.
Do we process any sensitive personal information? We do not process sensitive personal information.
Do we receive any information from third parties? We may receive information from public databases, marketing partners, social media platforms, and other outside sources.
How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.
In what situations and with which parties do we share personal information? We may share information with third-party service providers for the purposes of providing the Service. All shared information is transient and is deleted when no longer needed.
How do we keep your information safe? We have organizational and technical processes and procedures in place to protect your personal information.
What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information.
How do you exercise your rights? The easiest way to exercise your rights is by submitting a data subject access request, or by contacting us.
Do you connect to Google services? Yes. When you connect a Google account through the psst app's Connectors flow, our use of data received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements. See sections 16–18 below for the full disclosure.

1. What Information Do We Collect?

Personal information you disclose to us

In Short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:

names
email addresses
passwords

Sensitive Information. We do not process sensitive information.

Payment Data. We may collect data necessary to process your payment if you make purchases. All payments are processed through Apple Pay, which uses tokenization to protect your payment information. We do not store your actual payment card details. You may find Apple's privacy policy here: https://www.apple.com/legal/privacy/.

Social Media Login Data. We may provide you with the option to register with us using your existing social media account details, like your Facebook, Twitter, or other social media account. If you choose to register in this way, we will collect the information described in the section called "How Do We Handle Your Social Logins?" below.

Information automatically collected

In Short: Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our Services.

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information.

The information we collect includes:

Log and Usage Data. Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services.
Device Data. We collect device data such as information about your computer, phone, tablet, or other device you use to access the Services.

2. How Do We Process Your Information?

In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

To facilitate account creation and authentication and otherwise manage user accounts.
To deliver and facilitate delivery of services to the user.
To respond to user inquiries/offer support to users.
To request feedback.
To evaluate and improve our Services, products, marketing, and your experience.
To identify usage trends.

3. When and With Whom Do We Share Your Personal Information?

In Short: We may share information in specific situations described in this section and/or with the following third parties.

We may need to share your personal information in the following situations:

Third-Party Service Providers. We may share information with third-party service providers for the purposes of providing the Service. All shared information is transient and is deleted when no longer needed.
Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
Other Users. When you share personal information or otherwise interact with public areas of the Services, such personal information may be viewed by all users and may be publicly made available outside the Services in perpetuity.

4. Do We Use Cookies and Other Tracking Technologies?

In Short: We may use cookies and other tracking technologies to collect and store your information.

We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information.

5. How Do We Handle Your Social Logins?

In Short: If you choose to register or log in to our Services using a social media account, we may have access to certain information about you.

Our Services offer you the ability to register and log in using your third-party social media account details (like your Facebook or Twitter logins). Where you choose to do this, we will receive certain profile information about you from your social media provider.

6. How Long Do We Keep Your Information?

In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this privacy notice unless otherwise required by law.

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law.

7. How Do We Keep Your Information Safe?

In Short: We aim to protect your personal information through a system of organizational and technical security measures.

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure.

8. Do We Collect Information From Minors?

In Short: We do not knowingly collect data from or market to children under 18 years of age.

We do not knowingly solicit data from or market to children under 18 years of age. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records.

9. What Are Your Privacy Rights?

In Short: You may review, change, or terminate your account at any time.

Withdrawing your consent: If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us.

Account Information: If you would at any time like to review or change the information in your account or terminate your account, you can contact us using the contact information provided or log in to your account settings and update your user account.

10. Controls for Do-Not-Track Features

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals.

11. Do California Residents Have Specific Privacy Rights?

In Short: Yes, if you are a resident of California, you are granted specific rights regarding access to your personal information.

California Civil Code Section 1798.83, also known as the "Shine The Light" law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes.

12. Do Virginia Residents Have Specific Privacy Rights?

In Short: Yes, if you are a resident of Virginia, you may be granted specific rights regarding access to and use of your personal information.

Under the Virginia Consumer Data Protection Act (CDPA), Virginia residents have specific rights regarding their personal data.

13. Do We Make Updates to This Notice?

In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.

We may update this privacy notice from time to time. The updated version will be indicated by an updated "Revised" date and the updated version will be effective as soon as it is accessible.

14. How Can You Contact Us About This Notice?

If you have questions or comments about this notice, you may email us at hi@4149.ai or contact us by post at:

Uni Creative Inc
405 RXR Plaza, Suite 405
Uniondale, NY 11556-3811
United States

15. How Can You Review, Update, or Delete the Data We Collect From You?

Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, change that information, or delete it. To request to review, update, or delete your personal information, please submit a data subject access request.

16. Limited Use of Google User Data

In Short: psst's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements.

When you connect a Google account to psst through the app's Connectors flow, we receive a read-only OAuth grant for the specific Google API scopes the booster pack you're activating needs (see Section 17 for the per-scope detail). Our use of any data received from those Google APIs is bound by the following commitments:

Used only for user-facing features. We use Google user data only to provide or improve user-facing features that are prominent in the requesting application's user interface — namely, the booster packs you activate that declare a Calendar or Email connector requirement (for example, the Morning Brief pack composing your morning audio briefing).
Not transferred to others except as needed for those features. We do not transfer Google user data to third parties except (a) to AI subprocessors strictly as necessary to render the user-facing feature you've activated (see Section 18 for the named subprocessors); (b) to comply with applicable law; or (c) as part of a merger, acquisition, or sale of assets after which we will continue to ensure user data is used in accordance with this policy.
Not used to serve advertisements. We do not use Google user data to serve advertisements, retarget you, or build advertising profiles.
Not used to train generalized AI/ML models. We do not use Google user data to develop, improve, or train generalized or non-personalized AI or machine learning models.
Not read by humans except in limited circumstances. We do not allow humans to read your Google user data, except: with your affirmative consent for specific messages; to provide support requested by you; for security purposes (e.g., investigating abuse); to comply with applicable law; or where the data has been aggregated and anonymized.

17. Data We Read From Your Google Account

In Short: We request only read-only access to your Google Calendar and Gmail, and we fetch data live each time a booster pack needs it rather than storing it on our servers.

When you connect a Google account, we request only the minimum read-only OAuth scopes needed for the booster packs you've activated:

Google Calendar (https://www.googleapis.com/auth/calendar.readonly). We read event titles, start and end times, locations, and descriptions in a bounded date range, only at the moment a booster pack is composing a cue card that uses calendar context (e.g., the Morning Brief pack pulling today's meetings into the morning audio briefing). Calendar data is fetched live each time it's needed and is not persisted in our database. We never create, modify, or delete calendar entries.
Gmail (https://www.googleapis.com/auth/gmail.readonly). We read recent inbox message metadata (sender, subject, labels, timestamps, snippets) and, when needed by a specific booster pack feature, the body of selected messages. Reads happen only at the moment a booster pack is composing a cue card that uses inbox context (e.g., the Morning Brief pack surfacing overnight newsletters worth your attention). Email data is fetched live each time it's needed and is not persisted in our database. We never send, draft, modify, delete, or label mail.

You can disconnect a Google account at any time from psst → Settings → Connectors → Calendar or Email. Disconnecting revokes the OAuth grant at Google, deletes any cached records derived from the connection, and removes the account from any booster packs that were using it.

18. AI Subprocessors

In Short: psst forwards minimal data to third-party AI providers to compose your cue cards. Those providers are contractually bound to use the data only to fulfill the request and not to retain or train models on it.

To compose the personalized cue cards delivered by booster packs — including any data sourced from your connected Google account (per Section 17) — psst forwards the minimum necessary context to third-party AI service providers under data processing agreements that prohibit those providers from retaining your data beyond the request or using it to train generalized models.

Our current AI subprocessors are:

Anthropic (Claude) — primary large language model for cue-card composition and reflection. See Anthropic's privacy policy.
OpenAI — fallback large language model used when Anthropic is unavailable. See OpenAI's privacy policy.
ElevenLabs — text-to-speech rendering for audio cue cards (e.g., the Morning Brief audio briefing). See ElevenLabs' privacy policy.
Google (Gemini, via Google AI) — supplementary large language model used by select features. See Google's privacy policy.

Each subprocessor receives only the data needed for the active request and does not retain it beyond completion of the request. If we add or change subprocessors, we will update this section.