Effective Date: July 10, 2026
Last Updated: July 10, 2026
This Privacy Policy explains how MOM GLOBAL LLC (ОсОО «МОМ Глобал»), a limited liability company registered in the Kyrgyz Republic (reg. no. 330811-3301-ООО, TIN 02806202610063, 316 Chui Avenue, Bishkek, Kyrgyz Republic) ("MOM", "we", "us") collects, uses, shares, and protects your personal data when you use the MOM platform at momlabel.ai (the "Service").
MOM is the data controller for the personal data described in this Policy. For privacy matters, contact us at privacy@momlabel.ai.
The short version: we collect the minimum we need (your email is the only identifier we require); your creative content and your likeness belong to you; we use trusted AI providers to power the features you invoke; we don't sell your data, we don't show ads, and we don't use third-party advertising trackers — the Service contains no Google Analytics, no advertising pixels, and no cross-site tracking.
This Policy applies to registered users of the Service, visitors of momlabel.ai, and individuals who appear in content processed at a user's direction (see Section 5 on digital likeness). It does not cover third-party services you connect (e.g., Telegram) beyond our transmission of your content to them.
2.1 Information you provide:
2.2 Information generated when you use the Service:
2.3 Information we do NOT collect: government IDs, payment card numbers (payments are handled entirely by Paddle — see Section 6), precise geolocation, device fingerprints, advertising identifiers, or data from data brokers.
2.4 Local storage in your browser. We use browser localStorage strictly to operate the Service: your session token, language preference, UI preferences, and drafts of questionnaire answers you begin before registering. We do not use advertising or analytics cookies. Because we use only strictly necessary storage, the Service does not display a cookie consent banner.
| Purpose | Data | Legal basis (GDPR) |
|---|---|---|
| Providing the Service you signed up for (account, generation features, publishing) | Account, creative profile, creative content, AI Output | Contract (Art. 6(1)(b)) |
| Creating your digital avatar and voice clone | Likeness data (face photos, voice recordings) | Explicit consent (Art. 9(2)(a) to the extent biometric-class data is concerned; Art. 6(1)(a)) |
| Billing, quotas, and subscription management | Usage data, subscription records | Contract |
| Security, fraud and abuse prevention | Technical logs | Legitimate interest (Art. 6(1)(f)) |
| Improving the Service and its prompts | De-identified, aggregated usage data | Legitimate interest |
| Legal compliance (tax, accounting, lawful requests) | Transaction records | Legal obligation (Art. 6(1)(c)) |
We do not process your data for third-party advertising, and we do not sell or "share" (as defined by the CCPA) personal data. We do not use your identifiable content to train publicly available foundation models.
MOM's features are powered by specialized AI providers. When you invoke a feature, the data needed for that feature is transmitted to the relevant provider for processing on our behalf. We bind processors to data-protection obligations and send only what the feature requires.
| Provider | What is processed | Purpose | Location |
|---|---|---|---|
| Anthropic (USA) | texts: questionnaire answers, profile texts, scripts | portrait/DNA analysis, script generation, quality checks | USA |
| OpenAI (USA) | texts: questionnaire answers, profile texts | text generation (portrait, plans, content) | USA |
| Emergent Methods (hosting & LLM gateway) | application hosting; text prompts routed to the AI providers above | infrastructure and unified AI gateway | see provider docs |
| Google (Gemini) (USA) | text prompts and photos you submit for image generation | image generation | USA/global |
| HeyGen (USA) | your avatar photos, voice data, video scripts | digital avatar creation, voice synthesis | USA |
| fal.ai (USA) | photos, audio (incl. your tracks for vocal separation and speech timing), video frames | video generation, lip-sync, audio processing | USA |
| ElevenLabs (USA) | your voice sample | voice cloning (where this engine is used) | USA |
| Kling AI (Kuaishou) | photos and prompts for video scenes | video scene generation | Singapore/China endpoints |
| Runway, PiAPI, Beeble/SwitchX (USA/other) | photos/video and prompts | alternative video engines (where used) | USA/other |
| Cloudflare (R2 storage, DNS, CDN) | your uploaded and generated media files | storage and delivery | global network; encrypted at rest |
| Neon (database, AWS eu-central-1) | structured account and content data | primary database | Frankfurt, Germany (EU) |
| Paddle (UK) | purchase and payment data | Merchant of Record — payments, taxes, refunds | UK/EU |
| Zoho (EU datacenters) | emails you send to our support/legal addresses | corporate email | EU |
| Telegram (global) | posts and media you schedule for publication to your connected channel | publishing at your direction | global |
The current version of this table is always available on this page. If we add a sub-processor that materially changes the nature of processing, we will update this Policy and notify you as described in Section 12.
Creating a digital avatar and voice clone requires processing photos of your face and recordings of your voice — data that can be uniquely identifying and, in some jurisdictions, is treated as biometric or sensitive data. We treat it with corresponding care:
Payments are processed by Paddle.com as Merchant of Record. Your card details go directly to Paddle and are never received or stored by MOM. Paddle processes payment data as an independent controller under Paddle's Privacy Policy. We receive from Paddle only what we need to operate your subscription: transaction identifiers, plan, status, and amounts.
We are a Kyrgyz company; our primary database is in the EU (Frankfurt); our AI providers are primarily in the USA, with certain video processing in Singapore. Where personal data is transferred across borders, we rely on appropriate safeguards — including data processing agreements incorporating Standard Contractual Clauses (SCCs) with providers processing EU/UK personal data, and equivalent mechanisms under PIPEDA (Canada) and the Australian Privacy Principles. Details of a specific transfer mechanism are available on request at privacy@momlabel.ai.
| Data | Retention |
|---|---|
| Account, profile, creative content, likeness data, AI Output | For as long as your account is active |
| Deleted account | 30-day grace period (you can restore your account), then permanent deletion of your data from our systems, including media files and voice clones at providers, except as noted below |
| Operational error logs and activity logs | up to 180 days, then automatically deleted |
| AI usage metrics (billing/quotas) | up to 12 months, then deleted or de-identified |
| Transaction records received from Paddle | as required by tax and accounting law |
| Database backups | encrypted point-in-time backups roll off automatically per our database provider's retention cycle |
| De-identified aggregated data | retained without time limit (it no longer identifies you) |
Depending on your location (EU/EEA, UK, Canada, Australia, California, and elsewhere), you have some or all of the following rights, and we honor them for all users regardless of location:
We respond to privacy requests within 30 days. To protect your data, we may need to verify your identity (normally by confirming control of your account email).
We protect your data with: TLS encryption in transit everywhere (including our database connections); AES-256 encryption at rest for both the database and file storage; bcrypt password hashing; field-level encryption for third-party access tokens; role-based access (admin access is limited and logged); and secrets management for infrastructure credentials. No system is perfectly secure; if we become aware of a personal data breach creating risk to you, we will notify the competent supervisory authority within 72 hours where required by GDPR and inform affected users without undue delay.
The Service is not directed to children under 16, and we do not knowingly process their data. Registration requires a date of birth, and accounts of users under 16 are refused. If you believe a child under 16 has provided us data, contact privacy@momlabel.ai and we will delete it.
We may update this Policy as the Service and law evolve. For material changes we will notify you by email and/or in-app notice at least 14 days before the changes take effect. The "Last Updated" date at the top always reflects the current version.
Data controller: MOM GLOBAL LLC (ОсОО «МОМ Глобал»)
316 Chui Avenue, Bishkek, Kyrgyz Republic
Reg. no. 330811-3301-ООО · TIN 02806202610063
Privacy requests & data protection contact: privacy@momlabel.ai
General legal: legal@momlabel.ai · Support: support@momlabel.ai · +996 551 248 926