Privacy Policy

Last updated: November 3, 2025

This Privacy Policy (this "Policy") describes how MainFunc Inc. ("MainFunc") or its subsidiaries or affiliated entities, including without limitation Genspark Inc. (collectively, "we", "us" or "our"), collects, uses, discloses and protects your Personal Data (defined below), including when you use our websites and other online products and services (collectively, our "Services"), as well as when you interact with us.

We may change this Privacy Policy from time to time. If we make changes, we will notify you by posting the revised Policy on our website and updating the "Last updated" date above. We encourage you to review this Policy whenever you use our Services or interact with us in any other way to stay informed about our information practices and the choices available to you.

Our Services

We provide a search and content generation service. The service is available via https://genspark.ai. We also publish and maintain company websites, which can be accessed at http://mainfunc.ai. The search and content generation service and the company websites are included in the Services.

Collection of Information

Information We Collect Automatically

When you visit our websites, certain information may be automatically collected due to your use of the Services or from the Services infrastructure, including how and when you used our services, the prompts you input to our Services, and the resulting outputs.

We use tracking technologies, such as Cookies (as defined below), to track the activity on our Services and store certain information. This information is used to improve and analyze our Services. A "Cookie" is a small file placed on your device. You can instruct your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if you do not accept Cookies, you may not be able to use some parts of our Services. Unless you have adjusted your browser setting so that it will refuse Cookies, our Services may use Cookies.

Cookies can be "Persistent" or "Session" Cookies. Persistent Cookies remain on your personal computer or mobile device when you go offline, while Session Cookies are deleted as soon as you close your web browser.

We may use both Session and Persistent Cookies for the purposes set out below:

• Necessary / Essential Cookies
  • Type: Session Cookies
  • Administered by: Us
  • Purpose: These Cookies are essential to provide you with services available through our website and to enable you to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that you have asked for cannot be provided, and we only use these Cookies to provide You with those services.
• Cookies Policy / Notice Acceptance Cookies
  • Type: Persistent Cookies
  • Administered by: Us
  • Purpose: These Cookies identify if users have accepted the use of cookies on our website.
• Functionality Cookies
  • Type: Persistent Cookies
  • Administered by: Us
  • Purpose: These Cookies allow us to remember choices you make when you use our website, such as remembering your login details or language preference. The purpose of these Cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you use our website.
• Tracking and Performance Cookies
  • Type: Persistent Cookies
  • Administered by: Us, Third-Parties
  • Purpose: These Cookies are used to track information about traffic to our website and the use of our Services. We may also these Cookies to test new pages, features, or new functionality of the Website to see how our users react to them.

You can also manage cookies in your browser (though browsers for mobile devices may not offer this visibility). Some of these technologies may be managed in your device settings or in an app's settings.

Most browsers allow you to manage how cookies are set and used as you're browsing, and to clear cookies and browsing data. Also, your browser may have settings letting you manage cookies on a site-by-site basis. For example, Google Chrome's settings at chrome://settings/cookies allow you to delete existing cookies, allow or block all cookies, and set cookie preferences for websites. Google Chrome also offers Incognito mode, which deletes your browsing history and clears cookies from the Incognito windows on your device after you close all of your Incognito windows.

Universal Opt-out Mechanisms

You may also choose to install Universal Opt-out Mechanisms (UOOMs) on your browser. UOOMs are browser signals that indicate a user's intent to opt-out of some uses of their Personal Data on websites they visit. If our website recognizes that your browser is expressing a UOOM, we will treat it as a request to opt-out of the sharing of your Personal Data and limit the use of your sensitive Personal Data collected by our Services.

In some cases, we may not be able to link the UOOM of your browser to other Personal Data that we have collected from you by other means. To express your intent to opt-out of our processing of Personal Data that we may have collected from you outside of our Services, please see the sections titled "Privacy Rights for Residents of Certain States" and "Privacy Rights for Residents of the EU, UK, Canada, and Other Countries" below.

Do Not Track

Please note that we do not alter our Services' data collection and use practices when we see a Do Not Track signal from your browser.

Information You Directly Provide

We collect information you provide directly to us, which may include Personal Data (as defined below). If you create an account, submit content through our Services, request customer support, submit payment for our paid Services, or otherwise communicate with us on our website, we will collect certain information from you, including your username, email address and any other information you choose to provide.

"Personal Data" is any information that relates to an identified or identifiable individual, including without limitation personal email addresses.

Information We Do Not Collect

We do not collect any sensitive Personal Data from you, including details regarding your race or ethnic origin, political views, religious beliefs, or health status.

Use of Information

We may use Personal Data for the following purposes:

• To provide and maintain our Services, including to monitor the usage of our Services.
• To manage your account as a user of the Service: The Personal Data you provide can give you access to different functionalities of the Service that are available to you as a registered user or be used for verification purposes.
• To contact you: To contact you by email regarding updates or informative communications related to the functionalities, products or Services, including the security updates, when necessary or reasonable for their implementation.
• To provide you with news and general information about the Services.
• To manage your requests: To attend and manage your requests to Us.
• For business transfers: To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by us about our Services is among the assets transferred.
• For payments: We do not directly collect or store your payment information. However, third-party payment processors, such as Stripe, may collect and process Personal Data necessary to complete your payments for our paid Services. For more information, please refer to the Third Party Services section in this Privacy Policy.
• For other purposes: We may use your information for other purposes, such as data analysis, identifying usage trends, and to evaluate and improve our Service, products, services, marketing and your experience.

Sharing of Information

We do not sell, trade, or otherwise share Personal Data with third parties, except as described in the following circumstances or as otherwise described in this policy:

• With service providers: To monitor and analyze the use of our Services or to process payments for our paid Services.
• For business transfers: In connection with, or during negotiations of, any merger, sale of assets, financing, or acquisition of all or a portion of our business to another company.
• With Your consent: We may disclose your Personal Data for any other purpose with Your consent.

We may also disclose Personal Data if we believe that disclosure is in accordance with, or required by, any applicable law or legal process, including lawful requests by public authorities to meet national security or law enforcement requirements. We will object to legal requests for Personal Data about users of our Services that we believe are improper. We may also disclose your Personal Data if we believe in good faith that such action is necessary to:

• Protect and defend the rights or property of the Company
• Prevent or investigate possible wrongdoing in connection with the Service
• Protect the personal safety of Users of the Service or the public
• Protect against legal liability or fraud

Third Party Services

We may use third party services to maintain and improve our services. For example, queries may be transmitted to OpenAI or Anthropic API in order to serve requests. We may use Google Workspace API to provide specific services to users. We explicitly affirm that Google Workspace APIs are not used to develop, improve, or train generalized AI and/or ML models. Any data accessed through Google Workspace APIs is only used for the specific purposes outlined in this Privacy Policy and in accordance with Google Workspace API User Data and Developer Policy. We do not use this data for building or enhancing AI or machine learning technologies beyond the specific service requested by the user.

We also use Stripe as our third party payment processor for paid Services. Stripe collects and processes Personal Data, including identifying information about the devices that connect to its services. Stripe uses this information to operate and improve the services it provides to us, including for fraud detection and prevention. You can learn more about Stripe and its processing activities via Stripe's privacy policy at https://stripe.com/privacy. We do not have access to your full payment information. No Personal Data is transmitted unless required for continuity of service, for example sending email, or providing customer support.

We may use site monitoring tools to collect anonymized information about usage. We use this information to improve the quality and relevance of our website to our visitors.

Links to Other Websites

Our Services may also contain links to third-party websites. These links are provided solely as a convenience to you and not as an endorsement by us of those websites. We are not responsible for the content of linked third-party websites and make no representations regarding the privacy practices, content, or accuracy of materials on third-party websites.

Security of Information

The security of Personal Data is important to us, but please be advised that no method of transmission or electronic storage is 100% secure. We implement reasonable safeguards to protect the Personal Data that we collect from you. Your data will be stored on Microsoft Azure in accordance with its applicable policies and requirements data storage and retention (accessible here: Privacy in Azure). While we strive to protect Personal Data, we cannot guarantee its absolute security. We also make no independent representations or warranties as to the policies, practices, or procedures of any third party.

Data Retention

We keep personal data associated with your account stored for as long as your account remains active or as needed to provide you with our Services. We store other personal data for as long as necessary to carry out the purposes for which we originally collected it and for other legitimate business purposes, including to meet our legal, regulatory, auditing, fraud prevention, or other compliance obligations.

If you close your account, we will delete your account data from our servers within 30 days. You also have the right to delete or request that we assist in deleting the Personal Data that we have collected about you.

Face Data and Photo Usage

We explicitly state that our app does not retain or process any face data (such as biometric information, facial recognition templates, or facial geometry measurements). While we do store users' uploaded photos to enhance their experience by allowing them to superimpose different outfits on those photos without re-uploading, these photos are:

• Used solely for virtual try-on visualization
• Never processed for facial recognition or biometric data extraction
• Stored securely and accessible only to the user's own account
• Retained only to facilitate the clothing visualization service

This storage of photos is distinctly different from face data retention, as we do not extract, analyze, or store any biometric identifiers or facial recognition information from these images. The photos are maintained in their original form purely for the convenience of our virtual try-on service, with no facial analysis or biometric data processing performed or retained.

Children's Privacy

Our Services are not intended for use by children. We do not knowingly collect Personal Data from anyone under 18 years of age. If you are under 18, please do not submit any Personal Data on our websites or through our Services.

Privacy Rights For Residents Of Certain States

This section contains additional information relevant to residents of certain states (listed below). This section is part of, and should be read in conjunction with, this entire Privacy Policy. This section also serves as our notice at collection for Personal Data collected online or that you submit by email or phone.

If you are a resident of California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Montana, Minnesota, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah or Virginia, you may have certain rights regarding the use of your Personal Data. This section of the Privacy Policy describes those rights and how you can exercise them. Not all state privacy laws provide equal privacy rights. While we endeavor to respond to all privacy rights requests, we reserve the right to limit our response if we determine that your request is fraudulent or made in bad faith, or if the law does not require it.

The right to notice that Personal Data will be collected:

You have the right to request certain information about our collection and use of Personal Data over the past 12 months. The categories of information that we have collected in the past 12 months are listed below along with the general sources of that information, the purposes for which we collect it, the types of third parties to whom we have disclosed it and our criteria for how long to retain it.

In addition to the processing of Personal Data described above, which may apply to you, some US privacy laws require us to disclose certain details of our data processing activities in the last 12 months. The following chart identifies the categories of Personal Data that we've collected within the last 12 months, the sources of that data, the business or commercial purposes for its collection, the categories of third parties to whom we've disclosed it, and the business or commercial purposes for such disclosure:

Category of Personal Data	Source	Business or commercial purposes for collection	Categories of third parties with which information is disclosed, and Business or commercial purposes for disclosure
Identifiers (your username and email address) and Personal Data categories listed in Cal. Civ. Code § 1798.80(e) (your username, telephone number (for a small number of users who request our "AI Call for Me" function), and payment information as collected by our payment processors)	You	To provide and maintain our Services, including to monitor the usage of our Services, improve or optimize our Services, and keep our Services safe and secure We do not have access to your full payment card information, which is processed only by our third-party service provider Stripe We will only collect telephone numbers for users who have enabled and consented to using our "AI Call for Me" feature To manage your account as a user of the Service or give you access to different functionalities To contact you regarding the Services To manage and respond to your requests To process your payments for the Services	IT service providers – to host and provide our Services, secure our IT systems and prevent fraud, and analyze and improve our Services Payment processors (e.g., Stripe) – to process your payments
Internet or other similar network activity (your interactions with our Services)	You	To provide and maintain our Services, including to monitor the usage of our Services, improve or optimize our Services, and keep our Services safe and secure To manage your account as a user of the Service or give you access to different functionalities	IT service providers – to host and provide our Services, secure our IT systems and prevent fraud, and analyze and improve our Services
Commercial information (reservations made through our "AI Call for Me" Services)	You	Only to support our "AI Call for Me" function when you've enabled it	IT service providers – only to support our "AI Call for Me" function when you've enabled and consented to it
Visual Information (uploaded photos)	You	We store users' uploaded photos to enhance their experience by allowing them to superimpose different outfits on those photos without re-uploading. No analysis or measurements are run on the photos, and no biometric information is extracted or processed from the photos.	IT service providers – to host and provide our Services, secure our IT systems and prevent fraud, and analyze and improve our Services
Audio Information (recordings of calls made by our AI agent to make a reservation)	The reservation provider	When you use our "AI Call For Me" feature, we store recordings of the conversation between our AI agents and the reservation provider (e.g., restaurant) solely for your future reference.	IT service providers – to host and provide our Services, secure our IT systems and prevent fraud, and analyze and improve our Services

For all of the categories listed in this section: we do not use this Personal Data to create profiles on individuals that produce legal or similarly significant effects; we do not sell Personal Data; we retain your Personal Data as described above in the "Data Retention" section; we will delete this information upon request from you, unless one of the purposes described in this Privacy Policy or the law prevents us from doing so; and we do not collect Personal Data or Sensitive Personal Data of individuals under 18.

Your Privacy Rights:

Depending on your state of residence, you may have certain rights that are described below. Please note that not all of these rights will apply to us, because we do not sell or share your Personal Data, use it for targeted advertising, or process your sensitive Personal Data.

• Request to know more about the Personal Data that companies collect, use, and disclose. This includes the right to know:
  • The categories of Personal Data collected about you
  • The categories of sources for Personal Data collected about you
  • The business or commercial purpose for a company collecting and/or sharing or selling that Personal Data
  • The categories of Personal Data shared with or sold to third parties
  • The categories of third parties that a company has shared, or to whom it has sold, that Personal Data (residents of Delaware, Maryland, Minnesota, and Oregon have the right to request a list of such third parties)
  • The specific pieces of Personal Data collected about you
• Request to access your Personal Data, including in a portable format
• Request deletion of your Personal Data
• Request correction of inaccurate Personal Data
• Opt-out of the sale or sharing of Personal Data for targeted or cross-context behavioral advertising, or limit the use of Sensitive Personal Data (described below), and
• Not be discriminated against for exercising these rights.

Pursuant to state privacy laws, we may deny your request, in whole or in part, including to comply with federal, state or local laws or prevent disclosure of information that we are otherwise legally prohibited from disclosing. If we deny your request, we will inform you of the basis for such denial.

You have the right to direct companies not to sell your Personal Data and to opt-out from a company sharing your Personal Data for targeted or cross-context behavioral advertising. Please note that we do not sell or share your Personal Data, use it for targeted advertising, or process your sensitive Personal Data.

Exercising your state privacy rights:

If you are a resident of California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Montana, Minnesota, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah or Virginia, and would like to make a request pursuant to any of the rights described in this section, you may do so by emailing us at [email protected], Attn: Privacy Officer.

To protect your Personal Data, we are required to verify that any person making a request under this section is in fact you or your authorized agent. To verify the identity of the person making a request, we may ask you to provide the following information: your email address and username or order history. We will use this information only for the purposes of verifying that your request is authentic.

If you are requesting to know the categories of Personal Data collected, we may require two data points to be provided by you that match two of the data points that we maintain.

Your Personal Data will be deleted when you close your account. Once we receive your request, we will respond within 10 business days and inform you if we need any more information to verify your request. We will provide the information you requested within 45 days of your request. If we require more than 45 days to respond to your request, we will inform you of the reasons why.

Exercising privacy rights as the resident's authorized agent:

If you are a consumer and you would like to authorize an agent to submit requests on your behalf, to exercise your rights under the state privacy laws listed herein, please designate your authorized agent by emailing us at [email protected], Attn: Privacy Officer.

When possible, we will compare the identifying information you provide with the Personal Data we already have in our systems. Generally, we will refrain from requesting additional information for verification purposes. Only when we cannot verify your identity or residency based on the information in our possession will we seek additional information from you. The supplementary Personal Data collected will be used solely for the accurate verification of your identity to facilitate the exercise of your privacy rights, and to prevent fraud.

Your right to appeal our response to your privacy rights requests:

Residents of Colorado, Connecticut, Indiana, Kentucky, Minnesota, Montana, New Jersey, Oregon, Texas, and Virginia have the right to appeal our decisions in response to your privacy rights requests. To initiate an internal appeal, please contact us at the email address listed above. We will respond to your request for an internal appeal within 45 days, but we may take up to 60 additional days for good cause. If you are unhappy with the results of your appeal, you may contact your state attorney general.

Privacy Rights For Residents Of The EU, UK, Canada And Other Countries

This section contains additional information relevant to residents of the European Economic Area (including EU Member States), the United Kingdom, Canada, and certain other countries, which have their own data privacy laws, regulations and associated rights. The content in this section is part of, and should be read in conjunction with, the rest of our Privacy Policy.

The ways in which we process your Personal Data may vary based on our relationship with you. Please see the sections above titled "How We Use Your Personal Data" and "Privacy Rights for Residents of Certain States" for a description of the ways that we process your Personal Data and how long we retain it, based on the types of interactions you have with us.

The legal bases for which we may process your Personal Data include:

• The performance of any contractual relationship we have with you
• Where it is necessary for compliance with our legal obligations
• Where you have provided your consent to certain types of processing
• Where it is in our legitimate interests or the legitimate interests of our partners, affiliates, clients, and service providers (provided these are not overridden by your interests and fundamental rights and freedoms), such as:
  • To provide our Services
  • To provide an efficient and personalized customer experience
  • To respond to your requests and inquiries
  • To administer our business, prevent and detect fraud or security threats, and ensure proper functioning of the Services
  • To comply with applicable laws, regulations or ethical obligations

We use administrative, technical and physical safeguards to protect Personal Data from unauthorized access or disclosure. However, while we strive to protect your Personal Data and privacy, no data transmission or storage is 100% safe. We do not retain Personal Data for longer than reasonably necessary to fulfill the business purpose(s) for which it was collected, with some exceptions (e.g., for security purposes or complying with our legal obligations).

When we collect Personal Data from you, we will only process it as needed for the fulfilment of the purposes set out in this Privacy Policy. We will use your Personal Data for the purpose(s) for which we collected it, and for reasons compatible with the original purpose(s). If you wish to get an explanation as to how the processing for further purposes is compatible with the original purpose, please contact us by email at [email protected], Attn: Privacy Officer. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain our purpose and the legal basis which allows us to do so.

Note to Canada residents: the only legal basis that we rely upon to process your Personal Data is your implied or express consent, except where permitted or required by law. Therefore, we will only collect, use and disclose your Personal Data based on your consent to the purposes identified in this Privacy Policy (or any other purpose that we have identified to you).

Transferring Data Abroad

Your Personal Data may be stored and processed in the United States, which may have different data protection and data processing laws than those in your country. By submitting your Personal Data, you agree to this transfer, storing, and processing in the United States. Our internal policies require all of our offices to comply with this Privacy Policy and ensure a level of protection for Personal Data at least as protective as that mandated by the European Economic Area. Any such transfer shall take place only in accordance with and as permitted by the law of your jurisdiction. In all cases, we shall apply the provisions of this Privacy Policy to your Personal Data wherever it is located.

Your Rights

Residents of the EU, UK, Canada, and certain other countries have the right to receive or reasonably access the Personal Data that we process, request a portable copy of that information, and the ability to review, correct, delete, restrict, or object to the processing of such information. You may also have the right to withdraw your consent to our processing of your Personal Data at any time by using the contact information at the bottom of this section.

All of these rights are subject to certain conditions and exceptions. Although we make good faith efforts to provide individuals with access to their Personal Data, there may be circumstances in which we are unable to provide access, including but not limited to when it would compromise others' privacy or other legitimate rights, when the burden or expense of providing access would be disproportionate to the risks to the individual's privacy, or when the information is commercially proprietary. If we determine that access should be restricted in any particular instance, we will endeavor to provide you with an explanation of why that determination has been made and a contact point for any further inquiries. To protect your privacy, we will take commercially reasonable steps to verify your identity before granting access to or making any changes to your Personal Data.

If you would like to exercise your privacy rights, please let us know by email at the address below.

Residents of the European Economic Area and the United Kingdom may report privacy complaints directly to their local data protection authorities. See https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm for more information. You may also contact us to be directed to the relevant authorities for your jurisdiction.

Contact Us

If you have any questions about this Policy, please contact us at [email protected].