Privacy Policy

1.1 Account Information

When you create a Nekkewa account, we collect:

• Email address
• Display name
• Profile photo (optional)
• Authentication credentials (or social login tokens)
• Account preferences and settings

1.2 Content You Provide

We collect images and content you upload to use our AI virtual try-on service:

• Clothing item photos you upload for virtual try-on
• Model photos (your photos or selected presets)
• Custom prompts and style preferences
• AI-generated outfit images
• Saved wardrobe items and favorites

1.3 Payment Information

For subscription and credit purchases:

• Billing information (processed securely through Stripe)
• Subscription plan details
• Purchase history and transaction records
• Credit usage and remaining balance

Note: We do not store your complete credit card information. All payment processing is handled securely by our PCI-compliant payment processor, Stripe.

1.4 Usage Data

We automatically collect certain information about your use of Nekkewa:

• Device information (type, OS version, unique identifiers)
• App usage patterns and feature interactions
• Generation history and preferences
• Crash reports and performance metrics
• IP address and general location (country/region)

1.5 Cookies and Similar Technologies

Our web integration and marketing website use:

• Essential cookies for authentication and session management
• Analytics cookies to understand user behavior (Firebase Analytics)
• Performance cookies to improve service quality
• Preference cookies to remember your settings

2.1 Provide and Improve Services

• Generate AI-powered virtual try-on images using Google Gemini API
• Manage your account, subscriptions, and credits
• Process payments and billing
• Provide customer support and respond to inquiries
• Improve AI generation quality and app performance
• Develop new features based on usage patterns

2.2 Communication

• Send service updates and important notifications
• Notify you about subscription renewals and billing
• Provide customer support responses
• Send promotional communications (with your consent)
• Conduct surveys and gather feedback

2.3 Security and Compliance

• Detect and prevent fraud, abuse, and security incidents
• Enforce our Terms of Service and policies
• Comply with legal obligations and requests
• Protect the rights and safety of our users and the public

2.4 Analytics and Research

• Analyze usage trends and user behavior (anonymized data)
• Measure the effectiveness of features and campaigns
• Conduct research to improve AI technology
• Generate aggregated statistics and reports

3.2 Image Retention and Storage

• Free Plan Users: Generated images are stored for 30 days, then automatically deleted
• Paid Plan Users: Images are stored while your subscription is active
• Uploaded Photos: Original uploads are stored securely and only accessible by you
• Deleted Content: When you delete images, they are removed from our systems within 30 days

3.3 Third-Party AI Processing

By using Nekkewa, you acknowledge that your images will be processed by:

• Google Gemini API: For AI image generation (subject to Google's privacy policies)
• Firebase/GCP: For storage, authentication, and database services
• Cloudflare CDN: For fast content delivery worldwide

These providers may process data in various locations globally but are bound by strict data protection agreements.

3.4 Content Ownership and Rights

• You retain ownership of all photos you upload to Nekkewa
• AI-generated images are owned by you for personal use
• We retain a limited license to store and display your content as needed to provide the service
• You grant us permission to use anonymized/aggregated data for service improvement

4.1 Service Providers

We share data with trusted third parties who help us operate Nekkewa:

• Google Cloud Platform: Hosting, storage, database, and AI services
• Stripe: Payment processing and subscription management
• Firebase: Authentication, analytics, and app services
• Cloudflare: CDN and performance optimization

4.2 E-commerce Integration Partners

When you use Nekkewa through our Web Integration SDK on e-commerce websites:

• The website owner can track usage for billing purposes
• We share aggregated analytics (no personal data) with integrated websites
• Your personal account data remains private to Nekkewa

4.3 Legal Requirements

We may disclose your information when required by law:

• To comply with legal obligations, court orders, or government requests
• To protect our rights, property, or safety, and that of our users
• To investigate fraud, security issues, or policy violations
• In connection with a merger, acquisition, or sale of assets

5.1 Security Measures

We implement industry-standard security measures:

• Encryption: All data transmitted is encrypted using HTTPS/TLS
• Secure Storage: Data at rest is encrypted in Google Cloud Storage
• Authentication: Secure JWT tokens with refresh mechanisms
• Access Control: Role-based access with least privilege principle
• Regular Audits: Security assessments and vulnerability scanning
• Monitoring: 24/7 system monitoring and incident response

5.2 Your Security Responsibilities

• Keep your account password secure and confidential
• Enable biometric authentication when available
• Report any suspicious activity immediately
• Log out from shared devices
• Keep your app updated to the latest version

6.1 Access and Control

You have the right to:

• Access: Request a copy of all personal data we hold about you
• Rectify: Correct inaccurate or incomplete information
• Delete: Request deletion of your account and associated data
• Export: Download your data in a portable format
• Restrict: Limit how we process your data
• Object: Opt-out of certain data processing activities

6.2 Marketing Communications

You can control marketing communications:

• Unsubscribe from promotional emails using the link in any email
• Adjust notification preferences in app settings
• Opt-out of analytics tracking (note: may affect app functionality)

6.3 How to Exercise Your Rights

To exercise any of these rights, you can:

• Use the in-app privacy settings and account management
• Email us at: developer@experiatech.com
• We will respond to verified requests within 30 days

7.1 European Union (GDPR)

If you are in the EU/EEA, you have additional rights under GDPR:

• Right to data portability
• Right to lodge a complaint with your local data protection authority
• Right to withdraw consent at any time
• We process your data based on consent, contract performance, or legitimate interests

7.2 Canada (PIPEDA)

As a Canadian company, we comply with PIPEDA:

• We obtain meaningful consent for data collection and use
• We limit collection to what is necessary
• You can file a complaint with the Privacy Commissioner of Canada

7.3 California (CCPA)

California residents have specific rights:

• Right to know what personal information is collected
• Right to request deletion
• Right to opt-out of sale (we don't sell personal information)
• Right to non-discrimination for exercising privacy rights