Privacy Policy

Last Updated: December 17, 2024

1. INTRODUCTION

This Privacy Policy explains how Individual Entrepreneur (“we”, “us”, “our”, or “Service Provider”) collects, uses, discloses, and protects your personal information when you use Paleye (“Service”, “Platform”).

Contact: administrator@paleye.art

We are committed to protecting your privacy and complying with applicable data protection laws, including:

• General Data Protection Regulation (GDPR) – European Union
• UK Data Protection Act 2018 – United Kingdom
• California Consumer Privacy Act (CCPA) – United States
• Other applicable privacy regulations

2. INFORMATION WE COLLECT

2.1 Information You Provide

Account Information

• Email address (via Google OAuth2)
• Google user ID
• Display name (from Google profile)

User-Generated Content

• Design preferences and selections
• Images uploaded for consultation
• Chat messages and consultation history
• Feedback and support communications

Payment Information

• Processed by Paddle.com (third-party payment processor)
• We do NOT store credit card numbers or payment credentials
• We receive transaction confirmations and order IDs only

2.2 Information Automatically Collected

Usage Data

• Search queries and results
• Services used and inks spent
• Session duration and interaction patterns
• Feature usage statistics

Technical Data

• IP address (for security and fraud prevention)
• Browser type and version
• Device information
• Operating system
• Referring URLs
• Access times and dates

Cookies and Similar Technologies

• Session cookies (essential for service functionality)
• Authentication tokens
• Preference settings
• Analytics cookies (with consent where required)

2.3 Information from Third Parties

Google OAuth2

• Email address
• Profile information
• User ID

Paddle.com (Payment Processor)

• Transaction status
• Order information
• Payment confirmation

3. HOW WE USE YOUR INFORMATION

3.1 Service Delivery

• Provide and maintain the Service
• Process your requests and transactions
• Deliver AI-powered design consultations
• Generate mood boards and specifications
• Manage your account and inks balance

3.2 Communication

• Send service-related notifications
• Respond to your inquiries and support requests
• Send welcome emails to new users
• Notify you of account changes or deletions
• Provide transaction confirmations

3.3 Improvement and Analytics

• Analyze usage patterns to improve the Service
• Develop new features and services
• Conduct research and analytics
• Monitor service performance and reliability

3.4 Security and Fraud Prevention

• Detect and prevent fraud and abuse
• Verify user identity
• Protect against security threats
• Enforce our Terms of Service
• Comply with legal obligations

3.5 Legal Compliance

• Comply with applicable laws and regulations
• Respond to legal requests and court orders
• Protect our rights and property
• Resolve disputes

4. LEGAL BASIS FOR PROCESSING (GDPR)

For users in the European Union and UK, we process your data based on:

Contract Performance (Article 6(1)(b) GDPR)

• Providing the Service you requested
• Processing transactions
• Managing your account

Legitimate Interests (Article 6(1)(f) GDPR)

• Improving the Service
• Security and fraud prevention
• Analytics and research
• Marketing (with opt-out option)

Legal Obligation (Article 6(1)(c) GDPR)

• Compliance with tax and accounting laws
• Responding to legal requests
• Maintaining transaction records

Consent (Article 6(1)(a) GDPR)

• Optional marketing communications
• Non-essential cookies
• Special categories of data (if applicable)

You may withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

5. DATA SHARING AND DISCLOSURE

5.1 Third-Party Service Providers

Paddle.com Market Ltd. (Payment Processing)

• Purpose: Process inks purchases
• Data Shared: Email, transaction details
• Location: United States
• Privacy Policy: https://www.paddle.com/legal/privacy

Google Cloud Platform (Infrastructure)

• Purpose: Hosting, storage, AI services
• Data Shared: All service data
• Location: Europe (europe-central2)
• Privacy Policy: https://cloud.google.com/privacy

Google OAuth2 (Authentication)

• Purpose: User authentication
• Data Shared: Authentication requests
• Privacy Policy: https://policies.google.com/privacy

Google Analytics (Analytics and Usage Tracking)

• Purpose: Analyze website and application usage, improve performance and user experience
• Data Shared: Usage data, device information, anonymized IP address
• Location: Europe (EU data processing enabled)
• Privacy Policy: https://policies.google.com/privacy
• Safeguards: IP anonymization enabled, consent-based tracking

5.2 Legal Requirements

We may disclose your information if required to:

• Comply with legal obligations
• Respond to lawful requests from authorities
• Protect our rights and property
• Prevent fraud or security threats
• Protect user safety

5.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information is transferred and becomes subject to a different privacy policy.

5.4 With Your Consent

We may share information for other purposes with your explicit consent.

6. DATA RETENTION

6.1 Active Accounts

• Account data: Retained while your account is active
• Chat history: Retained for service improvement (anonymized after 90 days)
• Transaction records: Retained for 7 years (legal requirement)

6.2 Deleted Accounts

• Personal data: Deleted within 30 days of account closure
• Transaction records: Retained for legal compliance (anonymized)
• Audit logs: Retained for 90 days

6.3 Legal Holds

Data may be retained longer if required by law or for legal proceedings.

7. YOUR RIGHTS

7.1 Rights Under GDPR (EU/UK Users)

Right to Access (Article 15)

• Request a copy of your personal data
• Receive information about how we process your data

Right to Rectification (Article 16)

• Correct inaccurate personal data
• Complete incomplete data

Right to Erasure (Article 17 – “Right to be Forgotten”)

• Request deletion of your personal data
• Subject to legal retention requirements

Right to Restriction (Article 18)

• Limit how we use your data
• While we verify accuracy or process your objection

Right to Data Portability (Article 20)

• Receive your data in a structured, machine-readable format
• Transfer data to another service provider

Right to Object (Article 21)

• Object to processing based on legitimate interests
• Object to direct marketing at any time

Right to Withdraw Consent (Article 7)

• Withdraw consent for consent-based processing
• Does not affect prior lawful processing

Right to Lodge a Complaint

• File a complaint with your data protection authority
• EU: https://edpb.europa.eu/about-edpb/board/members_en
• UK: Information Commissioner’s Office (ICO)

7.2 Rights Under CCPA (California Users)

Right to Know

• Categories of personal information collected
• Sources of information
• Business purposes for collection
• Third parties with whom we share data

Right to Delete

• Request deletion of personal information
• Subject to legal exceptions

Right to Opt-Out

• We do not sell personal information
• No opt-out required for sales

Right to Non-Discrimination

• Equal service regardless of privacy rights exercise

7.3 Exercising Your Rights

To exercise your rights, contact us at: administrator@paleye.art

Include in your request:

• Your full name and email address
• Specific right you wish to exercise
• Details to help us locate your data

We will respond within:

• 30 days (GDPR)
• 45 days (CCPA)
• Extensions may apply for complex requests

8. DATA SECURITY

8.1 Security Measures

• Encryption in transit (HTTPS/TLS)
• Encryption at rest for sensitive data
• Secure authentication (OAuth2 with PKCE)
• Regular security audits
• Access controls and authentication
• Monitoring and logging
• Secure cloud infrastructure (Google Cloud)

8.2 Payment Security

• PCI DSS compliant payment processing (via Paddle.com)
• We do not store payment card information
• Tokenized payment processing

8.3 Limitations

No method of transmission or storage is 100% secure. While we implement industry-standard security measures, we cannot guarantee absolute security.

9. INTERNATIONAL DATA TRANSFERS

9.1 Data Location

• Primary data storage: European Union (europe-central2)
• Backup storage: European Union
• Some service providers may be located outside the EU/UK

9.2 Transfer Safeguards

For transfers outside the EU/UK, we use:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions by the European Commission
• Other approved transfer mechanisms

9.3 Your Rights

You have the right to obtain information about safeguards for international transfers.

10. CHILDREN’S PRIVACY

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children.

If we learn we have collected information from a child under 18:

• We will delete the information promptly
• We will terminate the account
• We will notify the parent/guardian if possible

If you believe we have collected information from a child, contact us immediately at administrator@paleye.art.

11. COOKIES AND TRACKING

11.1 Types of Cookies

Essential Cookies (Required)

• Session management
• Authentication
• Security features
• Cannot be disabled

Analytics Cookies (Optional)

• Usage statistics
• Performance monitoring
• Service improvement
• Can be disabled

Preference Cookies (Optional)

• User settings
• Language preferences
• Can be disabled

11.2 Cookie Management

• Browser settings: Configure cookie preferences
• Opt-out: Disable non-essential cookies
• Third-party cookies: Managed by respective providers

11.3 Do Not Track

We currently do not respond to Do Not Track (DNT) signals, as there is no industry standard for DNT compliance.

12. THIRD-PARTY LINKS

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

13. AUTOMATED DECISION-MAKING

13.1 AI-Generated Content

• We use AI to generate design recommendations
• AI decisions are not legally binding
• You have the right to human review of AI outputs
• You can contest AI-generated results

13.2 No Profiling for Legal Effects

We do not use automated decision-making that produces legal effects or similarly significant effects on you.

14. DATA BREACH NOTIFICATION

In the event of a data breach affecting your personal information:

• We will notify you within 72 hours (GDPR requirement)
• We will notify relevant authorities as required
• We will provide information about the breach and remedial actions
• We will take steps to mitigate harm

15. CALIFORNIA PRIVACY RIGHTS

15.1 Shine the Light Law

California residents may request information about disclosure of personal information to third parties for direct marketing purposes.

15.2 CCPA Rights

See Section 7.2 for detailed CCPA rights.

15.3 Minors

We do not sell personal information of users under 18.

16. NEVADA PRIVACY RIGHTS

Nevada residents may opt out of the sale of personal information. We do not sell personal information as defined by Nevada law.

17. CHANGES TO THIS PRIVACY POLICY

17.1 Updates

• We may update this Privacy Policy periodically
• Material changes will be notified via email or Service notification
• Continued use after changes constitutes acceptance
• Previous versions available upon request

17.2 Notification

• Email notification for material changes
• In-app notification
• Updated “Last Updated” date at the top of this policy

18. CONTACT INFORMATION

18.1 Privacy Inquiries

For questions about this Privacy Policy or our privacy practices:

Email: administrator@paleye.art
Service Provider: Individual Entrepreneur
Response Time: Within 48 business hours

18.2 Data Protection

For GDPR-related inquiries, contact us at: administrator@paleye.art

18.3 Supervisory Authority

EU/UK users may contact their local data protection authority:

• EU: https://edpb.europa.eu/about-edpb/board/members_en
• UK: Information Commissioner’s Office (ICO) – https://ico.org.uk

19. SPECIFIC JURISDICTIONS

19.1 European Union Users

• GDPR applies to your data processing
• Data protection rights as outlined in Section 7.1
• Right to lodge complaints with supervisory authority
• Standard Contractual Clauses for international transfers

19.2 United Kingdom Users

• UK GDPR and Data Protection Act 2018 apply
• Rights equivalent to EU GDPR
• ICO is your supervisory authority

19.3 United States Users

• State-specific laws may apply (CCPA, CPRA, etc.)
• Federal laws apply (CAN-SPAM, COPPA, etc.)
• Rights vary by state

19.4 Other Jurisdictions

• Local privacy laws may provide additional rights
• Contact us for jurisdiction-specific information

20. ACCESSIBILITY

We are committed to making this Privacy Policy accessible to all users. If you need this policy in an alternative format, contact us at administrator@paleye.art.

21. LANGUAGE

This Privacy Policy is provided in English. Translations may be available, but the English version governs in case of conflicts.

---

Version: 1.0
Effective Date: December 17, 2024
Last Updated: December 17, 2024

BY USING THE SERVICE, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY.