Privacy Policy

1. INTRODUCTION

1.1 About This Policy

This Privacy Policy describes how CouplyAI Limited ("CouplyAI," "we," "our," or "us") collects, uses, processes, stores, shares, and protects your personal information when you use our AI-powered image generation and editing service accessible through our website, mobile applications, and related services (collectively, the "Service").

1.2 Our Commitment

CouplyAI Limited is a company incorporated in London, United Kingdom. We are committed to protecting your privacy and maintaining the highest standards of data protection in accordance with:

• The UK Data Protection Act 2018
• The General Data Protection Regulation (GDPR)
• The Privacy and Electronic Communications Regulations 2003
• Other applicable privacy and data protection laws

1.3 Controller Information

CouplyAI Limited acts as the data controller for the personal information we collect and process. Our data protection responsibilities and your rights are detailed throughout this policy.

1.4 Scope

This policy applies to all users of our Service, including registered users, visitors to our website, and anyone who interacts with our AI image generation technology.

2. INFORMATION WE COLLECT

2.1 Personal Information You Directly Provide

2.1.1 Account Registration Data

• Full name and display name
• Email address and password
• Date of birth (for age verification)
• Country/region of residence
• Phone number (optional)
• Profile picture and bio (optional)
• Communication preferences

2.1.2 Image Content and Uploads

• Original images you upload for AI processing
• Metadata associated with uploaded images (EXIF data, file properties)
• Image modification requests and parameters
• Generated image outputs and variations
• Image titles, descriptions, and tags you provide
• Sharing preferences and privacy settings for your content

2.1.3 Payment and Billing Information

• Credit card or payment method details (processed by secure third-party providers)
• Billing address and contact information
• Transaction history and purchase records
• Subscription preferences and billing cycles
• Refund requests and related communications

3. HOW WE USE YOUR INFORMATION

3.1 Service Provision and Core Functionality

We use your personal information to:

• Create, maintain, and manage your user account
• Authenticate your identity and ensure account security
• Process and store your uploaded images securely
• Apply AI algorithms and machine learning models to generate new images
• Provide real-time processing status and progress updates
• Enable image editing, filtering, and enhancement features
• Facilitate image sharing and collaboration features
• Deliver personalized user experiences and recommendations
• Maintain service functionality and optimal performance

3.2 Legal Basis for Processing (GDPR Compliance)

3.2.1 Consent (Article 6(1)(a) GDPR)

• Processing uploaded images for AI generation and editing
• Marketing communications and promotional content
• Non-essential cookies and tracking technologies
• Participation in research studies and surveys
• Sharing content publicly or with third parties

3.2.2 Contract Performance (Article 6(1)(b) GDPR)

• Account creation and management
• Service delivery and core functionality
• Payment processing and billing
• Customer support and technical assistance
• Feature access and usage tracking

4. DATA STORAGE AND SECURITY

4.1 Data Storage Locations

• User accounts and authentication data: Firebase (Google Cloud Platform - multiple regions)
• Uploaded images and generated content: Google Cloud Storage (EU and US regions)
• Application data and metadata: Google Cloud Firestore (EU regions)
• Analytics and usage data: Google Analytics (global infrastructure)
• AI processing data: Replicate infrastructure (US and EU regions)

4.2 Security Measures

We implement appropriate technical and organizational measures to protect your personal data, including:

• End-to-end encryption for data in transit using TLS 1.3
• AES-256 encryption for data at rest in all storage systems
• Multi-factor authentication for administrative access
• Role-based access controls and principle of least privilege
• Regular security vulnerability scanning and penetration testing
• Intrusion detection and prevention systems
• Automated security monitoring and alerting

5. YOUR RIGHTS AND CHOICES

Under GDPR and UK data protection law, you have the right to:

• Access your personal data - Request confirmation of whether we process your personal data
• Rectify inaccurate data - Correct inaccurate or incomplete personal data
• Erase your data ("right to be forgotten") - Request deletion of your personal data in specific circumstances
• Restrict processing - Limit how we use your personal data in specific situations
• Data portability - Receive your personal data in a structured, commonly used format
• Object to processing - Object to processing based on legitimate interests or for marketing purposes
• Withdraw consent - Withdraw consent at any time where processing is based on consent

To exercise these rights, contact us at privacy@couplyai.com

6. COOKIES AND TRACKING

We use cookies and similar technologies for:

• Authentication and account management
• Analytics and performance monitoring
• Service functionality and user preferences
• Marketing and advertising (with consent)

You can control cookies through your browser settings. For more detailed information, please see our Cookie Policy.

7. DATA RETENTION

We retain your data for as long as necessary to provide our Service:

• Account data: Until account deletion
• Uploaded images: Until you delete them or close your account
• Generated images: Until you delete them or close your account
• Analytics data: Up to 26 months (Google Analytics standard)
• Payment records: 7 years (UK tax and accounting requirements)
• Legal compliance: As required by applicable law

8. INTERNATIONAL DATA TRANSFERS

Your data may be transferred to and processed in countries outside the UK/EU. We ensure appropriate safeguards are in place, including:

• Adequacy decisions from UK/EU authorities
• Standard contractual clauses
• Certification schemes and codes of conduct
• Technical safeguards including encryption and pseudonymization

9. CHILDREN'S PRIVACY

Our Service is not intended for children under 16. We do not knowingly collect personal information from children under 16. If you are under 16, please do not use our Service or provide any personal information.

10. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Email notification to registered users
• Prominent notice on our website
• In-app notifications

11. CONTACT US

If you have questions about this Privacy Policy or our data practices, please contact us:

For complaints about our data processing, you can contact the UK Information Commissioner's Office (ICO) at ico.org.uk.