NewEyes — Privacy Policy

Effective Date: May 6, 2026

Last Updated: May 6, 2026

Introduction

This Privacy Policy ("Policy") describes how Collov Labs ("Collov," "Company," "we," "us," or "our") collects, uses, stores, shares, and protects your personal information when you use the NewEyes mobile application, website, APIs, and related services (collectively, the "Service").

NewEyes is a visual AI application that processes images and camera data using artificial intelligence. Because of the inherently sensitive nature of visual data, we take your privacy extremely seriously and have designed this Policy to be transparent about our data practices.

By accessing or using the Service, you acknowledge that you have read, understood, and agree to this Privacy Policy. If you do not agree, please do not use the Service.

NewEyes sends certain data to third-party AI service providers to deliver its core features. Before any data is shared for the first time, the app will ask for your explicit consent. Here is exactly what is shared:

What We Send	Who Receives It	Purpose	Retention by Provider
Visual Inputs (photos you capture or upload)	Anthropic (Claude)	AI reasoning & visual analysis	≤ 30 days (abuse monitoring)
Visual Inputs, text prompts	Google (Gemini)	Multimodal analysis & understanding	Per enterprise DPA
Text prompts, generation parameters	OpenAI (GPT, DALL-E)	Image generation & text analysis	≤ 30 days (abuse monitoring)
Text prompts	ElevenLabs	Voice synthesis	Per-request, not retained
Text prompts, reference descriptions	Runway / Kling / Sora	Video generation	Per provider policy
Text prompts	Suno / Udio	Music generation	Per provider policy
Text prompts, reference descriptions	Meshy / Tripo3D	3D model generation	Per provider policy

What We Do NOT Send to Third Parties

❌ Your name, email, or account credentials
❌ Your contacts, calendar, or messages
❌ GPS location or precise geolocation
❌ Biometric data of any kind

All third-party providers are contractually prohibited from using your data to train their general-purpose AI models. See Section 8 for full provider-specific disclosures and links to their privacy policies.

In-App Consent

Before your data is shared with any third-party AI provider for the first time, the NewEyes app will present you with a clear disclosure of: (a) what data will be sent, (b) which providers will receive it, and (c) how your data is protected. You must provide your affirmative consent before any data sharing occurs. You may revoke this consent at any time in Settings → Privacy → Third-Party AI Data.

Definitions
Information We Collect
How We Collect Information
How We Use Your Information
Visual Data — Special Considerations
AI Model Training and Improvement
How We Share Your Information
Third-Party AI Model Providers
Data Retention
Data Security
International Data Transfers
Your Rights and Choices
California Residents — CCPA/CPRA
European Economic Area, United Kingdom, and Switzerland — GDPR
Biometric Data — US State Laws (BIPA, CUBI, etc.)
Children's Privacy
Cookies, Tracking, and Analytics
Do Not Track Signals
Links to Third-Party Services
Changes to This Privacy Policy
Data Protection Officer
Contact Information

1. Definitions

For the purposes of this Policy:

"Visual Inputs" means any images, photographs, video frames, live camera feeds, screenshots, or other visual media that you capture with your device camera, upload from your photo library, or otherwise submit to the Service.
"Outputs" means any text, recommendations, analysis, structured data cards, images, shopping lists, recipes, color palettes, maps, music suggestions, or other content generated by our AI models in response to your Visual Inputs and prompts.
"Session Data" means the combination of Visual Inputs, text prompts, Outputs, interaction data, timestamps, and metadata associated with a single use session of the Service.
"Personal Data" / "Personal Information" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household.
"Biometric Data" means data generated from the measurement or analysis of human body characteristics, such as facial geometry, fingerprints, voiceprints, iris or retina scans, or gait patterns, used for identification purposes.
"Processing" means any operation performed on Personal Data, including collection, recording, organization, storage, adaptation, retrieval, use, disclosure, combination, erasure, or destruction.
"De-identified Data" means data that has been modified so that it cannot reasonably be used to identify, relate to, describe, or be linked to a particular individual.
"Aggregated Data" means data combined from multiple users such that individual users cannot be identified.

2. Information We Collect

We collect the following categories of information:

2.1 Information You Provide Directly

Category	Examples	Purpose
Account Information	Name, email address, username, password (hashed), profile photo	Account creation and authentication
Visual Inputs	Photos captured via camera, images uploaded from gallery, live camera frames	AI analysis and output generation
Text Inputs	Messages, prompts, questions, and instructions you type in sessions	AI processing and response generation
Feedback	Bug reports, feature requests, ratings, survey responses, support tickets	Service improvement
Credit Information	Credit balance, credit usage history, credit grants	Account management
Communication Data	Emails, in-app messages, support chat transcripts	Customer support
Preferences and Settings	Language, model selection (Standard/Advanced), notification preferences, privacy settings, memory opt-in/out	Personalization

2.2 Information We Collect Automatically

Category	Examples	Purpose
Device Information	Device model, operating system and version, unique device identifiers (IDFV, Android ID), screen resolution, processor type, available memory	Compatibility, performance optimization, analytics
Camera and Sensor Data	Camera model, resolution, orientation, zoom level, flash status, focal length (we do not collect raw sensor data beyond what is captured in your Visual Inputs)	Image quality optimization
Usage Data	Features used, session frequency and duration, number of camera captures, number of uploads, model tier used (Standard/Advanced), skills activated, cards viewed, buttons tapped, time spent per screen	Analytics, product improvement
Log Data	IP address, browser type (for web access), access times, referring URLs, error logs, crash reports	Debugging, security, abuse prevention
Network Information	Connection type (Wi-Fi, cellular), carrier name, network speed	Performance optimization
Location Data	Approximate location based on IP address. We do not collect precise GPS location unless you explicitly grant location permission for location-aware features.	Regional content, compliance
Credit Status	Current credit balance, credit usage history, credit grant events	Account management

2.3 Information from Third Parties

Source	Information	Purpose
App Store Providers (Apple/Google)	Authentication verification, account linking	Account management
Authentication Providers	If you sign in via third-party SSO (e.g., Apple Sign-In, Google Sign-In): name, email, unique identifier. We do not receive your password.	Account creation, authentication
Analytics Providers	Aggregated usage metrics, crash reports, performance data	Service improvement

2.4 Information We Do NOT Collect

We want to be explicit about what we do not collect:

❌ We do not scan, index, or access your entire photo library. We only process photos you explicitly select and upload.
❌ We do not access your camera in the background. The camera is only active when the app is in the foreground and you are on the camera screen.
❌ We do not continuously record or stream audio. Microphone access (if granted) is limited to explicit voice input interactions.
❌ We do not collect precise GPS location by default. Approximate location is derived from IP address only.
❌ We do not read your contacts, calendar, messages, email, or other personal apps.
❌ We do not collect biometric data for identification purposes. See Section 16 for detailed biometric disclosures.
❌ We do not sell your Visual Inputs to third parties.
❌ We do not store your payment card numbers. Payment processing is handled entirely by Apple/Google.

3. How We Collect Information

3.1 Direct Collection

Information you intentionally provide when you create an account, use the camera, upload photos, type messages, adjust settings, or contact support.

3.2 Automatic Collection

Information collected automatically through SDKs, APIs, server logs, and analytics tools embedded in the Service when you interact with it.

3.3 Camera Data Collection

When you use the camera feature:

Camera frames are captured on your device;
Selected frames are transmitted to our servers over encrypted connections (TLS 1.2+);
Our AI models process the frames to generate outputs;
Processed frames may be temporarily cached on our servers for session continuity;
Frames associated with saved sessions are stored on cloud servers (e.g., AWS S3, Google Cloud Storage) in your session history;
Frames not associated with saved sessions are deleted from our servers within 72 hours of session completion.

3.4 Third-Party Collection

Information received from App Store Providers, authentication services, and analytics services.

4. How We Use Your Information

We use the information we collect for the following purposes:

4.1 Providing the Service

Use	Description
AI Processing	Processing your Visual Inputs and text prompts through AI models to generate outputs (analysis, recommendations, cards, etc.)
Session Management	Creating, managing, and providing history for your AI sessions
Memory Feature	Storing and recalling your preferences across sessions (subject to plan limits and your settings)
Personalization	Tailoring responses, recommendations, and experiences based on your preferences and history
Skills Execution	Routing your Visual Inputs to specialized AI skills (interior design, sports analysis, fashion, recipes, etc.)
Account Services	Managing your account, authentication, and preferences
Credits	Managing credit balances and tracking usage

4.2 Improving the Service

Use	Description
Model Training	Using de-identified and/or aggregated Visual Inputs and session data to train, fine-tune, evaluate, and improve our AI models (subject to your opt-in — see Section 6)
Quality Assurance	Reviewing AI outputs to identify and correct errors, biases, safety issues, and quality problems
Analytics	Understanding how users interact with the Service to inform product decisions and improve user experience
A/B Testing	Testing different features, interfaces, models, and configurations to optimize the Service
Research	Conducting internal research on AI safety, fairness, bias mitigation, and capability improvement

4.3 Safety and Security

Use	Description
Abuse Prevention	Detecting, preventing, and responding to fraud, abuse, policy violations, and illegal activity
Content Moderation	Screening Visual Inputs and outputs for prohibited content (CSAM, NCII, violence, etc.) using automated and human review
Security	Protecting the Service, our infrastructure, and our users from security threats
Legal Compliance	Complying with applicable laws, regulations, legal processes, and governmental requests

4.4 Communications

Use	Description
Service Communications	Sending essential notifications about your account, credits, and service status
Product Updates	Informing you about new features, skills, and improvements (you may opt out)
Marketing	Sending promotional communications about the Service (with your consent, where required by law; you may opt out at any time)
Support	Responding to your inquiries, feedback, and support requests

5. Visual Data — Special Considerations

Because NewEyes is a visual AI product, we process inherently sensitive visual data. This section provides detailed transparency about our visual data practices.

5.1 What Happens to Your Photos and Camera Frames

Capture: You take a photo or open the camera — frames are captured on your device.
Transmission: When you initiate a session, selected frames are transmitted to our servers via encrypted connection.
Processing: Our AI pipeline (which may include third-party model providers) processes the visual data.
Output: AI-generated outputs are returned to your device and displayed as session cards.
Storage: If you save a session, the Visual Inputs and outputs are stored in your session history. If you do not save, temporary server caches are purged within 72 hours.

5.2 Incidental Capture of Third-Party Data

When you use the camera, your Visual Inputs may incidentally capture:

Other people's faces, bodies, and personal features;
License plates, addresses, and identifying signage;
Screens, documents, and text visible in the environment;
Private spaces belonging to others.

You are responsible for ensuring you have appropriate consent and legal authority to capture and submit such Visual Inputs. We are not responsible for your compliance with local recording, photography, and privacy laws.

Our AI models may detect and analyze faces in your Visual Inputs for the following purposes:

Scene understanding (e.g., determining if people are present in a room);
Composition analysis (e.g., photo framing suggestions);
Content moderation (e.g., detecting prohibited content such as CSAM).

We do NOT:

Create or store facial recognition templates, embeddings, or faceprints;
Build facial identification or verification databases;
Use facial geometry for biometric identification or authentication;
Match faces across sessions, users, or external databases;
Infer or store demographic information (race, ethnicity, age, gender) from faces for profiling purposes.

Face detection data is processed transiently during the AI processing pipeline and is not retained as a separate data element after output generation is complete.

Proactive Camera Consent: The first time you open the camera within the app, you will be presented with a clear, in-context consent prompt that explains: (a) that our AI may process facial geometry and body data present in your Visual Inputs for the purposes described above, (b) that such processing is transient and does not result in the creation or storage of biometric identifiers, and (c) your right to decline camera-based processing. You must affirmatively accept this prompt before camera features become available. This consent is separate from and in addition to the operating system's camera permission request.

5.4 Image Metadata

Visual Inputs may contain embedded metadata (EXIF data), including:

Camera settings (aperture, shutter speed, ISO);
Date and time of capture;
GPS coordinates (geolocation);
Device make and model;
Orientation and resolution.

We strip GPS and identifying EXIF metadata from Visual Inputs before they are used for model training or shared with third-party AI providers. Metadata may be retained in your personal session history for your own reference.

5.5 Environments and Spaces

If you use NewEyes to analyze interior spaces (e.g., rooms, offices, living spaces):

We process visual representations of your personal spaces;
This may reveal information about your lifestyle, possessions, income level, health conditions, religious beliefs, or personal relationships;
We treat visual data of personal spaces with the same sensitivity as other personal information;
We do not share identifiable images of your personal spaces with third parties for their own purposes.

This section provides a consolidated summary of how NewEyes handles face data across the Service.

What face data we collect: NewEyes does not collect face data as a separate or distinct data category. When you capture photos with the camera or upload images, those Visual Inputs may incidentally contain faces. The complete image is transmitted to our servers for AI processing. We do not extract, isolate, or store facial features, facial geometry, embeddings, faceprints, or any other face-derived data as separate data elements. No facial recognition templates are created.

How we use face data: Faces present in your Visual Inputs may be processed by our AI models solely for the following purposes:

Purpose	Description	Example
Scene Understanding	Determining whether and how many people are present in an image	"This is a living room with two people"
Composition Analysis	Providing photo framing and composition suggestions	Suggesting better crop or framing
Content Moderation	Detecting prohibited content (CSAM, NCII) as required by law	Automated safety screening

We do not use face data for:

Facial identification or verification;
Biometric authentication;
Demographic profiling (race, ethnicity, age, gender);
Emotion or sentiment detection;
Tracking or surveillance;
Building facial recognition databases;
Matching faces across sessions, users, or external databases.

Sharing with third parties: Complete images (which may incidentally contain faces) are transmitted to the following third-party AI providers for processing:

Provider	Purpose	Face Data Use	Training Use	Retention
Anthropic (Claude)	Primary AI reasoning and visual analysis	Transient processing only — no face extraction or storage	Not used for training (API tier)	≤ 30 days for abuse monitoring
Google (Gemini)	Multimodal analysis and understanding	Transient processing only — no face extraction or storage	Not used for training (enterprise agreement)	Per enterprise DPA
OpenAI (GPT, DALL-E)	Image generation and text analysis	Transient processing only — no face extraction or storage	Not used for training (API tier)	≤ 30 days for abuse monitoring

All providers are contractually prohibited from extracting facial data, building face databases, or using our users' data for their own model training. See Section 8 for full provider disclosures and links to their privacy policies.

Storage: Images that may contain faces are stored on Google Cloud Platform (United States) infrastructure only if you choose to save a session. Face data is never extracted or stored separately from the complete image. Unsaved session images are deleted from our servers within 72 hours.

Retention periods for images that may contain faces:

Scenario	Retention Period
Active session (in progress)	Duration of the session
Saved session	Until you delete the session or your account
Unsaved session (server cache)	Purged within 72 hours
Third-party AI provider cache	Up to 30 days (for abuse monitoring only)
AI training datasets (opt-in only)	Indefinite, but faces are blurred or masked before inclusion (see Section 6.2)
After account deletion	Purged within 30 days of deletion request

Related sections: For additional details on face data handling, see also:

Section 5.3 — Facial Data Disclosure and Camera Consent
Section 6.2 — De-Identification Process (face blurring)
Section 8 — Third-Party AI Model Providers
Section 15 — Biometric Data (BIPA/CUBI non-collection statement)

6. AI Model Training and Improvement

6.1 How We Use Your Data for Training

We will use de-identified Visual Inputs, text prompts, and outputs to train, improve, and evaluate our AI models only if you have affirmatively opted in through the in-app privacy settings (Settings → Privacy → Data Usage → "Help Improve NewEyes AI"). Specifically, with your consent, we may use such data to:

Train, fine-tune, and evaluate our proprietary AI models;
Improve the accuracy, safety, and quality of AI outputs;
Develop new features and capabilities;
Conduct AI safety research, including bias detection and mitigation;
Generate evaluation benchmarks and test datasets.

AI training is opt-in, not opt-out. During account creation, you will be presented with a clear, just-in-time notice that explains our AI training practices and provides an easy, immediate choice to opt in or decline. The default setting is off (your data will not be used for training). You can change this setting at any time.

6.2 De-Identification Process

Before using Visual Inputs for training (and only if you have opted in):

Account-level identifiers (user ID, email, name) are removed;
GPS and location metadata is stripped from images;
Faces are blurred or masked in training datasets;
Textual personal information visible in images (e.g., names on documents) is excluded where technically feasible;
Data is aggregated with inputs from many users to prevent re-identification.

You may withdraw your AI training consent at any time. To withdraw:

In-App (immediate effect): Navigate to Settings → Privacy → Data Usage → Toggle off "Help Improve NewEyes AI." This takes effect immediately — no new Visual Inputs or session data submitted after the toggle is turned off will be used for training;
Email: Send a request to cs@collov.com with your account email and the subject "Withdraw Training Consent." Email requests will be processed within 7 business days.

Effect of withdrawal:

We will immediately cease using your new Visual Inputs and session data for training upon receiving your withdrawal;
Withdrawal does not affect the processing of your Visual Inputs necessary to provide the Service (i.e., we still need to process your images to generate outputs);
Data that was already de-identified and incorporated into model training datasets before your withdrawal cannot be retroactively extracted from existing model weights, as it has been transformed into statistical parameters that cannot be disaggregated. However, we commit to: (a) ceasing all further use of your identifiable data for training purposes immediately, (b) taking reasonable steps to exclude your data from future training dataset refreshes and model retraining cycles where technically feasible, and (c) documenting the exclusion for audit and compliance purposes;
Withdrawal does not affect your access to any features or functionality of the Service.

6.4 Third-Party Model Training

We maintain data processing agreements (DPAs) with all third-party AI model providers. Under these agreements:

OpenAI: Does not train on data sent through our API by default (we use the API, not consumer products);
Google (Gemini): Does not use API data for model training under our enterprise agreement;
Anthropic (Claude): Does not train on data sent through our API by default.

We contractually prohibit our third-party AI providers from using your Visual Inputs or session data to train their general-purpose models. However, providers may retain inputs and outputs for a limited period (typically 30 days) for abuse monitoring, safety review, and debugging, in accordance with their published data retention policies.

6.5 Human Review

In limited circumstances, authorized Collov personnel or contractors may review Visual Inputs and outputs for:

Safety review: Investigating flagged content for policy violations;
Quality assurance: Evaluating AI output quality and accuracy;
Bias auditing: Assessing model fairness across demographics;
Bug investigation: Debugging technical issues affecting specific sessions.

All personnel with access to user data are bound by strict confidentiality obligations and undergo privacy and security training. Access is logged, limited to the minimum necessary, and subject to regular audits.

We do not sell your Personal Data. We share your information only in the following circumstances:

7.1 Service Providers and Processors

We share information with third-party service providers who process data on our behalf to help us operate the Service:

Provider Category	Purpose	Data Shared
Cloud Infrastructure (e.g., Google Cloud, AWS)	Hosting, storage, computing	All data types (encrypted at rest and in transit)
AI Model Providers (e.g., OpenAI, Google, Anthropic)	Visual and text AI processing	Visual Inputs, text prompts (processed under DPAs)
Real-Time Infrastructure (e.g., LiveKit)	Camera streaming, real-time communication	Camera frames (encrypted in transit, not retained)
Analytics (e.g., Firebase, Mixpanel)	Usage analytics, crash reporting	De-identified usage and device data
App Store Providers (Apple, Google)	Authentication, account verification	App store identifiers (no payment data)
Customer Support (e.g., Zendesk, Intercom)	Support ticket management	Communications, account info
Email Services (e.g., SendGrid)	Transactional and marketing emails	Email address, name
CDN / Image Storage (e.g., AWS S3, CloudFront)	Image delivery and storage	Visual Inputs (for session history)
Content Moderation	CSAM detection, prohibited content screening	Visual Inputs (hashed or processed, not stored by provider)

All service providers are bound by data processing agreements that restrict their use of your data to the purposes specified by us and require them to implement appropriate security measures.

7.2 Legal Requirements

We may disclose your information if we believe in good faith that disclosure is necessary to:

Comply with applicable law, regulation, legal process, or governmental request (including court orders, subpoenas, and national security requests);
Enforce our Terms of Service or investigate potential violations;
Detect, prevent, or address fraud, security, safety, or technical issues;
Protect the rights, property, or safety of Collov, our users, or the public;
Respond to an emergency involving danger of death or serious physical injury.

We will attempt to notify you of legal demands for your data when legally permitted to do so, unless we believe notification would be futile, create a risk of injury or death, or would compromise a law enforcement investigation.

7.3 Business Transfers

If Collov Labs is involved in a merger, acquisition, reorganization, bankruptcy, dissolution, sale of assets, or similar transaction, your Personal Data may be transferred to the successor entity. We will provide notice before your Personal Data becomes subject to a different privacy policy.

We may share your information with third parties when you have given us explicit consent to do so. For example:

If you choose to share a session output to a social media platform;
If you authorize a third-party integration or plugin;
If you participate in a research program that involves data sharing.

7.5 Aggregated and De-Identified Data

We may share aggregated, de-identified, or anonymized data that cannot reasonably be used to identify you. For example:

Publishing statistics about overall Service usage;
Sharing anonymized trends with research partners;
Using aggregate data for marketing purposes.

8. Third-Party AI Model Providers

8.1 Data Flow to Third-Party AI Providers

When you use the Service, your Visual Inputs and text prompts may be transmitted to and processed by third-party AI model providers. The specific flow is:

Your Visual Inputs are transmitted from your device to Collov's servers;
Collov's servers may transmit the Visual Inputs (or processed versions thereof) to third-party AI model APIs for analysis;
The AI model generates outputs, which are returned to Collov's servers;
Collov formats and delivers the outputs to your device.

8.2 Provider-Specific Disclosures

Provider	Data Processed	Training Use	Retention	Relevant Policy
OpenAI	Visual Inputs, text prompts	Not used for training (API)	Up to 30 days for abuse monitoring	OpenAI API Data Usage Policy
Google (Gemini)	Visual Inputs, text prompts	Not used for training (enterprise)	Per enterprise DPA	Google Cloud Privacy
Anthropic (Claude)	Visual Inputs, text prompts	Not used for training (API)	Up to 30 days for safety	Anthropic Privacy Policy

Note: We may add, remove, or change AI model providers at any time. We will update this table periodically and notify you of material changes.

8.3 Our Contractual Safeguards

We maintain data processing agreements with all third-party AI model providers that include:

Restrictions on using our users' data for the provider's own model training;
Requirements for appropriate security measures and encryption;
Data deletion obligations after the retention period;
Audit rights and incident notification obligations;
Restrictions on sub-processing without our approval.

9. Data Retention

We retain your information for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law.

9.1 Retention Schedule

Data Category	Retention Period	Basis
Account Information	Life of account + 90 days after deletion	Service provision
Visual Inputs (saved sessions)	Until you delete the session or your account	Service provision
Visual Inputs (unsaved sessions)	≤ 72 hours after session completion	Temporary processing
AI-Generated Outputs	Same as associated Visual Inputs	Service provision
Session Metadata (timestamps, model used)	Life of account + 90 days	Analytics, billing
Usage Analytics	24 months (rolling, de-identified)	Product improvement
Server Logs (IP addresses, errors)	90 days	Security, debugging
Credit Transaction Records	3 years after transaction	Account management
Support Tickets	3 years after resolution	Support quality
De-identified Training Data	Indefinite	Model training, research
CSAM Reports (if applicable)	As required by law and NCMEC	Legal obligation
Deleted Account Data	Purged within 30 days of deletion request	User rights

9.2 Deletion vs. Anonymization

When data reaches the end of its retention period, we either:

Delete it permanently and irreversibly; or
Anonymize it such that it can no longer be associated with you. Anonymization is used only where deletion is technically infeasible (e.g., data already incorporated into trained model weights). Where data has been incorporated into model weights and cannot be individually deleted, we commit to: (a) ceasing all further use of your identifiable data, (b) excluding your data from future training dataset refreshes where technically feasible, and (c) taking reasonable mitigation steps to minimize the impact of any residual data within model parameters.

10. Data Security

10.1 Technical Safeguards

We implement industry-standard technical measures to protect your data:

Measure	Details
Encryption in Transit	All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher. Real-time camera streaming uses DTLS.
Encryption at Rest	All stored data (including Visual Inputs, session data, and backups) is encrypted at rest using AES-256 encryption.
Access Controls	Role-based access controls (RBAC) limit employee and contractor access to user data on a need-to-know basis.
Authentication	Multi-factor authentication (MFA) is required for all internal systems with access to user data.
Network Security	Firewalls, intrusion detection/prevention systems (IDS/IPS), and DDoS protection.
Database Security	Database access requires authentication, connections are encrypted, and queries are logged.
Secrets Management	API keys, tokens, and credentials are stored in secure secret management systems (e.g., Google Secret Manager), not in code.
Container Security	Application workloads run in isolated containers with minimal privileges.
Monitoring and Alerting	24/7 monitoring of infrastructure for anomalies, unauthorized access attempts, and security incidents.

10.2 Organizational Safeguards

Measure	Details
Employee Training	All employees and contractors receive privacy and security training upon hire and annually thereafter.
Background Checks	Background checks are conducted for personnel with access to user data.
Confidentiality Agreements	All personnel sign confidentiality and non-disclosure agreements.
Incident Response Plan	We maintain a documented incident response plan with defined roles, procedures, and notification timelines.
Vendor Assessment	Third-party vendors with access to user data undergo security and privacy assessments before engagement.
Internal Audits	Regular internal audits of data access logs and security controls.

10.3 Breach Notification

In the event of a data breach that compromises the security, confidentiality, or integrity of your Personal Data, we will:

Investigate the incident promptly;
Take steps to mitigate harm;
Notify affected users without unreasonable delay (and within 72 hours where required by GDPR);
Notify relevant supervisory authorities as required by applicable law;
Provide information about the nature of the breach, data affected, and steps taken.

10.4 Security Limitations

While we take security seriously, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data. You are responsible for maintaining the security of your account credentials and device.

11. International Data Transfers

11.1 Where Your Data Is Processed

Your data is primarily processed and stored in the United States on Google Cloud Platform infrastructure. Data may also be processed in other countries where our AI model providers and service providers operate.

11.2 Transfer Mechanisms

For transfers of Personal Data from the European Economic Area (EEA), United Kingdom, or Switzerland to the United States or other countries without an adequacy determination, we rely on:

Standard Contractual Clauses (SCCs) approved by the European Commission;
Data Processing Agreements (DPAs) with all service providers that include appropriate safeguards;
The EU-U.S. Data Privacy Framework (DPF), where applicable;
Any other legally approved transfer mechanism.

By using the Service, you acknowledge and consent to the transfer of your Personal Data to the United States and other jurisdictions that may not provide the same level of data protection as your home country. We take steps to ensure that your data receives adequate protection wherever it is processed.

12. Your Rights and Choices

Depending on your location, you may have some or all of the following rights regarding your Personal Data:

12.1 Universal Rights

Right	Description	How to Exercise
Right to Know / Access	Request information about the Personal Data we collect, use, and share about you	Settings → Privacy → Download My Data, or email cs@collov.com
Right to Delete	Request deletion of your Personal Data	Settings → Account → Delete Account, or email cs@collov.com
Right to Correct	Request correction of inaccurate Personal Data	Settings → Profile, or email cs@collov.com
Opt Out of Training	Opt out of having your data used for AI model training	Settings → Privacy → Data Usage, or email cs@collov.com
Marketing Opt-Out	Unsubscribe from marketing communications	Unsubscribe link in emails, or Settings → Notifications
Withdraw Consent	Withdraw previously given consent (where consent is the legal basis)	Settings → Privacy, or email cs@collov.com

12.2 Verification

To protect your privacy, we will verify your identity before fulfilling data rights requests. Verification may require:

Confirming your email address via a verification code;
Providing account details that match our records;
In certain cases, providing government-issued identification.

12.3 Response Time

We will respond to verified requests within:

30 days for most requests;
45 days for complex requests (with notice of the extension);
Timeframes required by applicable law (e.g., GDPR: 1 month; CCPA: 45 days).

12.4 No Retaliation

We will not discriminate against or penalize you for exercising your privacy rights. Exercising your rights will not affect your access to the Service or pricing (except where the right to delete necessarily impacts your ability to use certain features).

13. California Residents — CCPA/CPRA

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with additional rights.

13.1 Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of Personal Information (as defined by the CCPA):

CCPA Category	Examples	Collected?
A. Identifiers	Name, email, IP address, device IDs	✅ Yes
B. Personal Information (Cal. Civ. Code § 1798.80)	Name, email, account info	✅ Yes
C. Protected Classification Characteristics	Age (for eligibility verification only)	✅ Limited
D. Commercial Information	Credit usage history	✅ Yes
E. Biometric Information	Facial characteristics (transient processing only — see Section 15)	⚠️ Transient
F. Internet / Network Activity	Usage data, log data, interaction history	✅ Yes
G. Geolocation Data	Approximate location from IP address	✅ Yes
H. Sensory Data	Photos, images, camera frames (Visual Inputs)	✅ Yes
I. Professional / Employment Information	Not collected	❌ No
J. Education Information	Not collected	❌ No
K. Inferences	Preferences inferred from usage patterns	✅ Yes
L. Sensitive Personal Information	Precise geolocation (only with consent), photos/images	✅ With consent

13.2 Your CCPA/CPRA Rights

Right to Know what Personal Information we collect, use, disclose, and sell;
Right to Delete your Personal Information;
Right to Correct inaccurate Personal Information;
Right to Opt Out of Sale/Sharing — We do not sell your Personal Information. We do not share Personal Information for cross-context behavioral advertising;
Right to Limit Use of Sensitive Personal Information — You may request that we limit our use of Sensitive Personal Information to what is necessary to provide the Service;
Right to Non-Discrimination for exercising your rights.

13.3 How to Exercise Rights

In-App: Settings → Privacy
Email: cs@collov.com
Authorized Agent: You may authorize an agent to exercise rights on your behalf with verifiable written authorization.

13.4 Financial Incentives

Our free credit offer may constitute a "financial incentive" under the CCPA. The value of the incentive is reasonably related to the value of the data provided (usage data for analytics and improvement). You may opt out at any time by choosing not to participate.

13.5 Shine the Light

California Civil Code § 1798.83 permits California residents to request information about our disclosure of Personal Information to third parties for their direct marketing purposes. We do not disclose Personal Information to third parties for their own direct marketing purposes.

If you are located in the EEA, UK, or Switzerland, the General Data Protection Regulation (GDPR) and equivalent laws provide you with additional protections.

14.1 Legal Bases for Processing

Processing Purpose	Legal Basis (GDPR Art. 6)
Providing the Service (AI processing, sessions)	Contract (Art. 6(1)(b)) — necessary to perform our agreement with you
Account management, authentication	Contract (Art. 6(1)(b))
Credit management	Contract (Art. 6(1)(b))
AI model training and improvement	Legitimate Interest (Art. 6(1)(f)) — improving our AI for all users. You may opt out (Art. 21).
Analytics and product improvement	Legitimate Interest (Art. 6(1)(f)) — understanding and improving the Service
Safety, abuse prevention, content moderation	Legitimate Interest (Art. 6(1)(f)) — ensuring security and safety
Marketing communications	Consent (Art. 6(1)(a)) — obtained at opt-in
Legal compliance	Legal Obligation (Art. 6(1)(c))

In addition to the rights in Section 12, GDPR provides:

Right	Description
Right to Data Portability	Receive your Personal Data in a structured, commonly used, machine-readable format (e.g., JSON) and transmit it to another controller
Right to Restrict Processing	Request restriction of processing in certain circumstances (e.g., while accuracy is contested)
Right to Object	Object to processing based on legitimate interests (including AI model training). We will cease processing unless we demonstrate compelling legitimate grounds.
Right to Lodge a Complaint	File a complaint with your local Data Protection Authority (DPA). See EDPB list of DPAs.
Right Not to Be Subject to Automated Decision-Making	The right not to be subject to decisions based solely on automated processing, including profiling, which produce legal or similarly significant effects. Our Service provides AI-generated suggestions and recommendations, which are informational and do not produce legal or similarly significant effects on you.

14.3 Data Protection Impact Assessment (DPIA)

Given the visual nature of our Service and the processing of potentially sensitive data (images of personal spaces, incidental capture of individuals), we have conducted Data Protection Impact Assessments (DPIAs) for our core processing activities. Key findings and mitigations include:

Implementing opt-out mechanisms for training data use;
Minimizing data retention periods;
Implementing facial data processing limitations (Section 5.3);
Stripping metadata from training datasets;
Maintaining data processing agreements with all AI providers.

14.4 Representative

If you are located in the EEA or UK and we do not have an establishment there, we will appoint a representative under GDPR Art. 27 as required. Contact details for our representative will be provided at cs@collov.com.

15. Biometric Data — US State Laws (BIPA, CUBI, etc.)

Several U.S. states (including Illinois, Texas, Washington, and others) have enacted laws governing the collection and use of biometric data. This section addresses those requirements.

15.1 Illinois Biometric Information Privacy Act (BIPA) Disclosure

Collov does not collect, capture, purchase, receive, or otherwise obtain biometric identifiers or biometric information (as defined under 740 ILCS 14/10) for identification purposes.

Specifically:

We do not create or store facial recognition templates, fingerprint scans, voiceprints, iris scans, retina scans, or hand geometry scans;
We do not use facial geometry or any biometric identifier to identify or verify the identity of any individual;
While our AI models may detect the presence of faces in Visual Inputs for scene understanding and content moderation, this processing is transient (data is not retained beyond the processing pipeline) and does not constitute the collection of biometric identifiers under BIPA, as it is not used for identification purposes.

15.2 If We Collect Biometric Data in the Future

If we ever introduce features that collect biometric identifiers or biometric information as defined by applicable state laws, we will:

Provide clear, written notice before collection;
Obtain your explicit, informed consent;
Establish and publish a retention schedule and destruction protocol;
Not sell, lease, or trade biometric data;
Store and protect biometric data using a standard of care no less protective than our treatment of other confidential information;
Comply with all applicable state biometric privacy laws.

15.3 Other State Biometric Laws

We comply with all applicable state biometric privacy laws, including but not limited to:

Texas Capture or Use of Biometric Identifier Act (CUBI);
Washington Biometric Privacy Law (RCW 19.375);
New York City Biometric Identifier Information Law;
Portland, Oregon Face Recognition in Public Accommodations ordinance;
Any other applicable biometric privacy statutes.

16. Children's Privacy

16.1 Age Restrictions

The Service is intended for users aged 13 and older (or the minimum age required in your jurisdiction). We do not knowingly collect Personal Data from children under 13 (or the applicable minimum age).

If we learn that we have collected Personal Data from a child under 13 without parental consent, we will take steps to delete that information as quickly as possible. If you believe we have inadvertently collected data from a child under 13, please contact us at cs@collov.com.

16.3 Teen Safety

For users aged 13–17 (or the applicable age of majority):

We apply additional content moderation safeguards;
We do not serve interest-based advertising;
We limit the types of outputs that can be generated;
Parents and guardians may contact us to exercise data rights on behalf of their minor children.

16.4 COPPA Compliance

We comply with the Children's Online Privacy Protection Act (COPPA). We do not knowingly collect, use, or disclose Personal Data from children under 13 without verifiable parental consent.

16.5 International Age Requirements

We comply with applicable children's privacy laws in all jurisdictions where the Service is available, including but not limited to:

EU/UK: GDPR requires consent from holders of parental responsibility for processing children's data (age varies by member state, minimum 13 under Article 8);
South Korea: Children under 14 require parental consent;
Australia: We consider users under 16 as requiring additional protections.

17. Cookies, Tracking, and Analytics

17.1 Mobile App

The NewEyes mobile app does not use traditional browser cookies. However, we use the following technologies:

Technology	Purpose	Opt-Out
SDK Analytics (e.g., Firebase Analytics)	Usage statistics, feature engagement, crash reporting	In-app settings
Performance Monitoring (e.g., Firebase Performance)	App load times, network latency, rendering performance	In-app settings
Attribution SDKs (if applicable)	Understanding how users discover and install the app	Device-level ad tracking settings
Push Notification Tokens	Delivering push notifications	Device notification settings

17.2 Website

If you access the Service through a web browser, we may use:

Essential Cookies — required for authentication, security, and basic functionality. These cannot be disabled.
Analytics Cookies — used to understand how visitors interact with the website. You may opt out via the cookie banner.
Preference Cookies — used to remember your settings and preferences.

We do not use third-party advertising or retargeting cookies on our website.

17.3 Analytics Providers

Provider	Purpose	Data Collected	Privacy Policy
Firebase Analytics (Google)	Usage analytics	De-identified events, device info	Google Firebase Privacy
Firebase Crashlytics	Crash reporting	Stack traces, device info	Crashlytics Data
Mixpanel (if applicable)	Product analytics	De-identified usage events	Mixpanel Privacy

18. Do Not Track Signals

Some web browsers transmit "Do Not Track" (DNT) signals. There is currently no industry standard for how companies should respond to DNT signals. We currently do not respond to DNT signals, but we honor opt-out requests through the mechanisms described in this Policy (e.g., ad tracking settings, in-app privacy settings).

We support the Global Privacy Control (GPC) signal as a valid opt-out of sale/sharing under the CCPA, where applicable.

19. Links to Third-Party Services

The Service may contain links to or display content from third-party websites, products, and services (e.g., retailers, music services, map providers). This Privacy Policy does not apply to third-party services. We are not responsible for the privacy practices of third parties. We encourage you to read the privacy policies of any third-party services you access through the Service.

20. Changes to This Privacy Policy

20.1 Right to Update

We may update this Privacy Policy from time to time to reflect changes in our data practices, technology, legal requirements, or business operations.

20.2 Notification of Material Changes

For material changes (e.g., changes in the categories of data collected, new sharing practices, changes in training data use), we will provide notice through one or more of the following:

In-app notification or banner;
Email to the address associated with your account;
Prominent notice on the Platform or website;
Updated "Last Updated" date at the top of this Policy.

20.3 Effective Date

Material changes will be effective 30 days after notice is provided (or such longer period as required by law), unless immediate effectiveness is required for legal compliance or security reasons.

20.4 Acceptance of Material Changes

For material changes — in particular, changes that affect data sharing practices, AI training data use, the categories of data collected, third-party data access, or the scope of your privacy rights — we will require your affirmative consent (e.g., a click-through acceptance prompt within the app) before the changes take effect. Continued use of the Service will not be treated as implied consent to material privacy changes.

If you do not accept a material change within 30 days of notification, you may continue using the Service under the prior version of this Policy for a reasonable transition period (not to exceed 60 days from the original notification), after which you will be asked to accept the updated Policy or delete your account.

For non-material changes (e.g., formatting, typographical corrections, clarifications that do not substantively alter your rights), your continued use of the Service after the effective date constitutes acceptance of the updated Privacy Policy.

21. Data Protection Officer

We have designated a Data Protection Officer (DPO) / Privacy Lead who is responsible for overseeing our compliance with applicable privacy and data protection laws.

Contact our DPO / Privacy Team:

Email: cs@collov.com
Subject Line: "Attention: Data Protection Officer"

22. Contact Information

For any questions, concerns, requests, or complaints regarding this Privacy Policy or our data practices:

Purpose	Contact
General Privacy Questions	cs@collov.com
Data Protection Officer	cs@collov.com
Data Rights Requests (access, deletion, correction)	cs@collov.com
Training Data Opt-Out	cs@collov.com
Security Concerns	cs@collov.com
DMCA / Copyright	cs@collov.com
Children's Privacy Concerns	cs@collov.com (Subject: "Children's Privacy")
General Support	cs@collov.com

Collov Labs

Website: https://collovlabs.com

Supplemental Disclosures

A. Data Processing Locations

Activity	Primary Location	Provider
Application hosting	United States (us-central1)	Google Cloud Platform
AI processing (proprietary models)	United States	Google Cloud Platform
AI processing (OpenAI)	United States	Microsoft Azure (for OpenAI)
AI processing (Anthropic)	United States	AWS / GCP (for Anthropic)
Image storage	United States	AWS S3 / Google Cloud Storage
Database	United States	Google Cloud SQL
Real-time streaming	United States / nearest region	LiveKit Cloud
Analytics	United States	Firebase (Google)
Email delivery	United States	SendGrid / equivalent

B. Data Subject Request Metrics

In compliance with CCPA requirements, we publish annual metrics on data subject requests received and fulfilled. These are available upon request at cs@collov.com.

C. Lawful Interception and Government Requests

We comply with valid legal process issued by courts of competent jurisdiction. We will challenge overly broad or legally deficient requests where appropriate. We do not provide law enforcement with "back door" access to user data, Visual Inputs, or AI outputs. We publish transparency reports on government access requests on an annual basis (when legally permitted).