Privacy Policy – Chipi Chipon

The Chipi Chipon application (hereinafter "the Application") places the utmost importance on protecting your privacy. This Privacy Policy outlines how personal data is collected, used, and shared by EURL Quentin Nippert.

1. Data Controller The data controller is:

EURL Quentin Nippert

SIREN: 943 878 066

Registered office: 15 rue des faisans, 67110 REICHSHOFFEN, France.

Email: contact@chipi-chipon.app

2. Data Collected We collect the following categories of data:

• Identification data: Last name, first name, and email address (via Google/Apple Authentication).
• Content data: Photos of clothing and User photos uploaded for the wardrobe and virtual try-on features.
• Geolocation data: Real-time geographic location, collected only when the weather feature is in use and with your prior consent.
• Technical and usage data: Advertising identifiers, system logs, usage data via Firebase Analytics.
• Billing data: In-app purchase history and AI try-on quota management.

3. Purposes and Legal Bases Purpose Legal Basis Account and service management (storage, planning) Performance of contract (T&Cs) AI virtual try-on Explicit consent Quota and subscription management (Premium/Freemium) Performance of contract / Legal obligation Weather-based suggestions Consent (opt-in at time of use) Audience analytics and fraud prevention Legitimate interest

4. Specific Processing of Photos (AI) The Application uses Artificial Intelligence services provided by Replicate, Inc. (USA), which runs models from OpenAI (clothing analysis), ByteDance (virtual try-on), and 851-Labs (background removal), to enable virtual try-on.

• Single use: Your photos are processed exclusively to generate the visual rendering of the outfit.
• Biometric data: The processing of your image may be considered sensitive data. By enabling the "Try-on" feature, you explicitly consent to this processing.
• No training: Your photos are never used to train AI models.
• Ephemeral processing: When sent to AI providers, the data is processed on a transient basis. It is deleted from their servers immediately after image generation.

5. Recipients and Data Transfers Your data is shared with the following providers, necessary for the operation of the service:

• Hosting: Digital Ocean (servers located in the European Union).
• Analytics and Push: Google Firebase (USA).
• AI Processing: Replicate, Inc. (USA), using models from OpenAI, ByteDance, and 851-Labs.
• Transfers outside the EU: These transfers are governed by Standard Contractual Clauses of the European Commission or the Data Privacy Framework, ensuring an adequate level of protection. Data sent to AI processing servers is limited to what is strictly necessary for technical inference.

6. Data Retention Periods Data Type Retention Period Account and Wardrobe As long as the account is active (deleted 30 days after termination). "Try-on" Photos Immediately deleted from processing servers after generation. Marketing data 3 years after the last interaction. Geolocation data Ephemeral processing, no storage on our servers. Analytics data 14 months maximum.

7. Security and Asynchronous Processing We implement technical measures (encryption, restricted access) in line with industry standards.

For asynchronous processing (notifications, image generation via BullMQ queues), transition metadata is automatically purged from our temporary databases (Redis) upon completion of processing or after a maximum safety delay of 24 hours.

8. Your Rights In accordance with the GDPR, you have the following rights:

• Right of access, rectification, and erasure (right to be forgotten).
• Right to restriction of and objection to processing.
• Right to withdraw your consent at any time (AI, geolocation, marketing).
• Right to data portability.

To exercise these rights, contact us at: contact@chipi-chipon.app. A "Delete my account" button is also available in the Application's settings for automated and complete deletion of your data.

9. Protection of Minors The Application is strictly reserved for persons aged 15 and over (digital age of majority in France). We do not knowingly collect data from minors under the age of 15 without explicit parental consent.

10. Changes We reserve the right to modify this policy. In the event of a substantial change, you will be notified by push notification or email.