NailMuse — Privacy Policy
NailMuse — Privacy Policy
Effective date: 12 August 2025
Last updated: 12 August 2025
NailMuse (the “App”) is provided by Devloft (“NailMuse,” “we,” “us,” or “our”). This Privacy Policy explains what information we collect, how we use it, and your choices. If you do not agree with this Policy, please do not use the App.
Summary (not a substitute for the full Policy): We collect account details, the options you pick for designs (e.g., skin tone, shape, colors), prompts and generated images, subscription status, and device/diagnostic data. We use trusted processors—such as Supabase (backend/storage), OpenAI (image generation), and RevenueCat (subscriptions). Preview images are temporary; final images you save are stored in your collection. You can request deletion at any time.
Account & profile: email, display name, avatar.
Authentication: via email/password or third‑party sign‑in (e.g., Apple). We receive tokens/identifiers needed to authenticate you.
Design inputs: pre‑selected options and any text you add (“prompts”).
User content: generated images you choose to save, your collection items, tags, notes.
Support: messages, feedback, bug reports.
Device & usage: app version, device model/OS, language, time zone, coarse location (derived from IP), feature usage, in‑app events.
Diagnostics & logs: crash data, performance, error logs.
Subscriptions: purchase and entitlement status from Apple App Store and RevenueCat (no full card numbers; Apple handles payment).
Auth providers: Apple Sign‑In provides a stable identifier and (optionally) your name/email.
Provide & improve the App, generate images, maintain accounts, and personalize your experience.
AI image generation: We send your prompts and (when needed) reference images to OpenAI solely to generate/inspect images.
Storage & sync: We store final images you save and related metadata in Supabase. Preview images may be stored temporarily to deliver results quickly.
Subscriptions & access control: We verify entitlements via RevenueCat / App Store.
Security, fraud prevention, compliance: Detect abuse and enforce our Terms.
Communications: Respond to support, send service notices, and (if you opt in) product updates.
Legal bases (EEA/UK): performance of a contract, legitimate interests (e.g., App security, service improvement), and consent where required.
We do not sell your personal information. We share it only with:
Service providers/processors acting on our behalf, including:
Supabase (hosting, database, storage)
OpenAI (model inference for image generation/quality checks)
RevenueCat (subscription management)
Apple (Sign in with Apple; App Store payments)
Optional analytics/diagnostics (e.g., Sentry, Crashlytics) if enabled
Legal & safety: to comply with law, enforce terms, or protect rights and safety.
Business transfers: in a merger, acquisition, or asset sale, subject to this Policy.
Preview images: kept briefly to serve results and improve reliability; our goal is deletion within 7 days and in any case within 30 days.
Final saved images & collection data: kept until you delete them or your account is closed.
Logs/diagnostics: typically 30–90 days, unless needed longer for security/compliance.
Access, correction, deletion: You can view/update your profile and delete designs from the App. Contact us to request account deletion.
Opt‑outs: You can disable non‑essential analytics (if offered) in settings.
EEA/UK: rights to access, rectify, erase, restrict/oppose processing, data portability, and lodge a complaint with your DPA.
California (CCPA/CPRA): rights to know, delete, and opt‑out of “sharing/sale” (we do not sell). We honor authorized agent requests consistent with law.
Requests: privacy@nailmuse.app (or in‑app request). We may verify your identity before responding.
We may process and store information outside your country. Where required, we use appropriate safeguards (e.g., SCCs) for cross‑border transfers.
NailMuse is not directed to children under 13 (or the minimum age required in your region). Do not use the App if you are under the applicable age. Parents who believe a child provided data should contact us for deletion.
We use reasonable technical and organizational measures (encryption in transit, access controls). No method is 100% secure; you use the App at your own risk.
We may update this Policy. We will post the new version with an updated “Last updated” date and, if changes are material, provide additional notice.
Devloft
Email: support@devloft.app
Address: UK, London