PRIVACY POLICY FOR DEZN.AI

1. INTRODUCTION

This Privacy Policy explains how DEZN AI ("Company," "We," "Us," or "Our") collects, uses, discloses, and protects information when you ("Designer," "User," or "You") use the DEZN.ai platform ("Platform") at https://dezn.ai.

DEZN.ai is a B2B AI-powered fashion design assistant that processes client photos and design preferences to generate fashion visualizations. We are committed to protecting the privacy and security of all data processed through our Platform.

By using the Platform, you acknowledge that you have read and understood this Privacy Policy and agree to be bound by its terms. This Privacy Policy is incorporated into and forms part of our Terms of Service.

2. COMPLIANCE WITH INDIAN DATA PROTECTION LAWS

DEZN.ai is committed to full compliance with the Digital Personal Data Protection Act, 2023 ("DPDP Act"), Information Technology Act, 2000, and Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021.

2.1 Roles and Responsibilities

You (Designer) as Data Fiduciary: When you upload your client's personal data (including facial images, measurements, or preferences) to the Platform, you are the Data Fiduciary under the DPDP Act. You are responsible for obtaining valid consent from your clients and ensuring lawful processing.

DEZN AI as Data Processor: We act solely as a Data Processor, processing client data only on your instructions and exclusively for the purpose of generating fashion design visualizations.

3. INFORMATION WE COLLECT

3.1 Designer Account Information

When you create an account, we collect:

• Name and email address (via Google OAuth)
• Boutique or business name
• Location (city/pincode)
• Authentication credentials (securely managed by Supabase)

3.2 Client Data (Processed on Your Behalf)

When you use the Platform to generate designs, you may provide:

• Client facial photographs (for adult clients only - see Section 4)
• Body measurements and fit preferences
• Design inspiration images uploaded by you
• Text prompts describing design requirements

3.3 Temporary Server Logs

Our Cloud Run servers automatically log basic request information for debugging and security purposes:

• IP address (from HTTP headers)
• Browser type and version (user-agent string)
• Request timestamps and endpoints accessed

These logs are retained for a maximum of 30 days and then automatically deleted. We do not actively collect, store, or analyze this data in any database.

3.4 Usage Data

We store in our database:

• Text prompts and design preferences (for request history)
• Payment transaction records (via Razorpay) - retained for 7 years per tax law
• Gem balance and transaction history

3.5 Cookies and Tracking

We use essential cookies for authentication (via Supabase) and session management. We do not use third-party advertising or analytics cookies. You can control cookies through your browser settings.

4. IMMEDIATE DISCARD POLICY FOR BIOMETRIC DATA

4.1 Facial Image Processing

When you upload a client's facial photograph for "Discovery Mode" image generation:

• The image is processed in volatile memory (RAM) on our server
• The image is used ONLY for the immediate generation task
• The image is PERMANENTLY DELETED from our servers immediately upon completion of the generation task (typically within 30-60 seconds)
• We do NOT store facial images in any database
• We do NOT use facial images to train or improve our AI models
• We do NOT create or maintain a facial recognition database

4.2 Generated Output Storage

When we generate fashion design images, they are NOT automatically stored anywhere:

• Generated images exist only in your browser session after creation
• Images are stored on our server ONLY when you explicitly click "Save to Gallery"
• If you close the page or navigate away without saving, the generated images are permanently lost
• Once saved to your gallery, images remain stored indefinitely until you manually delete them

These generated images are synthetic AI creations, not the original input photos submitted by you.

5. STRICT PROTECTION OF MINORS

5.1 No Collection of Minor's Biometric Data

In strict compliance with Section 9 of the DPDP Act, 2023 and the POCSO Act:

• You are ABSOLUTELY PROHIBITED from uploading photographs or biometric data of any person under 18 years of age
• You are responsible for verifying client age before uploading any facial photographs
• Violation of this policy will result in immediate account termination and reporting to law enforcement

5.2 Platform Access Age Restriction

The Platform is intended exclusively for professional designers aged 18 years or older. We do not knowingly collect personal data from individuals under 18. If we become aware that a minor has registered, we will immediately delete their account and data.

6. HOW WE USE YOUR INFORMATION

6.1 Designer Account Data

We use your account information to:

• Provide and maintain your access to the Platform
• Process payments and manage your "Gem" credits
• Send service-related notifications (generation status, account updates)
• Provide customer support
• Improve our services based on aggregated usage patterns

6.2 Client Data Processing

Client data you upload is used EXCLUSIVELY to:

• Generate the specific fashion design visualization you requested
• Apply your selected garments, embellishments, and styling preferences

We do NOT use client facial images for any other purpose, including marketing, analytics, or AI model training.

6.3 Prompt and Generation Logs

We temporarily log text prompts (without client photos) on our servers for debugging purposes. These logs are stored in ephemeral server storage and are automatically cleared when the server restarts (typically within 24-48 hours).

7. DATA RETENTION AND DELETION

7.1 Client Facial Images

Retention Period: ZERO. Facial images are deleted immediately upon generation completion (see Section 4.1).

7.2 Generated Output Images

Once saved to your gallery, images are stored indefinitely until you manually delete them from your account.

7.3 Designer Account Data

Retained for the duration of your active account. Upon account deletion, your data is purged within 30 days, except where retention is required by law (e.g., tax records for 7 years).

7.4 Transaction Records

Payment records are retained for 7 years to comply with accounting and tax regulations.

8. DATA SHARING AND DISCLOSURE

8.1 Third-Party Service Providers

We share data with trusted service providers who assist in operating the Platform:

• Supabase: Database and authentication (data stored in South Asia / Mumbai region)
• Google Cloud Platform: AI model hosting and compute (asia-south1 region - Mumbai)
• Razorpay: Payment processing (India-based)
• Firebase Hosting: Static content delivery

All service providers are bound by strict data protection agreements and process data only on our instructions.

8.2 No Sale of Data

We do NOT sell, rent, or trade your personal data or your clients' data to any third party for marketing or advertising purposes.

8.3 Legal Obligations

We may disclose data if required by law, court order, or government authority, or to protect our rights, safety, or property.

9. DATA SECURITY MEASURES

We implement industry-standard security practices:

• HTTPS/TLS encryption for all data in transit
• Supabase Row-Level Security (RLS) for database access control
• Google OAuth 2.0 for secure authentication
• Razorpay PCI-DSS compliant payment processing
• Prompt injection filters and content safety mechanisms
• Regular security audits and updates

However, no system is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.

10. YOUR RIGHTS UNDER DPDP ACT

10.1 As a Designer (User of the Platform)

You have the right to:

• Access: Request a copy of your account data
• Correction: Update or correct inaccurate information
• Erasure: Request deletion of your account and associated data
• Portability: Export your generation history and saved designs
• Grievance: File a complaint with our Grievance Officer (see Section 13)

10.2 Your Responsibilities for Client Data

As the Data Fiduciary for your clients, YOU are responsible for:

• Obtaining valid consent from clients before uploading their data
• Providing clients with a privacy notice explaining how their data will be used
• Honoring client requests to delete or correct their data (we provide tools for you to do this)
• Ensuring you do not upload data of minors in violation of our policies

11. INTERNATIONAL DATA TRANSFERS

Our data storage and processing is primarily located within India (Mumbai region):

• Supabase database: South Asia (Mumbai) region
• Google Cloud Run: asia-south1 (Mumbai) region
• Payment processing: Razorpay (India-based)

All data remains within India's jurisdiction, ensuring compliance with local data protection laws and minimizing cross-border data transfer concerns.

12. UPDATES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:

• Posting the updated policy on this page with a new "Last Updated" date
• Sending an email notification to your registered email address

Your continued use of the Platform after the effective date of changes constitutes acceptance of the updated policy.

13. CONTACT US

Grievance Officer

For any privacy-related questions, concerns, or to exercise your rights under the DPDP Act, please contact:

General Inquiries

Email: support@dezn.ai
Website: https://dezn.ai

14. CONSENT AND ACKNOWLEDGMENT

By using DEZN.ai, you acknowledge that:

• You have read and understood this Privacy Policy
• You consent to the collection, use, and processing of data as described herein
• You understand your responsibilities as a Data Fiduciary when uploading client data
• You agree to obtain all necessary consents from your clients before using their data on the Platform
• You will not upload biometric data of minors under any circumstances