Privacy Policy - Radiant Harmony

Last updated: April 2, 2025

1. Introduction

Welcome to Radiant Harmony. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our mobile application and associated services.

2. Information We Collect

2.1 Personal Information

We may collect the following types of personal information:

• Email address
• Profile information from third-party social media services (if you choose to connect these)
• User-generated content (such as photos uploaded for color analysis)
• Device information (e.g., device model, operating system version, unique device identifiers)
• Usage data (e.g., app usage statistics, interaction with ads)
• Coarse location data

2.2 Photo Data

Our app analyzes photos for color analysis. Here's how we handle your photo data:

• Photo Upload: When you upload a photo or take a new one within the app, the image is resized and converted to a base64 format on your device.
• Data Transmission: The resized image data is then securely transmitted to our servers using HTTPS encryption.
• Server Processing: Our server processes the image data, making necessary modifications to prepare it for analysis.
• AI Analysis: The processed image is then sent to our AI service provider for color analysis.
• Data Storage: We do not store your original photos, processed images, or AI analysis results on our servers. They are processed in real-time and then discarded unless you explicitly choose to save your results.

We use industry-standard security measures to protect your photo data during transmission and processing. Access to the system that handles photo data is strictly limited and controlled.

2.3 AI-Processed Data

We use third party artificial intelligence models to analyze your photos and generate personalized color palettes. The AI processes data derived from images such as skin tone, hair color, and other visual elements to provide recommendations. We do not store the AI responses or any data derived from user-submitted images on our servers unless you explicitly choose to save your results.

3. How We Use Your Information

We use your personal information for the following purposes:

• To provide and maintain our Service
• To personalize your experience and deliver tailored color recommendations
• To improve our app and develop new features
• To communicate with you about our Service
• To provide customer support
• To process payments for in-app purchases
• To send you email notifications about app updates and new features, if you've opted in
• To comply with legal obligations
• To protect our website from spam and abuse using Google reCAPTCHA v3

3.1 Email Communications

If you opt-in to receive email notifications, we will use your email address to send you information about our services, including app launch notifications and updates. You can manage your email preferences or opt-out at any time through your account settings or by using the unsubscribe link in our emails.

4. Data Retention

We retain your personal information for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy. Specifically:

• Account information: Retained for the duration of your account's active status and for a maximum of 30 days after account deletion.
• Usage data: Retained for a maximum of 12 months for analytics purposes.
• Photos and AI analysis results: Processed in real-time and not stored on our servers unless you explicitly choose to save your results. Saved results are stored with your account data and are deleted when your account is deleted.

You can delete your account and associated personal data directly from the app settings. For detailed instructions, please visit our Account Deletion Instructions. Alternatively, you can contact us at: support[at]radiantharmonyai[dot]com for assistance with data deletion.

4.1 Third-Party Data Retention

For information about how long our third-party service providers retain your data, please refer to Section 5 (Sharing Your Information), where we detail the data retention policies for each service provider.

5. Sharing Your Information

5.1 Overview of Third-Party Services

We partner with several third-party services to provide our app's functionality. Each service receives only the minimum necessary data to perform its specific function:

Authentication Services (AWS Cognito)

• Data shared:
  • Email address
  • Authentication tokens
  • Device identifiers
• Purpose: To manage user accounts and secure access to the app
• Data retention: 30 days after account deletion
• Data location: Data is stored in EU data center (Stockholm).
• Privacy policy: AWS Privacy Notice

Email Service Provider (SMTP2GO)

• Data shared:
  • Email address
  • Email subject lines
  • Email content (for transactional emails like verification codes)
  • Email headers
• Purpose: To deliver transactional emails (account verification, password resets) and potential future marketing communications
• Data handling:
  • Emails are transmitted using TLS encryption
  • Email headers and basic information are stored with encryption at rest using AES-256
  • Full email content is not stored by default unless email archiving is enabled
• Data retention: Basic email information is stored for 35 days by default
• Data location: Data is stored in EU data center (Amsterdam).
• Privacy policy: SMTP2GO Privacy Policy

Advertising Services (Google AdMob)

• Data shared:
  • Advertising identifier
  • Device information
  • Approximate location (IP-based)
  • App interaction data
• Purpose: To display relevant advertisements and measure ad performance
• Data handling:
  • Users can opt out of personalized advertising by adjusting their device settings
  • To opt out on Android: Settings > Google > Ads > Opt out of personalized advertising
  • To opt out on iOS: Settings > Privacy > Tracking > Disable "Allow Apps to Request to Track"
  • To delete you data you can revoke your consent to use your personal data from the Radiant Harmony app Settings > Privacy & Security > Consent Settings
    When this is done, any user data becomes disassociated from the user and deleted
• Privacy policy: Google Privacy Policy

AI Processing (Google)

• Data shared:
  • Language selection
  • Processed image data
• Purpose: To provide AI-powered color analysis
• Data handling:
  • Data is processed in accordance with Google's Data Processing Addendum
  • Prompts and responses are logged for a limited time only for detecting violations of the Prohibited Use Policy
  • No data is used to improve Google's products
• Data retention: Limited period for compliance monitoring
• Privacy policy: Google Privacy Policy

AI Processing (Anthropic)

• Data shared:
  • Language selection
  • Processed image data
• Purpose: To provide AI-powered color analysis
• Data handling:
  • Inputs and outputs are automatically deleted on the backend within 30 days
  • Data may be retained longer if flagged for Usage Policy violations
  • No data is stored beyond necessary processing time unless required by law
• Data retention: 30 days maximum for normal operations
• Privacy policy: Anthropic Privacy Policy

Social Login Providers

• Google Sign-In
  • Data shared: Email address and basic profile information
  • Purpose: To enable Google account login
  • Privacy policy: Google Privacy Policy
• Facebook Login
  • Data shared: Email address and basic profile information
  • Purpose: To enable Facebook account login
  • Privacy policy: Meta Privacy Policy

Google reCAPTCHA v3

• Data shared:
  • Hardware and software information
  • Device information
  • Date and duration of visits
  • Mouse movements and touches
  • Browser language
  • IP address
• Purpose: To protect our website from spam and abuse
• Data handling: Automated background verification of user interactions
• Privacy policy: Google Privacy Policy
• Terms of Service: Google Terms of Service

Analytics Service (PostHog)

• Data shared:
  • Anonymous user identifier
  • User type
  • App usage data (screens viewed, features used)
  • Device information (model, OS version)
• Data handling:
  • No personally identifiable information is collected:
    • Email addresses are hashed before sending
    • IP addresses are filtered and not stored
    • No location data is collected
  • You can manage analytics consent at any time via Settings > Privacy & Security > Analytics
  • When opted out, all tracking stops immediately
  • Data is processed and stored in the EU (Frankfurt) for GDPR compliance
• Data retention: 6 months for active users, or until data removal request
• Privacy policy: PostHog Privacy Policy

Payment Processing (RevenueCat)

• Data shared:
  • User identifier
  • Purchase history
  • Subscription status
  • Device information
  • App Store/Google Play account information
• Purpose: To process in-app purchases and subscriptions
• Data handling:
  • Secure processing of payments through Google Play and Apple App Store
  • Management of subscription status and renewal
  • Processing of refunds and subscription cancellations
  • Data is encrypted in transit and at rest
  • Subscription information is clearly displayed before purchase, including:
    • Subscription duration and renewal terms
    • Price and billing frequency
    • Features included in the subscription
    • How to cancel the subscription
• Data retention: As long as necessary to provide the service and comply with legal obligations
• Data location: Data is stored in US data centers with appropriate safeguards for international transfers
• Privacy policy: RevenueCat Privacy Policy

Error Monitoring Service (Sentry)

• Data shared:
  • Error details and stack traces
  • Device type and operating system version
  • App version
  • Crash identifiers
  • Context of the error (what action was being performed)
• Data handling:
  • No personally identifiable information is collected:
    • IP addresses are not stored
    • No user identification data is collected
    • No location data is collected
  • Data is used solely for identifying and fixing technical issues
  • Error reports are automatically collected when crashes or errors occur
• Data retention: 30 days, or until data removal request
• Privacy policy: Sentry Privacy Policy

5.2 Data Sharing Principles

• We share only the minimum necessary data required for each service to function
• All data sharing is conducted over encrypted connections
• We regularly review our third-party partnerships to ensure compliance with our privacy standards
• We do not sell your personal information to third parties

5.3 Legal Requirements

We may disclose your information if required by law, in response to legal processes, or to protect our rights and the rights of others. In such cases, we will:

• Notify users when possible (unless legally prohibited)
• Limit the data shared to what is legally required
• Review all legal requests for validity

5.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice in our app of any change in ownership or uses of your personal information.

5.5 Payment Processing

We use RevenueCat to process in-app purchases and subscriptions. When you make a purchase:

• Your payment information is processed securely through Google Play or Apple App Store
• We do not store your payment details directly
• Purchase history and subscription status are managed through RevenueCat
• You can manage your subscriptions through your device's settings or the respective app store

6. Your Privacy Rights

6.1 GDPR Rights (for EEA users)

Under the General Data Protection Regulation (GDPR), users in the European Economic Area have the following rights:

• Right to access your personal data
• Right to rectify inaccurate personal data
• Right to erase your personal data
• Right to restrict processing of your personal data
• Right to data portability
• Right to object to processing of your personal data
• Right to withdraw consent at any time

6.2 California Privacy Rights (CPRA)

California residents have additional rights under the California Privacy Rights Act (CPRA), including:

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information
• Right to opt-out of the sale or sharing of personal information
• Right to non-discrimination for exercising CPRA rights

6.3 Exercising Your Rights

To exercise any of these rights, please contact us at: support[at]radiantharmonyai[dot]com We will respond to your request within 30 days.

6.4 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data infringes on data protection laws. For users in the European Union, you can find a list of supervisory authorities here.

7. Legal Bases for Processing

We process your personal data on the following legal bases:

• Consent: For example, when you agree to receive marketing communications.
• Contract: To fulfill our obligations to you when you use our services.
• Legitimate Interests: To improve our services and provide a personalized experience.
• Legal Obligation: To comply with applicable laws and regulations.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption of data in transit and at rest
• Regular security audits and vulnerability assessments
• Access controls and authentication measures
• Employee training on data protection and security

While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

9. Children's Privacy

Our Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe we may have collected information about a child, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your information in these cases, such as Standard Contractual Clauses approved by the European Commission.

11. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we will provide a more prominent notice, which may include an email notification to users who have opted in to communications.

We encourage you to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

12. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

• Email: support[at]radiantharmonyai[dot]com

13. Cookie Policy

Our application and website use cookies and similar technologies. For detailed information about the types of cookies we use, how we use them, and how you can manage your preferences, please see our separate Cookie Policy.

14. Local Storage

14.1 Website Local Storage

Our website uses local storage, a web storage technology built into your browser, to remember your language preference. This improves your user experience by maintaining your preferred language setting across visits. The language preference is stored locally on your device and is not transmitted to our servers. You can clear this data at any time through your browser settings.

14.2 Mobile App Local Storage

Our mobile application uses AsyncStorage, a secure local storage system for mobile applications, to store certain preferences:

• Language Preferences: Your selected app language is stored locally on your device

This data is stored solely on your device and is not transmitted to our servers. You can clear this data at any time by clearing your app data or uninstalling the app.

15. Version History

April 2, 2025: Payment processing update:

• Added detailed RevenueCat information for in-app purchases and subscriptions
• Added specific subscription information requirements
• Updated payment processing section with more detailed information

March 7, 2025: Email service provider update:

• Added SMTP2GO as email service provider
• Specified EU data location for GDPR compliance
• Added detailed information about email data handling

February 15, 2025: AI processing and third-party services update:

• Added detailed information about Google AI data processing
• Updated Anthropic AI data retention policies
• Added detailed information about PostHog
• Added detailed information about Sentry
• Improved transparency on third-party data processing

December 31, 2024: Major restructuring of privacy policy:

• Removed in-app purchases section (to be added when feature launches)
• Removed automated decision-making and profiling section (not applicable to current app functionality)
• Consolidated all third-party service information into Section 5 (previously 6)
• Added comprehensive details about data sharing with each service provider
• Added detailed information about reCAPTCHA v3 data handling
• Improved clarity on advertising opt-out procedures
• Updated local storage section to accurately reflect app's data storage practices
• Simplified cookie policy section to avoid duplication
• Removed redundant cookie choices section
• Reorganized document structure

September 21, 2024: Cookie consent and language preferences update:

• Updated to include information about the cookie consent banner
• Added user choices regarding cookies
• Clarified the use of local storage for language preferences
• Removed language preference from cookie policy

September 12, 2024: Google reCAPTCHA update:

• Updated to include information about Google reCAPTCHA v3 usage
• Added details about data collection and processing

September 06, 2024: Feature and compliance update:

• Added sections on in-app purchases
• Added legal bases for processing
• Added automated decision-making
• Expanded information on email communications
• Enhanced user rights section

September 05, 2024: Major revision:

• Complete rewrite for user-friendliness
• Enhanced compliance with current regulations
• Improved document structure and clarity

August 20, 2024: Initial release

16. Language

This Privacy Policy has been prepared in English. Translations into other languages are provided for convenience only. In the event of any conflict or discrepancy between the English version and a translated version, the English version shall prevail.

The authoritative English version of this Privacy Policy can be found at: https://www.radiantharmonyai.com/en/privacy_policy.html