We collect personal information from you directly, automatically through your use of the Services, and from third parties.

We may collect:

• Contact and account information, such as name, email address, phone number, and account credentials.
• Profile and account settings information.
• User Content you submit through the Services, including photos or videos of luxury goods, item details, serial numbers, receipts, and related descriptions.
• Communications and support submissions, including messages, requests, and survey responses.
• Marketing preferences and communication settings.

We may collect:

• Device and app information, such as device type, operating system, app version, language settings, crash reports, and diagnostics.
• Usage and log information, such as timestamps, page or feature interactions, session events, IP address, and approximate geolocation derived from IP.
• Technical and analytics information collected through cookies and similar technologies on our website.

We may receive information from:

• Identity and login providers (for example, Apple Sign-In and Google Sign-In).
• App store and payment channels (for example, Apple and Google), such as subscription status, transaction confirmations, and product identifiers.
• Service providers that support analytics, infrastructure, security, communications, customer support, and operations.

Payments are handled by app stores or other authorized processors. We typically receive limited transaction and subscription records, not full payment card numbers.

We may use personal information to:

• Provide, operate, maintain, and secure the Services.
• Create, authenticate, and manage user accounts.
• Process purchases, subscriptions, and related customer support.
• Generate and deliver service outputs, including Authentication Output (as defined in our Terms of Service).
• Improve, test, evaluate, and develop our Services and models.
• Train, retrain, validate, and fine-tune AI/ML systems used in the Services.
• Detect, prevent, and investigate fraud, abuse, security incidents, and policy violations.
• Communicate with you about service updates, billing, security alerts, and legal notices.
• Send marketing emails, SMS/text messages, and push notifications where permitted by law and based on your preferences.
• Comply with law and enforce agreements.

The Services use AI/ML systems, and we may use User Content, service interactions, and related metadata for model development and improvement, including training, retraining, evaluation, and fine-tuning.

Because model training can involve complex statistical processes, we may not be able to identify or remove particular data points from models already trained, although we will process deletion requests for personal information as required by applicable law. For the avoidance of doubt, de-identified, aggregated, or derivative data incorporated into trained models is not considered personal information subject to individual deletion requests, to the extent permitted by applicable law.

Service outputs are probabilistic and may be inaccurate.

External AI/model providers that support our Services may process applicable data under their own terms and policies. We encourage you to review the privacy policies of any external providers whose services are used in connection with the Services.

We may disclose personal information:

• To vendors and service providers supporting hosting, storage, analytics, security, communications, customer support, payment and operations.
• To external AI/model and technology providers that support service functionality and improvement.
• To app store and payment partners for subscription administration, billing, fraud prevention, and transaction support.
• To legal, accounting, audit, insurance, and other professional advisors.
• To law enforcement, regulators, courts, or other parties where required or permitted by law.
• In connection with mergers, acquisitions, financings, reorganizations, bankruptcy, or sale of assets.
• With your consent or at your direction.

As of the Last Updated date, we do not sell personal information for monetary consideration and do not share personal information for cross-context behavioral advertising, as those terms are defined under applicable law.

Our website may use cookies and similar technologies for authentication, security, analytics, and website functionality. You can manage cookie settings through your browser, but disabling cookies may affect functionality.

The mobile App does not use browser cookies, but may use SDKs or similar technologies for analytics, diagnostics, security, and communications.

If permitted by law and based on your choices, we may send marketing messages by email, SMS/text, and push notification.

You can opt out by:

• Email: using the unsubscribe link in marketing emails.
• SMS/Text: replying STOP.
• Push notifications: adjusting your device settings.

Opting out of marketing communications does not affect transactional or service-related communications.

Consent to receive marketing texts is not a condition of purchase where prohibited by law.

We retain personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements.

Retention may vary by data type and legal requirements. In general:

• Account and transaction records may be retained while your account is active and for a reasonable period afterward.
• User Content, usage logs, and related metadata may be retained as needed for operations, fraud prevention, legal compliance, and service/model improvement.
• If you request deletion, we will delete or de-identify personal information as required by law, subject to lawful exceptions. De-identified, aggregated, or derivative data, and models trained using such data, are not subject to individual deletion requests to the extent permitted by applicable law.

Deleting the App does not automatically cancel your Subscription or delete all retained records. You may delete your account through in-app account settings. If you wish to exercise additional deletion rights, you may submit a request to hello@autheit.com.

We use reasonable administrative, technical, and organizational safeguards designed to protect personal information. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

In the event of a security breach involving unauthorized access to, acquisition of, or disclosure of your personal information, we will notify affected individuals and applicable regulatory authorities as required by applicable law. The timing, content, and method of notification will comply with the requirements of applicable federal, state, and international data breach notification laws. Where required by law, we will provide notice without unreasonable delay.

Nothing in this section creates an independent obligation to notify beyond what is required by applicable law, nor does it create a private right of action for breach notification.

We may process and store personal information in the United States and in other jurisdictions where we or our service providers operate. Data protection laws may differ across jurisdictions.

If you access the Services from outside the United States, you understand and acknowledge that your personal information may be transferred to, stored in, and processed in the United States and other countries that may not provide the same level of data protection as your home jurisdiction. By using the Services, you consent to such transfers to the extent permitted by applicable law.

If you are located in the European Economic Area (“EEA”), the United Kingdom (“UK”), or Switzerland, the following additional provisions apply to our processing of your personal data.

We process your personal data on the following legal bases under the General Data Protection Regulation (“GDPR”) and applicable UK data protection law:

(a) Contractual Necessity: Processing necessary to perform our contract with you (i.e., to provide the Services, manage your account, and process transactions).
(b) Legitimate Interests: Processing necessary for our legitimate interests, including improving and securing the Services, fraud prevention, analytics, model training and improvement, and marketing (where not overridden by your rights and interests).
(c) Consent: Where we rely on your consent for specific processing activities (such as marketing communications or certain uses of cookies), you may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
(d) Legal Obligation: Processing necessary to comply with legal obligations to which we are subject.

Your personal data may be transferred to and processed in the United States and other countries outside the EEA, UK, or Switzerland. Where such transfers occur, we rely on appropriate safeguards, including Standard Contractual Clauses approved by the European Commission or the UK Information Commissioner’s Office, as applicable, or other lawful transfer mechanisms.

In addition to the rights described in Section 12 (Privacy Rights and Requests), EEA, UK, and Swiss users may have the right to:

• Request restriction of processing of your personal data;
• Object to processing based on legitimate interests;
• Receive your personal data in a structured, commonly used, and machine-readable format (data portability); and
• Lodge a complaint with your local data protection supervisory authority.

Depending on where you live and applicable law, you may have rights to:

• Access personal information we maintain about you.
• Correct inaccurate personal information.
• Delete personal information.
• Receive a portable copy of certain personal information.
• Opt out of certain processing activities.
• Appeal denial of a request where required by law.

To exercise privacy rights, contact hello@autheit.com. We may verify your identity before fulfilling a request.

Where permitted by law, you may use an authorized agent to submit requests on your behalf, subject to verification and authorization requirements.

Residents of states with comprehensive privacy laws (including California and others) may have additional rights under applicable law. We process verified requests as required and provide appeals processes where required.

California residents may submit CCPA/CPRA requests to hello@autheit.com.

For purposes of the California Consumer Privacy Act, as amended (“CCPA”), we may collect the following categories of personal information: identifiers; commercial information; internet or electronic network activity information; rough geolocation data; audio, electronic, or visual information (such as photos and videos you upload); and inferences drawn from the above. For details on specific data elements collected, please see Section 2 (Personal Information We Collect).

We may collect certain categories of information that may be considered “sensitive personal information” under applicable state privacy laws, including account login credentials (username/email in combination with password). We use sensitive personal information only as necessary to provide the Services, manage your account, and ensure security. You may have the right to limit the use of sensitive personal information under applicable law.

As of the Last Updated date, we do not sell personal information, share personal information for cross-context behavioral advertising, or engage in profiling in furtherance of decisions that produce legal or similarly significant effects, as those terms are defined under applicable state privacy laws.

Under California Civil Code Section 1798.83, California residents who have provided personal information to a business with which they have an established business relationship may request information about whether the business has disclosed personal information to any third parties for the third parties’ direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes. To submit a Shine the Light request, contact hello@autheit.com.

If we materially change our data practices in a way that triggers additional state-law obligations, we will update this Privacy Policy and provide required notices.

Some browsers transmit “Do Not Track” (“DNT”) signals to websites. There is no accepted standard for how to respond to DNT signals, and the Services do not currently respond to DNT signals. We will update this Privacy Policy if our practices change.

The Services are intended for users 18 or older. We do not knowingly collect personal information from users under 18. If you believe a minor has provided us personal information, contact us and we will review and take appropriate action consistent with applicable law.

The Services are designed to analyze images of luxury goods and are not intended to collect or process biometric identifiers or biometric information (such as facial geometry, fingerprints, or other physiological characteristics). If you submit images that incidentally contain biometric identifiers (for example, photos that include your face or hands), we do not knowingly extract, analyze, or store biometric identifiers from such images for the purpose of identifying individuals. To the extent that any processing of images could be deemed to involve biometric data under applicable law, we process such data solely for the purpose of providing and improving the Services, and we do not sell, lease, or otherwise disclose biometric data to third parties except as necessary to provide the Services or as required by law.

The Services may link to third-party websites or services. Their privacy practices are governed by their own policies, not this Privacy Policy.

We may update this Privacy Policy from time to time. If we make material changes, we will update the “Last Updated” date and provide additional notice where required by law.

AUTHE IT INC.
Website: https://autheit.com
Privacy: hello@autheit.com