Legal
Privacy Policy
Этот документ в настоящее время доступен только на английском языке.
1. Introduction
Fipera Trading F.Z.E (“Fipera”, “we”, “us”) operates the neo-fashion.ai platform (“Platform”, “Service”). This Privacy Policy explains how we collect, use, disclose, and protect personal data when you visit our websites, create an account, or use the Service.
Controller: Fipera Trading F.Z.E, Office C1-1F-SF5937, Ajman Free Zone C1 Building, Ajman Free Zone, United Arab Emirates.
Contact: privacy@neofashion.ai · dpo@neofashion.ai (if appointed)
This Policy is designed to comply with UAE Federal Decree-Law No. 45 of 2021 (PDPL) and, where applicable, GDPR, UK GDPR, and California CCPA/CPRA for international users.
2. Scope
2.1 This Policy applies to:
- The application at app.neofashion.ai
- The marketing site at neofashion.ai
- Related support, billing, and communication channels
2.2 This Policy does not apply to third-party websites linked from our properties.
2.3 Where we process personal data on behalf of a business customer (Workspace Owner), we act as processor and the customer’s DPA may apply in addition.
3. Data we collect
3.1 Account and profile
- Name, email address, password hash (via Supabase Auth)
- Workspace name, role (owner/member), preferences
- Billing identifiers (Stripe customer ID — card data handled by Stripe, not stored by us)
3.2 Usage and technical data
- IP address, browser type, device identifiers, log timestamps
- Feature usage, generation metadata, credit transactions
- Error reports with stack traces — personal data minimised where possible
3.3 Customer content
- Images, prompts, personas, brand configuration, and generated outputs you upload or create
- May include incidental personal data if you upload images of identifiable persons — you are responsible for lawful basis and consent
3.4 Marketing and communications
- Email subscription preferences (if opted in)
- Cookie and analytics data on marketing pages (see Cookie Policy when published)
3.5 Support and correspondence
- Messages you send to support, legal, privacy, or security addresses
4. How we use personal data
| Purpose | Legal basis (indicative) |
|---|---|
| Provide and operate the Service | Contract; legitimate interests |
| Authentication, security, fraud prevention | Legitimate interests; legal obligation |
| Billing and subscription management | Contract |
| Product improvement and analytics (aggregated) | Legitimate interests |
| Marketing emails (B2B) | Consent or legitimate interests where permitted |
| Legal compliance and dispute resolution | Legal obligation; legitimate interests |
| AI generation (processing prompts and images via sub-processors) | Contract |
We do not use Customer Content to train public foundation models unless explicitly disclosed and opted in. Sub-processors’ training policies are listed in our Sub-Processor List.
5. AI and sub-processors
5.1 To generate content, we transmit necessary inputs to AI providers (for example Google Gemini, OpenAI, fal.ai) under contractual safeguards.
5.2 Current sub-processors and their functions are maintained in our Sub-Processor List, including database/auth/storage, AI generation, payments, transactional email, hosting, and error monitoring providers.
5.3 We will update the Sub-Processor List when vendors change.
6. Sharing and disclosure
We share personal data with:
- Service providers listed in our Sub-Processor List, under data processing terms
- Professional advisers (legal, accounting) under confidentiality
- Authorities when required by law or to protect rights and safety
- Business transfers in connection with merger, acquisition, or asset sale (with notice where required)
We do not sell personal data as defined under CCPA.
7. International transfers
Personal data may be processed outside the UAE. Where required, we implement appropriate safeguards (standard contractual clauses, PDPL permitted-country mechanisms, or other approved tools).
8. Retention
| Data type | Retention (indicative) |
|---|---|
| Account data | While account active, plus a limited period after closure |
| Billing records | As required by tax/accounting law (typically 5–7 years in the UAE) |
| Generation logs | Per workspace settings / plan; deleted on workspace deletion where feasible |
| Marketing analytics | Per cookie policy retention |
| Support tickets | A limited period after resolution |
We may retain anonymised or aggregated data indefinitely.
9. Security
We implement technical and organisational measures including encryption in transit, access controls, row-level-security-isolated multi-tenant data, and server-side credit enforcement. No method is 100% secure — report issues to security@neofashion.ai.
See our Security page for disclosure practices.
10. Your rights
Depending on your location, you may have rights to:
- Access a copy of your personal data
- Rectify inaccurate data
- Erase data (subject to exceptions)
- Restrict or object to certain processing
- Portability (GDPR)
- Withdraw consent where processing is consent-based
- Opt out of certain sharing (CCPA)
UAE PDPL: You may exercise rights under Federal Decree-Law No. 45 of 2021 by contacting privacy@neofashion.ai. We will respond within timelines required by applicable law.
To exercise rights, email privacy@neofashion.ai with verification of identity. Workspace members should contact their Workspace Owner where data is controlled by the customer organisation.
11. Children
The Service is not directed to individuals under 18. We do not knowingly collect children’s personal data. Contact privacy@neofashion.ai if you believe we have collected such data.
12. Cookies and tracking
We use cookies and similar technologies on marketing and app properties. Details: Cookie Policy. You can manage preferences via the cookie banner when deployed.
13. Automated decision-making
We do not make solely automated decisions with legal or similarly significant effects without human review, except where permitted by law and disclosed.
14. Data breach notification
If we become aware of a personal data breach likely to pose risk to individuals, we will notify affected users and regulators as required by applicable law, including PDPL timelines.
15. Changes to this Policy
We may update this Policy. Material changes will be posted on this page with an updated effective date and, where required, notified by email.
16. Contact and complaints
| Channel | Address |
|---|---|
| Privacy requests | privacy@neofashion.ai |
| DPO (if appointed) | dpo@neofashion.ai |
| Security | security@neofashion.ai |
| Complaints | complaints@neofashion.ai |
Postal: Fipera Trading F.Z.E, Office C1-1F-SF5937, Ajman Free Zone C1 Building, Ajman Free Zone, United Arab Emirates.
You may also lodge a complaint with the UAE Data Office or your local supervisory authority where applicable.