Cwai Privacy Policy
Effective Date: 19 October 2025
Last Updated: 19 October 2025
Cwai (“we”, “our”, “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our web platform to create, order, and manage custom accessories and clothing.
By using Cwai, you agree to this Privacy Policy and our Terms of Use.
1. Eligibility & Children’s Privacy
- Cwai is intended for users 13 years and older.
- By registering, you confirm you are 13+ and agree to our Terms and Privacy Policy.
- If an under-13 account is detected or reported, the account and personal data are deleted promptly by an employee.
2. Information We Collect
- Account Information: Name (for delivery), email (for notifications), phone number (authentication via Supabase)
- User-Generated Content: AI-generated images, mockups, and custom designs used to enable purchases
- Account Data: Username, tokens, basket items, orders
- Device & Session Data: Cookies for authentication and caching to improve UX
- Interaction with CAPTCHA: Google reCAPTCHA collects IP and device info to prevent spam
Note: No sensitive personal information is collected outside Stripe payment processing.
3. How We Use Your Data
- Account Management & Authentication – logins, account access, content management
- Order Processing & Fulfillment – payments (Stripe), shipping (Printful)
- AI Functionality – generate images (Stable Diffusion) and mockups based on user input
- Fraud & Security – prevent bots and unauthorized access via reCAPTCHA
- Communications – transactional emails only (no marketing)
- Internal Analysis – aggregated, anonymized data to improve the app
4. User-Generated Content & Licensing
- You retain ownership of your images and designs.
- You grant Cwai a worldwide, royalty-free, sublicensable license to:
- Sell content as-is or incorporated into products (T-shirts, mugs, phone cases)
- Use content internally for analytics, demos, or app improvements
- License Revocation: Only for content not used in delivered products.
- Manual moderation may reject content; you can contest via support@customisewithai.com.
- Account Deletion: Deleting your account deletes content immediately, except transactional/legal records.
5. Data Sharing / Third-Party Processors
| Third Party | Purpose | DPA / Privacy Link |
|---|---|---|
| Supabase | Database & authentication | View |
| Stripe | Payment processing | View |
| Printful | Fulfillment & shipping | View |
| Google reCAPTCHA | Spam & bot prevention | View |
| Stable Diffusion | Image generation | View |
6. Data Retention
- Transactional / Financial / Order Data: 7 years
- Account Data: 3–5 years after last activity
- User-Generated Content: Until account deletion
- Cache Data: Temporarily stored to improve UX
7. Cookies & Tracking
- Functional cookies only
- reCAPTCHA collects IP/device info; consent obtained at signup
- No marketing/tracking cookies used
- Browser settings can manage cookies; disabling may affect functionality
8. Moderation
- All content moderation is manual
- Rejected content can be contested via support@customisewithai.com
9. International Transfers
- All data is processed primarily in the UK
- Some third-party services (e.g., Stripe, Supabase) may transfer or store data outside the UK
- We ensure lawful transfer mechanisms are in place
10. Your Rights
Under UK GDPR, you may:
- Access, correct, delete, or export your data
- Withdraw consent for optional processing
- Requests: Contact support@customisewithai.com. Fulfilled within 1 month.
11. Security Measures
- Encryption & access control via Supabase/Vercel
- HTTPS for communications
- Annual security audits
- Limited access to authorized personnel
- Breach notification within 72 hours
12. Policy Changes
- Material changes: email + app banner notification
- Minor updates posted online
13. Contact & Enforcement
- Email: support@customisewithai.com
- ICO complaints: https://ico.org.uk