Privacy Policy

 Last modified: March 2026 

PLEASE READ THE FOLLOWING PRIVACY POLICY, FOR INFORMATION REGARDING THE WAYS YOUR PERSONAL DATA MAY BE PROCESSED, CAREFULLY. WHEN YOU USE THE APP YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO BE BOUND BY THIS PRIVACY POLICY.

By entering any user data specified in subsection “Third-Party AI-Generated Content Provider Data Transfer” below and/or choosing AI-based features into the App, you explicitly consent to the transfer of such data to the third-party AI service providers listed in Section IV as “AI-generated content provider” for the purpose of generating the AI response. We engage these service providers to process and create AI-generated User Content based on your inputs. Please see subsection “Personal Information related to your use of the App,” “Wardrobe and Style Content,” “Face Data,” and Section IV for details.

I. INTRODUCTION

AIBY Inc. (“we,” “us” or “our”) takes your privacy seriously. This Privacy Policy (“Privacy Policy”) explains our data protection policy and describes the types of information we may process when you install and/or use “OnStyle” software application for mobile devices (the “App”, “our App”).

When we refer to personal data (or personal information) we mean any information of any kind relating to a natural person who can be identified, directly or indirectly, in particular by reference to such data.

It is a natural person who can be identified directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social status.

This Privacy Policy (except for Annex below - “U.S. Multistate Privacy Notice”) applies to all users of the App regardless of where they are located. The U.S. Multistate Privacy Notice included in the Annex to this Privacy Policy supplementary applies to those users who:
a) are residents of U.S. states where corresponding U.S. State Privacy Laws were enacted; and
b) fall within the scope of the U.S. Multistate Privacy Notice applicability.

II. INFORMATION WE PROCESS

There are several categories of information that can be processed.

Functional Information 

Be aware that the collection and processing of certain information depends on whether the corresponding features are available in the App, and may differ across different platforms or versions of the App.

We ask for and process the following information when you use the App. This information is necessary for the adequate performance of the contract between you and us. Without it, we may not be able to provide you with the full functionality of the App.

– Account and Profile Information: This includes your username, email address, and profile photo (if you choose to add one), as well as authorization data if you register using a third‑party service like Sign in with Apple, Google, or email‑based authentication. If you create an account or sign in on our Website, we create an OnStyle account for you and may link your plan and any purchased subscription to that account, so that you can access them in the App. If you remove the App from your device but do not delete your account, we will continue to store your account information. If you choose to delete your account, all associated information will be permanently erased. If you log out of your account, your data will not be visible on your device but can be accessed again upon logging back in.

Web‑to‑App sign‑in and account linking. If you choose to continue in the App from our Website, we will sign you in to the App automatically using a short‑lived, secure token embedded in a link (a “magic link”). This token contains only the information necessary to identify your OnStyle account (such as your internal user ID and email), is valid for a limited period of time, and is processed on our servers solely for authentication and subscription management purposes. It is not used for advertising and is not shared with third parties for their own independent purposes.

– Personal Information related to your use of the App. You may fill in such information to enable the App to provide you with informational materials related to choosing style according to your age, body type and color type, creating digital wardrobes that are more appropriate to you. Specifically, you may fill in information about your gender, age group, body type, height, color type and other information that you voluntarily provide to the App. We collect and use Personal Information related to your use of the App solely to operate the App services and provide you with the App functionality in accordance with this Privacy Policy. Geolocation data is processed automatically via GPS, Wi-Fi, or network triangulation exclusively for the purpose of providing the wardrobe recommendation regarding your weather conditions, and only if you have granted the necessary permission. This data is used in real time and is not stored, transmitted, or used to identify you personally. You can learn more about privacy and opt-out options on iOS devices here https://support.apple.com/en-us/HT203033 and on Android devices here https://support.google.com/googleplay/answer/1075738.

– Wardrobe and Style Content: It may include photos and images of your own clothing and accessories that you upload to create your digital wardrobe, text prompts or questions you direct to our AI Stylist, and outfits, lookbooks, and other content you voluntarily download to or generated by the AI based on your input. This data is used exclusively to provide our App's core features and is not used for identification, profiling, or other purposes, nor do we create or store biometric information from it.

– Face Data: It may include photos of your face that you provide for personal color analysis purposes or any other static images that you upload to the App and which may include face data. This data is used exclusively to provide our App's core features and is not used for identification, profiling, or other purposes, nor do we create or store biometric information from it.

Together, “Wardrobe and Style Content” and “Face Data” are referred to as “User Content”.

-- Contact Information (such as name, e-mail address, or any other content included in the email) that you may fill in by yourself when you contact us via email, support form. We collect, store and process it by our cloud storage provider (Amazon Web Services, Inc.). We use such information to respond effectively to your inquiry, fulfill your requests, send you communications that you request and perform the requested services.

Information That Is Processed Automatically 

On the basis of your permission we use third-party automatic data processing technologies (advertising or analytics tools) to analyze certain information sent by your device via our App (Identity For Advertisers). We use device identifiers to help our partners serve personalized content and ads. You can control or reset these identifiers in your device settings.
Some integrated advertising or analytics tools (check Section IV to see the list of them) launch automated processing of your personal data, including profiling. Processing information through automatic data processing technologies starts automatically once you grant us your permission via allowing our App to track your activity. You can withdraw your permission at any time; please check opt-out options in Section VIII below.

We may process some information about your device and your user behavior on the ground of our legitimate interest. This information falls within categories of data described above in Subsection “Information That Is Processed Automatically”, it is generally non-personal, i.e. it does not, on its own, permit direct association with any specific individual, and we may access it only in aggregated form. We use this information for improving our App and giving our users the best experience.

What data can be processed:

• Device Details. When you use a mobile device to access our App, some of the details about your device are reported, including “device identifiers”. Device identifiers are small data files or similar data structures stored on or associated with your mobile device, which uniquely identify your mobile device (but not your personality). Device identifier enables generalized reporting or personalized content and ads by the third parties.

  Information about the device itself: type of your device, type of operating system and its version, model and manufacturer, screen size, screen density, orientation, audio volume and battery, battery life, loading time, latency, framerate, device memory usage.

  Information about the Internet connection: mobile carrier, network provider, network type, IP address, timestamp and duration of sessions, speed, browser. 

  Location-related information: IP address, the country code/ region/ state/ city associated with your SIM card or your device, language setting, time zone, neighboring commercial points of interest (eg. “coffee shop”).

  Other device identifiers: e.g. user identifiers (if they are set up by the App’s developer).

• Information about the applications. Name, API key (identifier for application), version, properties of our App can be reported for automated processing and analysis. Some services also record the list of applications and/or processes which are installed or run on your device.
• Cookies and similar technologies. When you use the App, cookies and similar technologies may be used (pixels, web beacons, scripts). A cookie is a text file containing small amounts of information which is downloaded to your device when you access the App. The text file is then sent back to the server each time you use the App. This enables us to operate the App more effectively. For example, we will know how many users access specific areas or features within our App and which links or ads they clicked on. We use this aggregated information to understand and optimize how our App is used, improve our marketing efforts, and provide content and features that are of interest to you. We may ask advertisers or other partners to serve ads or services to the App, which may use cookies or similar technologies.
• Log file information. Log file information is automatically reported each time you make a request to access the App. It can also be provided when the App is installed on your device. When you use our App, analytics tools automatically record certain log file information, including time and date when you start and stop using the App, and how you interact with the App.
• Ad-related information. The following data might be reported about the ads you can view: the date and time a particular ad is served; a record if that ad was “clicked” or if it was shown as a “conversion” event; what the ad offer is about; what type of ad it is (e.g., text, image, or video); which ad placement is involved (where the ad offer is displayed within the App); whether you respond to the ad. 
• In-App events. When you use our App, analytics tools automatically record in-App information (tutorial steps, leveling up, payments, in-app purchases, custom events, progression events, method of limiting the processing of user data).

Information provided automatically to advertising or analytics tools does not generally come to our control, therefore we cannot be responsible for processing such information. Please mind that some services are engaged in personal data profiling and may obtain information related to your personality and/or your device by using technologies that do not belong to our scope of responsibility. In case when your user ID is linked to your Facebook account, Facebook may use your device information in association with categorized data that were already recorded in its databases (eg. your age, gender or other demographic indication). We do not control, supervise or stand surety for how the third parties process your personal data, that might be collected by their own means (not through our App). Any information request regarding the disclosure of your personal information should be directed to such third parties (see Section IV).

Payment Information 

When you purchase a subscription within the App using the Apple App Store or Google Play In-App Purchase mechanism, Apple / Google is responsible for billing, processing and charging for all such purchases, handles your payment information and keeps it absolutely safe and secure. This payment information is processed by Apple / Google as part of the performance of the contract between you and us. We cannot access or use your credit or debit card information when you make any purchase related to the App via the App Store's transaction system. You may access the applicable In-App Purchase rules and policies directly from the App Store. In certain cases where subscription processing is handled by our authorized payment provider, we may receive limited subscription-related information, such as your subscription plan, status, payment date, charge amount, or transaction ID. This information is used solely to activate or manage your access to the service and to handle your subscription-related requests. We do not receive or store your full credit or debit card details, these are processed securely by the corresponding payment provider.

III. THE PURPOSES OF PROCESSING YOUR PERSONAL DATA

Our mission is to constantly improve our App and provide you with new experiences. As part of this mission, we use your information for the following purposes:

(a) To make our service available. We use functional information and information that is processed automatically to provide you with all requested services. We process information for this purpose based on Contractual Necessity to perform the services you requested.

(b) To improve, test and monitor the effectiveness of our App. We use information that is processed automatically to better understand user behavior and trends, detect potential outages and technical issues, to operate, protect, improve, and optimize our App. We process information for this purpose based on our Legitimate Interest in improving our service for our users.

(c) To provide you with interest-based (behavioral) advertising or other targeted content. We may use information that is processed automatically for marketing purposes (to show ads that may be of interest to you based on your preferences). We and our service-providers listed below provide personalized content and information to you, which can include online ads or other forms of marketing. We process information for this purpose based on your Consent, which you can manage in your device or App settings.

(d) To communicate with you. We use your contact information to respond to your support requests, send you service-related announcements, ask for feedback, and inform you about updates to our policies and terms. With your permission, we may also send you marketing communications. For service-related communications, we rely on Contractual Necessity. For necessary communications beyond our contractual responsibilities, we can generally rely on Legitimate Interest.

(e) For Safety, Security, and Compliance. We use your information to prevent and investigate fraud, spam, or other malicious activity, to enforce our Terms of Use, and to comply with our legal obligations. We process information for this purpose based on our Legitimate Interest in protecting our platform and users, and to comply with Legal Obligations.

If any new purposes for processing your personal data arise we will let you know we start to process information on that other purpose by introducing the corresponding changes to this Privacy policy.

IV. SHARING OF YOUR INFORMATION

We will share your information with third parties only in the ways that are described in this Privacy policy. We adhere to the U.S. Digital Advertising Alliance’s Self-Regulatory Principles for the Mobile Environment.

Please note that while integrating external services we choose third parties that can assure they apply all necessary technical and organizational measures to protect user personal data. Regarding AI-generated content providers listed below, we confirm that all third-party AI-generated content providers provide the same or equal protection of user data as stated in this Privacy Policy, AI-generated content provider’s Privacy Policy available via links below, and required by applicable laws. However, we cannot guarantee the security of any information transmitted from us to any such third party. We are not responsible for any accidental loss or unauthorized access to your personal data through a fault of third parties.

We will not rent or sell your personal data to any third parties, but we may share your information from tools like cookies, log files, and device identifiers and location data, with third-party organizations that provide automatic data processing technologies for the App. We do not control or influence these third parties’ tracking technologies or how they may be used.

We may also share certain information such as cookie data with third-party advertising partners. This information allows third-party ad networks, inter alia, to deliver targeted advertisements that they believe will be of most interest to you.

We may engage the following third-party service providers in order to provide us with necessary infrastructure for delivery and improvement of our services:

Entity name	Services performed	Entity location	Link to Privacy Policy
AI third-party service providers
OpenAI, L.L.C.	AI-generated content provider	U.S.A.	https://openai.com/privacy/ To learn more information about applicable license terms with respect to User Content, visit https://openai.com/terms/
Other third-party service providers
Amazon Web Services, Inc.	Cloud storage provider	U.S.A.	https://aws.amazon.com/privacy/ Data Privacy FAQ: https://aws.amazon.com/compliance/data-privacy-faq/
Amplitude Inc.	Analytics service provider	U.S.A.	https://amplitude.com/privacy
AppsFlyer Inc AppsFlyer Ltd. and its affiliates	Analytics service provider	U.S.A./other countries (depending on entity)	https://www.appsflyer.com/legal/services-privacy-policy/
Cloudflare, Inc.	Video streaming and CDN service provider	U.S.A.	https://www.cloudflare.com/privacypolicy
Google LLC. (AdMob, Google Analytics)	Ad management service provider / Analytics service provider	U.S.A.	Google Privacy Policy: https://policies.google.com/privacy?hl=en How Google uses information from sites or apps that use its services: https://policies.google.com/technologies/partner-sites?hl=en Google Analytics uses various types of cookies to analyze user activity on the Website. To learn more about the types of data collected, visit https://support.google.com/analytics/answer/6004245 and https://policies.google.com/technologies/cookies. To disable Google Analytics cookies, follow the instructions in Section IX of the Privacy Policy. Please note that we are not responsible for any use of your data by Google LLC that violates our instructions.
Intuit Inc.,The Rocket Science Group LLC and its affiliates (Mailchimp)	Marketing and automations platform	U.S.A.	Please check with the Intuit Privacy Policy at https://www.intuit.com/privacy/
Firebase Crashlytics (Google LLC)	Analytics service provider	U.S.A.	https://policies.google.com/privacy https://firebase.google.com/support/privacy
Qonversion Inc.	Analytics service provider	U.S.A.	https://qonversion.io/privacy-policy

In case you want to learn more about the services and privacy options (including opt-out) please consult the correspondent websites and privacy policies. 

Our App may contain links to third-party websites/services or you may access the App from a third-party site. We are not responsible for the privacy practices of these third-party sites or services linked to or from our App, including the information or content contained within them. For example, for avoidance of any doubt, we are not responsible for the privacy practices of the retailers, brands, merchants, and other partners (“Retailers”) links to which websites appear in the App. Namely, we have established partnership with the Retailers via FlexOffers (https://www.flexoffers.com/) and Rakuten (https://rakutenadvertising.com/) Networks.

We may disclose your personal information if it is needed for objective reasons, due to the public interest or in other unforeseen circumstances:

- as required by law;

- when we believe, in good faith, that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request;

- if we are involved in a merger, acquisition, or sale of all or a portion of our assets, you will be notified via prominent notice in our App of any change in ownership or your personal information usage, as well as any choices you may have regarding your personal information.

V. INTERNATIONAL DATA TRANSFERS

We work in the cross-border area and provide our App to our users around the world.

We and third-party organizations that provide automatic data processing technologies for the App or our third-party advertising partners may transfer the automatically processed information across borders and from your country or jurisdiction to other countries or jurisdictions around the world.

If you are located in the European Union or other regions with laws governing data processing that may differ from U.S. law, please note that we may transfer information, including personal information, to a country and jurisdiction that does not have the same data protection laws as in your jurisdiction.

This means that your personal information can be transferred to a third country, a territory or one or more specified sectors within that third country, or to the international organization where data protection and confidentiality regulations may not provide the same level of protection of personal data as your country does.

We try to make sure that the recipient of any personal data provides a proper protection of the personal data received, in accordance with the current legislation on the protection of such information. By using the App, you agree that we may transfer your personal data to any third country, a territory or one or more specified sectors within that third country, or to the international organization.

For the purposes of data storage, we recourse to the services of the hosting organizations. We take your privacy seriously and, therefore, encrypt your personal data - if possible - before sending it to the hosting organizations for the purposes of its storage. Please note that we cooperate only with those hosting organizations that have passed our security and reliability check.

VI. HOW LONG WE USE YOUR PERSONAL DATA

We generally retain your personal information for as long as is necessary for performing the functional service of the App and to comply with our legal obligations. 

If you wish to delete your personal data, you may do so by deleting your account within the App or by submitting a data deletion request through our contact form. Upon account deletion or receipt of a deletion request, we will delete your stored personal data, unless retention is required to comply with applicable legal obligations.

Please note that, in certain circumstances, we may retain limited information for a longer period where such retention is necessary to comply with legal requirements (such as taxation, accounting, audit, or regulatory obligations), to resolve disputes, enforce our agreements, prevent fraud or abuse, or maintain security systems. Any such retained data will be stored for the period required by law or necessary for these purposes.

Specific storage terms applicable to Face Data for personal color type analysis

Photos uploaded exclusively for the personal skin or color type analysis feature are processed solely to generate your analysis results and are not retained after processing. These photos are deleted immediately once the analysis is complete and are not stored on our servers.

VII. USER PRIVACY RIGHTS

Applicable data protection laws give you the following rights regarding your personal information:

• The Right to Know (also referred to as the Right to Access). You have the right to obtain a confirmation as to whether or not personal data concerning you is being processed. Additionally, you can request a copy of personal data we hold about you and additional details on how such data is processed.
• The Right to Data Portability. You are entitled to request your personal information in a portable, structured and machine-readable format that makes it easier to reuse such information or transfer it directly to another service, move it wherever you want.
• The Right to Correct Inaccuracies (also referred to as the Right to Rectification). Where you cannot update your data by yourself through your account (if available) or the App settings, you can ask us to correct, change, complete or rectify your data.
• The Right to Data Deletion (also referred to as the Right to Erasure or the Right to Be Forgotten). You have the right to request the deletion of all or some pieces of your personal data we process. In this regard you should bear in mind that applicable data protection laws may provide exceptions to the Right to Data Deletion, which means that under certain circumstances we may need to keep some pieces of your data to comply with legal obligations, detect fraud, exercising or defence of legal claims, for other legal reasons. Therefore, upon receiving your verified request, we’ll delete your personal data and direct our service providers to do the same unless a legal exception applies.
• The Right to Restriction of Processing. Under certain circumstances, you may have the right to limit the ways in which your personal information is processed. These specific circumstances are addressed in data protection laws that may apply to you. For example, you can ask for restriction of data processing in the case of disputed accuracy: if you believe that the personal data we hold about you is inaccurate, you can request a restriction of processing while we verify its accuracy.
• The Right to Object to Processing of Personal Data. When your personal information is processed automatically with the involvement of third party service providers, you may object to such processing in some circumstances. Additionally, when your personal information is processed for direct marketing purposes, you may ask to cease processing your data for these direct marketing purposes. In order to exercise your right to object please submit us the corresponding request. You may also contact the third party service providers listed in the Section IV of this Privacy Policy to learn how you can object to their processing of your data. Most of them have clear instructions on their privacy pages, functional API or other options.

If you are located in the European Union, you may address our representative when you have questions on privacy issues: Konrad Gutowski, privacy @ aiby.com.

VIII. YOUR CHOICES AND HOW TO OPT-OUT

We are committed to providing you with control over your information. This section describes the choices available to all our users.

Interest-Based Advertising and Tracking. You can manage your consent for tracking and interest-based advertising through your device settings and within our App.

• App Tracking Transparency (iOS). We adhere to Apple’s App Tracking Transparency (ATT) framework. This means that on iOS devices, we are required to ask for your explicit permission before we can "track" your activity across apps and websites owned by other companies. Tracking in this context refers to using data from our App (like your device's advertising identifier) to combine it with data from other companies for targeted advertising or ad measurement. If you select "Ask App Not to Track," we will not be able to access your device's advertising identifier (IDFA), which may result in the ads you see being less relevant to you. You can change this permission for our App at any time in your device's Settings > Privacy & Security > Tracking.
  (Android). On Android devices, we use your device's advertising identifier (Advertising ID), provided by Google Play services, to deliver personalized ads and measure their effectiveness. You can limit or opt out of personalized advertising in your device settings: Settings > Privacy > Ads > Delete Advertising ID. If you choose to opt out, the ads you see in our app may be less relevant to you.
• Granular Consent (e.g., EEA/UK & other regions). In certain regions, we use a Consent Management Platform (CMP) that is compliant with the IAB Europe's Transparency and Consent Framework (TCF v2.2). This allows you to provide and withdraw detailed (granular) consent for using your data for marketing and tracking directly within our App's privacy settings.
• Advertising Industry Opt Out Tools. You may also limit the collection of cross-app data for interest-based ads and exercise your right to opt out using the following Advertising Industry Opt Out Tools:
  Digital Advertising Alliance for Mobile Apps: https://youradchoices.com/appchoices
  European Interactive Digital Advertising Alliance (EDAA) https://youronlinechoices.eu
  Network Advertising Initiative: https://optout.networkadvertising.org

Please keep in mind that opting out of interest-based advertising does not mean you will no longer see ads, only that they may be less relevant to you.

Marketing Communications. You can opt-out of receiving marketing emails from us by clicking the "unsubscribe" link provided in every such email. If you have not received such emails, it means we do not process your email address for marketing purposes. You can also manage push notifications at any time in your device's settings.

Location Data. You can manage the App's access to your device's location data at any time in your device's:
(iOS): Settings > Privacy & Security > Location Services;
(Android) : Settings > Location > App permissions.

IX. SECURITY

The security of your personal information is highly important to us. We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it.

We take reasonable and appropriate measures to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the personal information.

We implement appropriate technical and organizational measures, which are designed to implement data-protection principles, such as data minimization, in an effective manner and to integrate the necessary safeguards into the processing. We seek your personal data to be encrypted with proper and strong encryption algorithms, including hashing where possible.

Unfortunately, no method of transmission over the Internet, or method of electronic storage, is 100% secure. We do our best to protect your personal data, nevertheless, we cannot guarantee its absolute security. In the event that your personal information is compromised as a breach of security, we will promptly notify you in compliance with applicable law.

If you have any questions about the security of our App, you can contact us through the contact form displayed below.

X. CHILDREN’S PRIVACY

Our App is not intended for children. Therefore, we do not knowingly or intentionally collect or solicit any personal information from children. For the purposes of this Section X the terms “child” and/or “children” in the context of data processing activities may be interpreted on a case-by-case basis as prescribed by applicable data protection laws. No one who is considered a “child” under applicable data protection laws is allowed to directly provide any personal information to the App.
As a general rule we consider a person under the age of 16 to be regarded as “a child” until we have legal grounds to conclude that a person under 16 should be treated as an adult as per provisions of local data protection rules or based on the parent authorization provided to us directly.
Solely the holders of parental responsibility are liable for preventing their children from providing personal information via the App without relevant verifiable parental consent. If we learn that we have collected personal information from a child without verification of parental consent, we will erase that information as quickly as possible. If you reasonably believe that we might have any information from or about a child, or a child has directly provided us with personal information via the App without verifiable parental consent, please contact us.

XI. CHANGES TO THE PRIVACY POLICY

This Privacy Policy is updated regularly.

Whenever we change this Privacy Policy, we will post those changes to this Privacy Policy and other places that we consider appropriate. Additional forms of notice of modifications or updates as appropriate under the circumstances may be provided to you.

XII. HOW TO CONTACT US

If you have any questions about this Privacy Policy, please feel free to contact us via contact form or via email [email protected].

Copyright © 2023-2026 AIBY Inc.

Annex to Privacy Policy

U.S. Multistate Privacy Notice

INTRODUCTION. THE SCOPE OF APPLICATION

This U.S. Multistate Privacy Notice (“Notice”) supplements the information contained in Privacy Policy and may apply to individual residents of the U.S. states (“Covered U.S. Individual Residents”) that have enacted comprehensive data privacy laws including but not limited to California Consumer Privacy Act of 2018 (CCPA) as amended by California Privacy Rights Act of 2020 (CPRA), Texas Data Privacy and Security Act of 2023 (TDPSA), Virginia Consumer Data Protection Act of 2021 (VCDPA), Colorado Privacy Act of 2021 (CPA), Connecticut Data Privacy Act of 2022 (CTDPA) and others (collectively referred to as “U.S. State Privacy Laws” and separately as “U.S. State Privacy Law”). Notice addresses specific requirements common to U.S. State Privacy Laws and outlines additional information on the rights of Covered U.S. Individual Residents. It also describes how we collect, use, disclose and protect your personal information in compliance with these U.S. State Privacy Laws.

Applicability. Please note that if you are a user of our App and a resident of one of the U.S. states where the corresponding U.S. State Privacy Law was enacted, you’ll be regarded a Covered U.S. Individual Resident and this Notice shall apply to you only if the processing of your personal data in connection with your use of the App falls within the scope of such U.S. State Privacy Law. Please refer to the corresponding U.S. State Privacy Law for further details. If you are still unsure whether this Notice is applicable to you, please do not hesitate to contact us and we will spare no effort to assist you.

The correlation between Privacy Policy and Notice. This Notice does not replace and cannot be used interchangeably with Privacy Policy. On the contrary, Notice serves as a supplemental part of Privacy Policy for Covered U.S. Individual Residents.

The concept of personal data under U.S. State Privacy Laws. Applying Notice, you should also bear in mind that it pertains only to the processing of personal data which is understood as information linked or reasonably linkable to an identified or identifiable individual. Generally U.S. State Privacy Laws do not apply to the processing of de-identified, aggregated data or publicly available information, as these categories fall outside the scope of personal data.

THE CATEGORIES OF PERSONAL DATA PROCESSED. PURPOSES OF PROCESSING

Detailed information about the categories of personal data that may be processed when you use the App is contained in Section II of Privacy Policy > >

To learn about the purposes of personal data processing please review Section III of Privacy Policy > >

SHARING OF PERSONAL INFORMATION WITH SERVICE PROVIDERS (PROCESSORS). CLARIFICATIONS ON ISSUES OF DATA SELLING

U.S. State Privacy Laws require us to provide you with information about who we share your personal data with and for what purposes. You can find comprehensive data in this regard in Section IV of Privacy Policy > >. The legal entities indicated in Section IV of our Privacy Policy act as our “service providers” or “processors” within the meaning of U.S. State Privacy Laws and process your information on our behalf for business purposes. The examples of business purposes are the following: auditing related to current interaction with users, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions; providing customer service, advertising, marketing, analytic services; detecting security incidents; debugging; provision of App services to users; improving, enhancing, upgrading the App functionality. Please refer to the table in Section IV of our Privacy Policy to learn what specific services the processors/service providers perform for the App. When we use the services of our processors/service providers and disclose your information for business purposes, we enter into corresponding written contracts with them. These contracts incorporate data processing provisions, parts, sections or annexes that require our processors/service providers not to use personal information transferred by us other than for the purpose of performing the services specified in the contracts. Additionally, the contracts with our processors/service providers specifically prohibit them from and/or do not contain permissions for selling the personal information transferred by us.

We do not “sell” your personal information for monetary gain, which means that we do not and will not disclose your personal information to third parties in direct exchange for money or some other form of payment. However, certain U.S. State Privacy Laws provide expansive definition of the term “sell”, which leads to cases where some disclosures of personal information to a third party even for non-monetary benefit of the disclosing party (“valuable consideration”) may qualify as data selling. In particular, sharing of personal information with third parties for the purposes of “interest-based advertising”/ “cross-context behavioral advertising” may constitute a sale under broad definition and interpretation of this and similar terms (“sell”/”selling”/”sold”) according to some U.S. State Privacy Laws. Even if such kind of data sharing qualifies as sale under U.S. State Privacy Law applicable to you, you’ll always have an option to opt out (see the subsection Instructions on Online Tracking Opt Out below for more details on available opt out mechanisms).

PRIVACY RIGHTS

If you are a Covered U.S. Individual Resident and this Notice applies to you, you’ll be able to exercise all user privacy rights specified in Section VII of Privacy Policy > >, particularly:

• the Right to Know (also referred to as the Right to Access);
• the Right to Data Portability;
• the Right to Correct Inaccuracies (also referred to as the Right to Rectification);
• the Right to Data Deletion (also referred to as the Right to Erasure or the Right to Be Forgotten);
• the Right to Restriction of Processing;
• the Right to Object to Processing of Personal Data.

User privacy rights listed above have similar content and exceptions in different jurisdictions. Their general meaning is addressed in Section VII of Privacy Policy. However, some minor aspects related to these rights may vary slightly from one jurisdiction/state to another, therefore, you may want to consider these differences when submitting your user privacy request.

Besides the rights referred to above, U.S. State Privacy Laws specifically mention the following additional data privacy rights you have:

The Right to Opt Out of the processing of the personal data for purposes of (a) targeted advertising, sometimes also referred to as “cross-contextual behavioral advertising” or “interest-based advertising”; (b) the “sale” or “sharing” of your personal data; (c) profiling in furtherance of solely automated decisions that produce legal or similarly significant effects concerning you. The specified Right to Opt Out is exercised with due regard to the context of our interaction with you as with the user of our App and accompanying data processing activities. To learn the details on how you can exercise your Right to Opt Out, please refer to the subsection Instructions on Online Tracking Opt Out below.

The Right to Non-Discrimination. This right means that you will not receive discriminatory treatment for exercising your privacy right(s). Inter alia, we will not deny you the App services, charge different prices or rates, or provide a different level or quality of services for you if you choose to exercise your user privacy right(s).

The Right to Appeal. If we deny and refuse to take an action on your initial user privacy request, you may have the right to appeal that decision under some U.S. State Privacy Laws. See the subsection How to Appeal Initial Decision Regarding Privacy Request below for more details.

HOW TO EXERCISE YOUR PRIVACY RIGHTS

Depending on the specific user privacy right you choose to exercise, different methods may be available to you.

In particular, when appropriate technical capabilities are accessible to you within the App and/or in your device settings, some rights (e.g. the Right to Correct Inaccuracies, the Right to Data Deletion, the Right to Opt Out) can be exercised by you independently without our assistance and the need to submit us the corresponding request. For instance, in certain circumstances the App may provide you with a possibility to change, update, correct inaccuracies or delete certain pieces of your personal data via your App account settings.

Instructions on Online Tracking Opt Out

Further, there are a number of ways you can exercise the Right to Opt Out of data processing for the purposes of activities that under U.S. State Privacy Laws may qualify as targeted advertising; “sale” (under broad interpretation) or “sharing” of personal data; profiling. Follow the instructions below to stop online tracking activities across third party apps and websites and sharing your data with third parties for personalized ads.

Blocking Advertising ID use in your mobile device settings. Your mobile device settings enable you to make choices about the collection, use or transfer of your Advertising ID to third parties for the purposes of targeted advertising and/or ad measurement. To manage your activity tracking permissions and the use of your Advertising ID, please follow the relevant instructions in Section VIII of our Privacy Policy >>

Advertising Industry Opt Out Tools. Even if you block the access to and use of your Advertising ID, you might still see personalized ads from other companies and ad networks. You have an opportunity to send your opt out request to some of such other companies and ad networks who participate in self-regulatory programs using special Advertising Industry Opt Out Tools. See Section VIII of our Privacy Policy to know which Advertising Industry Opt Out Tools you may choose to use >>

Ad and Analytics Platforms Opt Out Mechanisms. Some third party ad platforms and analytics service providers have their own privacy management tools that allow you opt out and/or make your privacy choices directly. Here there are some examples:

• Google My Ad Center
• “About Facebook Ads” page
• AppsFlyer Opt Out page

Therefore, we recommend you to check the privacy options of our service providers (processors) regularly. The up to date list of our service providers (processors) is presented in Section IV of Privacy Policy >>

Submission of a user privacy request to exercise privacy right(s)

To exercise any user privacy right that cannot be managed by you independently, please contact us via email at privacy @ aiby.com with the corresponding privacy request. When submitting your request, please include in its text the phrase “Exercising my rights to maintain confidentiality in … State”, replacing '...' with the name of the state of your residence. We will make every effort to satisfy any request you make to exercise any of your privacy rights.

AUTHENTICATION OF USER PRIVACY REQUESTS. INSTRUCTIONS ON HOW TO APPEAL OUR INITIAL DECISION REGARDING YOUR PRIVACY REQUEST

When you submit a user privacy request via email at privacy @ aiby.com, we will implement a request authentication procedure. The details and rules governing this procedure are provided below.

We shall comply with your user privacy request only if we are able to authenticate you as the user of our App and as a Covered U.S. Individual Resident. Therefore, when submitting a verifiable user privacy request, you should be ready to:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or such person’s authorized agent, which (depending on the circumstances) may include: name, address, city, state, zip code and email address. We may use this information to surface a series of security questions to you to verify your identity. If you are making a request through an authorized agent acting on your behalf, such authorized agent must provide written authorization confirming their authority to represent your interests or a power of attorney, signed by you.

• Describe your privacy request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We will not be able to respond to your privacy request or provide you with personal information if we cannot: (i) verify your identity or authority to make the request; or (ii) confirm that the personal information relates to you. We may ask you for additional information or documents to verify your identity before taking any action with your privacy request. This is regarded as a safeguard measure to prevent disclosure of your personal information under a fake or scam request.

We ensure that personal information provided in a verifiable user privacy request will be used only to verify the requestor’s identity or authority to make the request and not for any other purpose. We will keep it for the adequate term reasonably needed for the purpose described above and delete after the purpose is fulfilled.

We try to respond to a verifiable user privacy request within forty-five (45) days of its receipt. If we require more time and it is reasonably necessary, we may extend the response period. In this case we will inform you of the reason and the applicable extension period in writing.

How to Appeal Initial Decision Regarding Privacy Request

In cases when we have a reasonable basis, we may choose to decline to take an action regarding the user privacy request. For example, this may happen when we are unable to authenticate a request, or when the request is manifestly unfounded or fraudulent. In this particular case we’ll inform you of the justification for declining to take action within a reasonable period of time after receiving your initial request.

If we decline to take action with respect to your initial request, you may be entitled to appeal our decision under some U.S. State Privacy Laws. To do so, you will need to provide us with the missing information and explanations reasonably necessary to address your request effectively. Within the term prescribed by the applicable U.S. State Privacy Law we’ll inform you in writing of any action taken or not taken in response to your appeal, including a written explanation of the reasons for our decision.

CHANGES TO THIS NOTICE. FINAL PROVISIONS

We may update this Notice from time to time. To stay informed of updates, please review the latest published version of Notice regularly.

If you reasonably believe that certain U.S. State Privacy Law grants you additional rights or options not outlined in this Notice, please contact us via email at privacy @ aiby.com or through our contact form. We will do our best to address all your concerns and reply to your request effectively.

Copyright © 2025 - 2026 AIBY Inc.