Patina AI – Privacy Policy
Effective date: March 19, 2025
Triple Bar LLC ("Patina AI," "we," "our," or "us") provides a mobile application that lets watch enthusiasts scan, catalogue, and research wrist‑watches. We take privacy seriously and follow U.S. law, California's CCPA/CPRA, and Apple's App Store Review Guideline 5.1 requirements.
Quick summary
- No ads or tracking. Patina AI does not use the IDFA, fingerprinting, or personalised advertising.
- Your data = your control. You can delete your account (and all images) at any time in Settings › Delete Account.
- Only two data categories are required to use the app: your Sign in with Apple identifier and the photos you choose to upload.
1. Information We Collect
| Category | Examples | Source | Purpose (see § 2) |
|---|---|---|---|
| Account Data | Apple‑scoped user identifier, relay e‑mail address (if you choose Hide My E‑mail) | Sign in with Apple | a, b |
| User‑Provided Content | Watch photos and captions you upload | In‑app upload | a, c |
| Usage Analytics | Session events, screen views, feature flags | Mixpanel SDK | b |
| Crash & Diagnostic Data | Stack traces, device model, iOS version | Sentry SDK | b |
| Server Logs | IP address, request/response metadata | Backend (AWS Ohio) | b |
| OAuth Marketplace Tokens (Optional) | eBay OAuth token & username | User‑initiated marketplace link | a, d |
We do not collect government IDs, precise geolocation, biometric data, or payment information.
2. How We Use Your Information
| Label | Use case | Legal basis (GDPR reference) |
|---|---|---|
| a. Provide the Service | Authenticate you, scan watches, store your images, connect to third‑party marketplaces & Cloudinary image analysis | Performance of contract |
| b. App Health | Measure feature adoption, fix crashes, secure our infrastructure | Legitimate interest |
| c. Your Library | Let you revisit, edit, and (if you choose) delete your uploaded photos | Performance of contract |
| d. User‑Requested Sharing | Push your listing data to eBay (or similar) only when you tap "Share to eBay" | Consent |
We do not train independent machine‑learning models on your photos beyond real‑time recognition for the single request you initiate.
3. Disclosure of Your Information
We never sell your personal information. We share it only with:
| Vendor | Purpose | Location & safeguards |
|---|---|---|
| Apple (Sign in with Apple) | Authentication | USA – OIDC |
| AWS (Ohio region) | App servers & database | SOC 2, ISO 27001 |
| Cloudinary | On‑demand image recognition & CDN | US/EU data centres, DPA & SCCs in place |
| Mixpanel | Usage analytics (de‑identified events) | US servers, IP truncation enabled |
| Sentry | Crash diagnostics | US servers |
| OpenAI (ChatGPT API) | Natural‑language processing for watch descriptions | US/EU compute; data retention 30 days, no model training |
Marketplace integrations (e.g., eBay). If you link an account, we pass the minimum data needed to create your draft listing; the marketplace's own privacy terms apply.
4. Your Rights & Choices
| Jurisdiction | Rights | How to exercise |
|---|---|---|
| All users | Access, correction, deletion | In‑app Settings › Delete Account or e‑mail support@patinaai.com |
| California (CCPA / CPRA) | Opt‑out of "sale" or "sharing" of personal data (Patina AI currently does not sell/share) | e‑mail or in‑app request |
| Future GDPR users | Data portability, objection, restriction, lodge complaint | Contact our Data Protection Officer |
We respond within 30 days. If you delete your account, we erase linked photos, tokens, and analytics identifiers within 30 days (see § 5).
5. Data Retention
| Data type | Retention limit | Deletion trigger |
|---|---|---|
| Account & images | Until you delete account | User request |
| Server logs | 90 days | Rolling purge |
| Analytics & crash data | 13 months | Automatic purge via vendor |
6. Security
TLS 1.2+ in transit; AES‑256 at rest for images and database records.
Role‑based access controls: production data limited to two authorised engineers via MFA VPN.
Regular dependency scanning, quarterly penetration tests, and incident‑response playbook.
7. Children's Privacy
Patina AI is not directed to children under 13 and we do not knowingly collect personal data from them. If you are a parent and believe your child has created an account, please contact us for prompt deletion. Compliance with the U.S. COPPA Rule is therefore achieved by disallowing under‑13 usage.
8. International Data Transfers
Our primary servers are in the United States (AWS Ohio). If we later transfer data outside the U.S. (e.g., Cloudinary's EU CDN), we rely on Standard Contractual Clauses or an adequacy decision.
9. Changes to This Policy
We will post any substantive changes in‑app and update the "Effective date." If the changes materially affect your rights, we will notify you via e‑mail or an in‑app alert.
10. Contact
Triple Bar LLC
Attn: Privacy Officer
E‑mail: support@patinaai.com
Data Protection Officer: Yucheng Lin