EEA and UK Privacy Notice
This notice provides additional information for users in the European Economic Area (EEA) and the United Kingdom (UK). Users in the EEA and UK have certain privacy rights as specified under EU and UK law, including the General Data Protection Regulations (GDPR) and UK Data Protection Act 2018. Our Privacy Principles and the privacy controls we offer to all users align with these laws—this notice ensures we cover the EEA and UK-specific requirements. For example, all users can request a copy of their data, request deletion, and control their privacy settings in the app. For the full picture, please refer to our Privacy Policy.
Data Controller If you’re a user in the EEA or UK, you should know that Nivafy, is the controller of your personal information.
Rights of Access, Deletion, Correction, and Portability You can exercise your rights of access, deletion, correction, and portability as described in the Control Over Your Information section of the Privacy Policy.
Bases for Using Your Information Your country only allows us to use your personal information when certain conditions apply. These conditions are referred to as “legal bases” and, at Nivafy, we typically rely on one of four:
Contract. One reason we might use your information is because you’ve entered into an agreement with us. For example, when you use our services and accept our terms and conditions, we need to use some of your information to provide the service you’ve requested.
Legitimate Interest. Another reason we might use your information is because we have—or a third party has—a legitimate interest in doing so. For example, we need to use your information to provide and improve our services, including protecting your account, providing customer support, and helping you find features and content we think you’ll like. An important point to understand about legitimate interest is that our interests don’t outweigh your right to privacy, so we only rely on legitimate interest when we think the way we are using your data doesn’t significantly impact your privacy or would be expected by you, or there is a compelling reason to do so. We explain our legitimate business reasons for using your information in more detail in our privacy policy.
Consent. In some cases, we’ll ask for consent to use your information for specific purposes. If we do, we’ll make sure you can revoke your consent in our services or through your device permission. Even if we’re not relying on consent to use your information, we may ask you for permission to access data like contacts and location.
Legal Obligation. We may be required to use your personal information to comply with the law, like when we respond to valid legal process or need to take action to protect our users. Our policy is to notify users when we receive legal process seeking their account information, with some exceptions. More details are available in our privacy policy.
Last Updated: 04 November 2025 Version: 2.0
This section adds transparency about legitimate interests, data-retention timelines, cross-border safeguards, and limited automated processing.
Examples of Our Legitimate Interests
We process certain personal data on the basis of our legitimate interests (Article 6(1)(f) GDPR), including:
-
Security & fraud prevention: verifying accounts, detecting abuse, preventing spam and impersonation.
-
Service improvement: analysing feature usage to enhance performance, stability, and usability.
-
Personalisation: recommending relevant content, creators, or features to improve your experience.
-
Business operations: internal records, network/information security, service continuity, and essential communications.
When we rely on legitimate interests, we weigh these interests against your rights and freedoms. You can object at any time by contacting [email protected].
Data Retention
We keep personal data only as long as necessary for the purposes described here or to meet legal requirements. Typical periods:
| Category of Data | Retention Period | Purpose / Basis |
|---|---|---|
| Account information (profile, login, preferences) | Account lifetime + 12 months | Account management, dispute resolution |
| Verification data (e.g., ID / phone checks) | Up to 12 months | Fraud prevention and platform security |
| Transactions & billing records | 6–10 years (region dependent) | Legal, tax and accounting compliance |
| AI generation logs & analytics | Up to 24 months | Service improvement, abuse detection |
| Messages & support tickets | 12–24 months | Customer support, dispute handling |
| Cookies & analytics identifiers | 13–24 months | Site analytics and ads management |
| Deleted/banned accounts (backups) | 30–90 days | System recovery, audit trails |
| Marketing & newsletter data | Until consent withdrawn + 30 days | Opt-out management |
After these periods, data is securely deleted or anonymised.
Cross-Border Transfers & Regional Storage
We use secure cloud infrastructure (Cloudflare). Where possible, data originating in the EEA or UK is stored within that region.
If transfers outside the EEA/UK are necessary (e.g., to the U.S.), we rely on the European Commission’s Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum to ensure equivalent protection. For details, contact [email protected].
Automated Processing and Profiling
We use limited automated systems to:
-
detect and prevent fraud or policy violations,
-
moderate content to uphold community standards, and
-
recommend relevant content or features.
These processes support a safe, personalised experience and do not produce legal or similarly significant effects. You may request human review via [email protected].
EU/UK Representative
EU Representative
Email:
UK Representative
Email:
Your Right to Object
As a user, you have the right to object to our use of your information. With many types of data, we’ve provided you with the ability to simply delete it if you don’t want us processing it anymore. For other types of data, we’ve given you the ability to stop the use of your data by disabling the feature altogether. You can do these things in the app.
If there are other types of information you don’t agree with us processing, you can contact us. This could be in circumstances where you might not want us to delete your information, but you want us to stop processing it. Please note, however, that if there is a need for us to keep processing your data for legal or official reasons, we may not be able to comply with your request.
Remember, you have a significant level of control over the personal data you provide to us. We want to respect your choices and control over your data while ensuring that we provide the best services to you. If you have any questions about your privacy rights or need assistance exercising them, please don’t hesitate to contact us.
Complaints or Questions?
We want you to know that you can submit any inquiries to our privacy support team or Data Protection Officer at [email protected]. You also have the right to file a complaint with the supervisory authority in the EEA and in the UK you can file a complaint with the Information Commissioner’s Office.