Privacy Policy

Privacy Policy

Last updated: [October 12th, 2025]

This Privacy Policy explains how Moka IT Engineering (“we”, “us”) collects and processes your personal data when you use our AI headshot generation service.

Contact: danielmoka@mokaie.com Address: Orosházi út 17/8, Hungary

1. Summary (Key Points)

  • What we collect: account details (email), billing info (via Stripe), uploads (your photos), generated images, usage logs, and cookies/analytics.
  • Why: to provide the Service, billing, security, support, and—if you consent—marketing.
  • Storage & vendors: Supabase (app/db/auth), FAL.AI (image storage/processing), Stripe (payments).
  • AI training: No—we don’t train models on your uploads or outputs.
  • Retention: images/results kept until you delete them (you can delete anytime). Third‑party processor FAL.AI retains processing artifacts for up to 10 days; then they are deleted by FAL.AI. Operational logs retained per security/legal needs.
  • Your rights: access, rectification, deletion, portability, restriction, objection, and complaint to the Hungarian DPA (NAIH).
  • Legal bases: contract performance, legitimate interests (security, service improvement), and consent (marketing, cookies where required).

2. Data We Process

  • Account & Identity: email, password hash, user ID.
  • Content: photos you upload; generated images; styles/settings.
  • Transaction Data: payment method tokens, billing details (processed by Stripe).
  • Usage & Device: IP address, timestamps, device/browser info, event logs, error logs.
  • Cookies/Analytics: basic consent banner; analytics only after consent where required.

We do not want or knowingly collect data from minors (under 18).

3. Purposes & Legal Bases (GDPR)

  • Provide the Service (process uploads, generate headshots, account, billing, support) — *Art. 6(1)(b) contract*.
  • Security & abuse prevention (logging, fraud prevention, rate-limiting) — *Art. 6(1)(f) legitimate interests*.
  • Service improvement (non-identifying analytics/metrics) — Art. 6(1)(f) legitimate interests and/or consent where required.
  • Marketing emails (news, tips, promotions) — Art. 6(1)(a) consent (opt-in; unsubscribe anytime).
  • Legal compliance (tax, accounting, requests from authorities) — *Art. 6(1)(c) legal obligation*.

We do not use uploads/outputs for model training.

4. Retention

  • User uploads & generated images: kept until you delete them. You can delete media at any time from your account (see Section 12). In‑product deletion removes items from our active storage; backups (if any) may persist for a short, fixed window before automatic purge.
  • Account data & billing records: retained as required by law (e.g., accounting/tax) and for legitimate interests (dispute handling).
  • Logs: retained for security/operations for a limited period, then either anonymized or deleted.

Third‑Party Processing Retention (FAL.AI)

  • For image generation, we use FAL.AI as a processor. According to their standard practice, artifacts related to a generation job are retained for up to 10 days for reliability and abuse monitoring, after which they are deleted by FAL.AI. This retention is independent of your in‑product deletion on our Service.

5. Sharing & Processors

We share data with service providers under data processing agreements:

  • Supabase (hosting/database/auth)
  • FAL.AI (image storage/processing)
  • Stripe (payments)

We may share data:

  • With your consent.
  • To comply with law or enforce terms.
  • In a business transfer (e.g., merger); you’ll be notified of material changes.

We do not sell your personal data.

6. International Transfers

Data may be processed outside your country. Where transfers leave the EEA/UK/CH, we use appropriate safeguards (e.g., EU SCCs and complementary measures). You can contact us for copies of the relevant safeguards.

7. Cookies & Tracking

We use cookies and similar technologies for:

  • Essential operations (authentication, security).
  • Analytics (only after consent where required).

You can manage preferences via our cookie banner or your browser settings.

8. Your Rights (EEA/UK/CH & Applied Globally)

You can:

  • Access your data.
  • Rectify inaccurate data.
  • Delete your data (“right to be forgotten”).
  • Restrict or object to processing (including objection to marketing).
  • Portability: receive data in a common format.
  • Withdraw consent at any time (e.g., marketing, non-essential cookies).

To exercise rights, email danielmoka@mokaie.com. We’ll respond within 30 days (extendable per GDPR where necessary).

You may lodge a complaint with the Hungarian Data Protection Authority (NAIH): https://www.naih.hu/ | 1055 Budapest, Falk Miksa utca 9-11. | +36 (1) 391-1400

9. Children

The Service is 18+. Do not upload anyone’s data if they are under 18. If you believe a minor’s data is present, contact us for deletion.

10. Security

We use reasonable technical and organizational measures (e.g., encryption in transit, access controls, backups). No method is 100% secure; report potential issues to danielmoka@mokaie.com.

11. Communications & Marketing

  • Transactional emails (account, billing, essential updates) — required to run the Service.
  • Marketing emails — sent only with consent; unsubscribe anytime via link or by emailing us.

12. Data Deletion & Portability

You can delete images and your account within the product, or you can request deletion via email.

Self‑service deletion (recommended): In your account under `Dashboard > General`, use “Delete All Media” to remove all uploaded and generated media from our active storage and associated records.

By request: Email danielmoka@mokaie.com to request deletion of specific items or your entire account. We will respond within 30 days and complete deletion without undue delay, subject to legal obligations (e.g., billing records).

Third‑party retention: FAL.AI, our image processing provider, retains processing artifacts for up to 10 days and then deletes them on their systems. We do not control this window, but your deletion request applies immediately to our systems.

We will also, on request, export your personal data in a portable format where technically feasible.

13. Changes to This Policy

We may update this Policy. We will post the new version with a new “Last updated” date and, for material changes, provide additional notice (e.g., email or in-app).

14. Contact

Moka IT Engineering Orosházi út 17/8, Hungary Email: danielmoka@mokaie.com