CHISPA

Privacy Policy

Last Updated: October 14, 2025

1. Introduction

Holistic Quality, LLC ("we", "our", or "us") operates CHISPA, an AI fashion photography platform. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.

By using CHISPA, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use our Service.

2. Information We Collect

2.1 Information You Provide

Account Information:

  • Email address (required for account creation)
  • Password (encrypted and stored securely)
  • Name (optional)
  • Profile information (optional)

Payment Information:

  • Payment data is processed by Stripe (our payment processor)
  • We do NOT store your credit card information
  • We only receive transaction confirmations from Stripe

Uploaded Content:

  • Fashion item photos you upload for generation
  • Text prompts and descriptions
  • Style preferences and settings

Creator Partnership Applications:

  • Name, email, Instagram handle
  • Portfolio photos (if applying as creator partner)
  • Communication history

2.2 Automatically Collected Information

Usage Data:

  • Pages visited and features used
  • Time spent on the Service
  • Number of generations created
  • Error logs and technical issues

Device and Browser Information:

  • IP address (anonymized after 30 days)
  • Browser type and version
  • Operating system
  • Device type (desktop, mobile, tablet)
  • Screen resolution

Cookies and Tracking:

  • Session cookies (required for functionality)
  • Authentication tokens
  • Analytics cookies (can be disabled)

3. How We Use Your Information

3.1 Core Service Functionality

  • Create and manage your account
  • Process AI image generations
  • Track credit usage and purchases
  • Provide customer support
  • Send transactional emails (receipts, confirmations)

3.2 Service Improvement

  • Improve AI model quality and accuracy
  • Fix bugs and technical issues
  • Analyze usage patterns to enhance features
  • Develop new features and services

3.3 Communication (With Your Consent)

  • Product updates and new features
  • Tips and best practices
  • Marketing and promotional content (opt-in only)
  • Creator partnership opportunities

3.4 Legal and Safety

  • Comply with legal obligations
  • Enforce our Terms of Service
  • Prevent fraud and abuse
  • Protect user safety and security

4. How We Share Your Information

4.1 We DO Share With:

Service Providers:

  • Supabase - Database and authentication
  • Stripe - Payment processing
  • Vercel - Website hosting
  • Replicate - AI model inference
  • Google Analytics - Usage analytics (anonymized)

Legal Requirements:

  • If required by law or court order
  • To protect our legal rights
  • To prevent fraud or illegal activity

4.2 We DO NOT Share:

  • ❌ Your personal information with advertisers
  • ❌ Your uploaded images with third parties
  • ❌ Your email with marketing companies
  • ❌ Your payment information (we don't even have it)
  • ❌ Your data for sale to data brokers

5. Data Retention

5.1 Active Accounts

We retain your data as long as your account is active or as needed to provide services.

5.2 Uploaded Content

  • Fashion item uploads: Deleted immediately after generation (within 24 hours)
  • Generated images: Stored for 30 days, then available only if you save them
  • Creator portfolio photos: Retained while partnership is active

5.3 Deleted Accounts

After account deletion:

  • Personal information deleted within 30 days
  • Anonymized analytics may be retained
  • Legal/financial records retained as required by law (typically 7 years)

6. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption: SSL/TLS encryption for data in transit
  • Database Security: Encrypted storage with Supabase
  • Authentication: Secure password hashing (bcrypt)
  • Access Controls: Limited employee access on need-to-know basis
  • Regular Audits: Security reviews and updates

However, no system is 100% secure. We cannot guarantee absolute security of your data.

7. Your Privacy Rights

7.1 All Users

You have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update inaccurate information
  • Deletion: Request deletion of your account and data
  • Opt-Out: Unsubscribe from marketing emails
  • Export: Download your generated images

7.2 GDPR Rights (EU Users)

If you're in the European Union, you also have:

  • Right to Portability: Receive your data in machine-readable format
  • Right to Object: Object to processing for specific purposes
  • Right to Restrict: Limit how we process your data
  • Right to Withdraw Consent: At any time

7.3 CCPA Rights (California Users)

California residents have the right to:

  • Know what personal information is collected
  • Know if personal information is sold or disclosed (we don't sell data)
  • Opt-out of sale of personal information (not applicable - we don't sell)
  • Request deletion of personal information
  • Non-discrimination for exercising rights

7.4 How to Exercise Your Rights

Contact us at privacy@getchispa.com with your request. We'll respond within 30 days.

8. Children's Privacy

CHISPA is not intended for users under 18 years old. We do not knowingly collect personal information from children.

If we become aware that a user is under 18, we will:

  • Immediately terminate the account
  • Delete all associated data
  • Notify the parent/guardian if possible

If you believe a child has created an account, please contact us immediately at privacy@getchispa.com.

9. International Data Transfers

CHISPA is operated in the United States. If you're accessing from outside the US, your data may be transferred to and processed in the US.

We use Standard Contractual Clauses (SCCs) and other safeguards to protect data transferred internationally, in compliance with GDPR and other privacy regulations.

10. Cookies and Tracking Technologies

10.1 Essential Cookies

Required for the Service to function:

  • Authentication tokens
  • Session management
  • Security features

These cannot be disabled.

10.2 Analytics Cookies

Help us understand usage patterns:

  • Google Analytics (anonymized IP)
  • Page views and feature usage
  • Error tracking

You can disable these in your browser settings.

10.3 Third-Party Cookies

Some third-party services may set cookies:

  • Stripe (payment processing)
  • Vercel (hosting)

These are governed by the third-party's privacy policy.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be effective immediately upon posting to our website.

For material changes, we will:

  • Update the "Last Updated" date
  • Notify you via email (if you've opted in)
  • Display a prominent notice on the website

Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

For questions, concerns, or requests regarding your privacy or this policy:

Holistic Quality, LLC

Privacy Inquiries: privacy@getchispa.com

General Support: levi@getchispa.com

Website: https://getchispa.com

By using CHISPA, you acknowledge that you have read and understand this Privacy Policy.