Privacy Policy

Privacy Policy

Last updated: [October 12th, 2025]

This Privacy Policy explains how Moka IT Engineering (“we”, “us”) collects and processes your personal data when you use our AI headshot generation service.

Contact: danielmoka@mokaie.com Address: Orosházi út 17/8, Hungary

1. Summary (Key Points)

  • What we collect: account details (email), billing info (via Stripe), uploads (your photos), generated images, usage logs, and cookies/analytics.
  • Why: to provide the Service, billing, security, support, and—if you consent—marketing.
  • Storage & vendors: Supabase (app/db/auth), FAL.AI (image storage/processing), Stripe (payments).
  • AI training: No—we don’t train models on your uploads or outputs.
  • Retention: images/results kept until you delete them (you can delete anytime); operational logs retained per security/ legal needs.
  • Your rights: access, rectification, deletion, portability, restriction, objection, and complaint to the Hungarian DPA (NAIH).
  • Legal bases: contract performance, legitimate interests (security, service improvement), and consent (marketing, cookies where required).

2. Data We Process

  • Account & Identity: email, password hash, user ID.
  • Content: photos you upload; generated images; styles/settings.
  • Transaction Data: payment method tokens, billing details (processed by Stripe).
  • Usage & Device: IP address, timestamps, device/browser info, event logs, error logs.
  • Cookies/Analytics: basic consent banner; analytics only after consent where required.

We do not want or knowingly collect data from minors (under 18).

3. Purposes & Legal Bases (GDPR)

  • Provide the Service (process uploads, generate headshots, account, billing, support) — *Art. 6(1)(b) contract*.
  • Security & abuse prevention (logging, fraud prevention, rate-limiting) — *Art. 6(1)(f) legitimate interests*.
  • Service improvement (non-identifying analytics/metrics) — Art. 6(1)(f) legitimate interests and/or consent where required.
  • Marketing emails (news, tips, promotions) — Art. 6(1)(a) consent (opt-in; unsubscribe anytime).
  • Legal compliance (tax, accounting, requests from authorities) — *Art. 6(1)(c) legal obligation*.

We do not use uploads/outputs for model training.

4. Retention

  • User uploads & generated images: kept until you delete them (in-product deletion removes them from active storage; backups may persist for a limited, fixed window before purge).
  • Account data & billing records: retained as required by law (e.g., accounting/tax) and for legitimate interests (dispute handling).
  • Logs: retained for security/operations for a limited period, then either anonymized or deleted.

5. Sharing & Processors

We share data with service providers under data processing agreements:

  • Supabase (hosting/database/auth)
  • FAL.AI (image storage/processing)
  • Stripe (payments)

We may share data:

  • With your consent.
  • To comply with law or enforce terms.
  • In a business transfer (e.g., merger); you’ll be notified of material changes.

We do not sell your personal data.

6. International Transfers

Data may be processed outside your country. Where transfers leave the EEA/UK/CH, we use appropriate safeguards (e.g., EU SCCs and complementary measures). You can contact us for copies of the relevant safeguards.

7. Cookies & Tracking

We use cookies and similar technologies for:

  • Essential operations (authentication, security).
  • Analytics (only after consent where required).

You can manage preferences via our cookie banner or your browser settings.

8. Your Rights (EEA/UK/CH & Applied Globally)

You can:

  • Access your data.
  • Rectify inaccurate data.
  • Delete your data (“right to be forgotten”).
  • Restrict or object to processing (including objection to marketing).
  • Portability: receive data in a common format.
  • Withdraw consent at any time (e.g., marketing, non-essential cookies).

To exercise rights, email danielmoka@mokaie.com. We’ll respond within 30 days (extendable per GDPR where necessary).

You may lodge a complaint with the Hungarian Data Protection Authority (NAIH): https://www.naih.hu/ | 1055 Budapest, Falk Miksa utca 9-11. | +36 (1) 391-1400

9. Children

The Service is 18+. Do not upload anyone’s data if they are under 18. If you believe a minor’s data is present, contact us for deletion.

10. Security

We use reasonable technical and organizational measures (e.g., encryption in transit, access controls, backups). No method is 100% secure; report potential issues to danielmoka@mokaie.com.

11. Communications & Marketing

  • Transactional emails (account, billing, essential updates) — required to run the Service.
  • Marketing emails — sent only with consent; unsubscribe anytime via link or by emailing us.

12. Data Deletion & Portability

You can delete images and your account within the product (or request via email). We will also, on request, export your personal data in a portable format where technically feasible.

13. Changes to This Policy

We may update this Policy. We will post the new version with a new “Last updated” date and, for material changes, provide additional notice (e.g., email or in-app).

14. Contact

Moka IT Engineering Orosházi út 17/8, Hungary Email: danielmoka@mokaie.com