Privacy Policy

A. Information you provide directly

• Account details (name, email), shipping/billing details, designs you create and upload, and messages you send to support.

B. Automatically collected

• Device and usage data such as IP address, browser type, pages visited, referring URLs, and cookies or similar identifiers.

C. Google user data obtained via OAuth

When you choose “Continue with Google”, we receive Google user data limited to the scopes you consent to. Currently the App requests the minimum necessary scopes:

• openid, email, profile: basic account information to authenticate you and get your verified email, name and profile picture.

We also store OAuth tokens necessary to keep you signed in. Access and refresh tokens are stored securely and never exposed client-side beyond what is required for authentication.

• Authenticate you and operate the App.
• Create, render and fulfill your AI T‑shirt designs and orders.
• Provide support and communicate about your account, orders, and service updates.
• Maintain security, prevent fraud/abuse, and comply with legal obligations.
• Analyze aggregated usage to improve features and performance.

We limit our use of Google user data to providing or improving user‑facing features of the App. We do not use Google user data for targeted advertising, selling to data brokers, credit or lending decisions, creating unrelated databases, or training AI models.

We do not sell your personal information. We share data only as described below:

• Service providers who process data on our behalf to host the App, provide analytics, payments, customer support, and order fulfillment. These providers are bound by contracts requiring confidentiality and security.
• Legal and safety when required by law or to protect rights, property, or safety of users, us, or others.
• Business transfers in connection with a merger, acquisition, or sale of assets, where permitted by law.

We do not transfer Google user data to third parties except as necessary to provide or improve the App’s user‑facing features, or as required by law.

We implement technical and organizational measures designed to protect personal data, including:

• Industry‑standard encryption in transit (HTTPS/TLS).
• Encryption at rest for databases and storage where available.
• Restricted access based on need‑to‑know and role‑based controls.
• Audit logging and token rotation practices.
• Regular backups and vulnerability management.

We keep personal information only as long as needed for the purposes described in this Policy, including to comply with legal, accounting, or reporting obligations.

• Account data is retained while your account is active. If you delete your account, we will delete or anonymize your personal data within 30 days, unless we must keep certain information to comply with law or resolve disputes.
• OAuth tokens are revoked and deleted when you disconnect Google or delete your account.
• Order and payment records are retained for the periods required by tax and accounting laws.

You may request deletion at any time from in‑app Settings → Delete account or by emailing support@holover.ai. We will confirm once the request is completed.

We may process data in countries outside your country of residence. Where required, we rely on appropriate safeguards, such as the EU–U.S. Data Privacy Framework, Standard Contractual Clauses, or equivalent mechanisms.

Depending on your location, you may have rights to access, correct, delete, restrict or object to processing of your personal data, receive a portable copy, or withdraw consent where processing is based on consent. To exercise your rights, contact us at support@holover.ai.

If you are in the EEA/UK, you may lodge a complaint with your local supervisory authority.

We may update this Policy from time to time. We will post the updated version and change the “Last updated” date. If changes materially affect your rights or how we use your data, we will notify you in‑app or by email before the changes take effect.