Privacy Policy of Styly.io

Last updated: 25.04.2025

At Styly.io, protecting your privacy and personal data is a priority. As the data controller, Styly is committed to safeguarding your personal data in accordance with Regulation (EU) 2016/679 of April 27, 2016 (the General Data Protection Regulation – GDPR) and other applicable laws.
This Privacy Policy informs you about how we collect, use, disclose, store, and protect your personal data when you use our mobile or web application (the “Application”), and what your rights are regarding that data.

1. Data We Collect

By using the Application, you may provide or transmit information that can directly or indirectly identify you (hereinafter “Data”). This includes:

• Account Data: Provided via Apple Sign In (email or anonymized email).

• Styly Image Data: Includes images you upload and those generated by the Application. These can be deleted by you at any time from the “Projects” section.

• Browsing Data: Technical data such as IP address, device type, browser language, date and time of access, and usage logs.

2. How We Use Your Data

We process your Data for the following purposes and on the following legal bases:

PurposeLegal Basis(i) Creating and managing your accountContractual necessity(ii) Executing contracts between you and StylyContractual necessity(iii) Managing our business relationshipLegitimate interest(iv) Maintaining and improving the ApplicationLegitimate interest(v) Sending newslettersConsent(vi) Managing user support and rights requestsLegal obligation / Legitimate interest

Where required, we will inform you if certain data is mandatory. Mandatory data is marked with an asterisk (*). Failure to provide required data may restrict or prevent access to the Service.

3. Who Has Access to Your Data

3.1. Authorities and Public Bodies

We may disclose your Data to public authorities (e.g., courts, law enforcement) if required by law or in the context of investigating illegal activity.

3.2. Third-Party Service Providers

We work with trusted partners for hosting, analytics, subscriptions, and communications. These include:

• AWS Cloud: Application and database hosting

• Hostinger: Website hosting

• Google Analytics: Traffic and usage analytics

• Stripe: Subscription and payment processing

• MailerLite: Newsletter management

• Glassfy, Netlify, Google Cloud: Application and infrastructure services

Each provider is contractually bound to protect your Data and comply with GDPR.

4. Data Retention

Your Data is stored only for the time necessary to fulfill the purpose it was collected for, as outlined below:

• Account Management: Duration of the user relationship + 3 years

• Contract Execution: Duration of contract + 5 years (legal requirement)

• Commercial Relationship: Active period + 5 years

• Application Usage Data: 1 year

• Newsletter Data: Until unsubscription

• Support and Complaints: As long as needed to process the request

Once the retention period expires, your Data is deleted or anonymized. In limited cases (e.g., legal obligations), data may be archived securely and offline.

5. International Transfers

Your Data may be transferred outside the European Union, always under strict legal protections. These include:

• Transfer to countries with an adequacy decision by the European Commission

• Use of Standard Contractual Clauses (SCCs)

• Implementation of Binding Corporate Rules

• Use of appropriate safeguards as defined in Article 46 of the GDPR

You may request details on these safeguards by contacting us (see Section 9).

6. Data Security

We implement technical and organizational security measures to protect your Data from unauthorized access, alteration, disclosure, or destruction. You are responsible for safeguarding your login credentials.

7. Your Rights

You have the following rights under the GDPR:

• Right to Access: Know what Data we hold and receive a copy

• Right to Rectification: Correct incomplete or inaccurate Data

• Right to Erasure ("Right to be Forgotten") under certain conditions

• Right to Restrict Processing in specific situations

• Right to Data Portability: Receive your Data in a machine-readable format

• Right to Object to processing based on legitimate interest or for direct marketing

• Right to Withdraw Consent at any time, without affecting prior processing

• Right to Lodge a Complaint with a supervisory authority

• Right to Define Directives on how your Data should be handled after your death

To exercise your rights, contact us at: contact@styly.io
We may require proof of identity before responding to your request.

8. Changes to This Privacy Policy

We may update this policy periodically to comply with legal, technical, or business changes. Updates will be posted here with an updated “Last updated” date.
When legally required, we will notify you or seek your consent for material changes.

9. Contact

For any questions or to exercise your rights under this policy:

📧 Email: contact@styly.io