Inku - Privacy Policy

Last updated: 17 May 2025
Effective date: 31 May 2025

1. WHO WE ARE

Augmentum Studios Ltd (“we”, “us”, “our”) operates the Inku mobile application and the website at https://augmentumstudios.com (together “the Service”). Contact: WC1X 9LP United Kingdom, support@augmentumstudios.com.

2. SCOPE

This policy explains how we collect, use, disclose and safeguard your information when you use the Service. It applies to all users and is written to meet the UK GDPR and comparable laws in other territories where we may make the Service available.

3. AGE RESTRICTION

The Service is intended for persons 18 years of age or older. During registration you must confirm that you are at least 18. We do not knowingly process data of minors.

4. DATA CONTROLLER

For the purposes of the UK GDPR and the Data Protection Act 2018, Augmentum Studios Ltd is the Data Controller.

5. WHAT DATA WE COLLECT

• Account data (registered Artist and Client accounts): email, password hash, Firebase UID, display name, city, postcode, social links, profile photo.
• Artist specific profile data (in addition to Account data): style tags, extra services tags, album and flash images, profile description.
• Messages and attachments: text and images exchanged in chat between users. Users may edit or delete their own messages at any time; deletions propagate immediately to the database and storage services and subsequently to other users’ views.
• Subscription and receipts: app-store receipt IDs, plan type, renewal status supplied by RevenueCat.
• Device and usage data: device ID, push token, crash logs and analytics events only if you have opted in.
• Marketing preference: newsletter opt-in flag.
• Back-ups: encrypted snapshots of Firestore database (profiles, chats, subscriptions), Cloud Storage (images) and Firebase Auth accounts.
• No personal identifiable data is collected for unregistered (Guest) users by default.

6. HOW WE COLLECT

Data you enter, data generated by your use of features, data supplied by other users who interact with you and technical data supplied by Google Firebase, RevenueCat and similar processors.

7. HOW WE USE YOUR DATA

• a. Provide, secure and maintain the Service.
• b. Enable messaging, push notifications and subscriptions.
• c. Show anonymous statistics such as profile-view counts to Artists.
• d. Improve the Service through crash and analytics data where consented.
• e. Send marketing communications if you have opted in.
• f. Meet legal obligations (for example accounting records).

8. AUTOMATED AI IMAGE TAGGING

We offer an optional feature for Artist accounts that uses Google Vertex AI “Gemini Flash 2.5” to generate descriptive tags for photos you upload to your profile photos on Inku.

What we send: Only the image file itself is transmitted to Google’s EU‑hosted Vertex AI endpoint at the moment you request tagging.

Why: Tags help artists surface their work in search and let clients discover styles or body placements more quickly.

Legal basis: We rely on your explicit consent. You can enable or disable the “AI tagging” toggle at any time from a couple places in your Studio (images tagging screen and another separate “AI Tagging” consent screen).

Retention & downstream processing

Your image stays in our own Firebase Storage bucket until you delete it.

Google retains the image in an encrypted cache for ≤ 24 h solely to speed up repeat requests to the AI model; it is not used to train Google models.

No prompts or images are logged for abuse monitoring because we have opted out of that programme.

Sharing Google Cloud EMEA Ltd. (Ireland) acts as our sub‑processor under the Google Cloud Data‑Processing Addendum. We do not share tags or images with any advertising partners.

Your choices

Toggle AI tagging off → we skip the call entirely.

Delete a photo → no tagging is performed as the image is deleted.

Toggle AI tagging on → we make the call to the AI model for every newly uploaded, and existing untagged photos.

Make a GDPR/CCPA request → e‑mail support@augmentumstudios.com.

9. ADVERTISING AND THIRD-PARTY SERVICES

Inku displays advertisements provided by Google AdMob to support the free version of our app. This section explains how advertising data is collected and processed.

What advertising data we collect:

• Advertising ID: Your device’s advertising identifier (IDFA on iOS, AAID on Android)
• Device information: IP address, user agent, device make/model, operating system version
• Usage data: App interactions, session duration, crash data
• Location data: Approximate location based on IP address (not precise GPS location)

How advertising data is used:

• Display relevant advertisements within the app
• Measure ad performance and effectiveness
• Prevent fraud and ensure ad quality
• Personalize advertisements based on your interests (where consented)

Third-party advertising partners:

We work with Google AdMob and their advertising network partners who may collect and process your data according to their own privacy policies:

• Google AdMob: https://policies.google.com/privacy
• Google Ad Manager: https://policies.google.com/technologies/ads

Your advertising choices:

• iOS users: You can limit ad tracking in Settings > Privacy & Security > Apple Advertising > Personalized Ads
• Android users: You can opt out of personalized ads in Settings > Google > Ads > Opt out of Ads Personalization
• All users: You can reset your advertising ID in your device settings
• EU/EEA users: We obtain your consent before processing personal data for advertising purposes

Data sharing with advertising partners: We share pseudonymized data (advertising ID, device information, usage patterns) with Google AdMob and their network partners. We do not share your account information, messages, or profile details with advertising partners.

International transfers: Advertising data may be processed by Google and their partners globally, including in the United States. These transfers are protected by Standard Contractual Clauses and other appropriate safeguards.

Data retention for advertising: Advertising data is retained according to Google’s data retention policies, typically 26 months for web and app activity. You can manage and delete this data through your Google Account settings.

10. SHARING AND DISCLOSURE

• Users you message receive your display name, profile photo and chat content.
• Service providers: Google Firebase (European region), RevenueCat, email provider, backup infrastructure.
• HMRC, regulators or law-enforcement where legally required.
• Professional advisers such as lawyers and accountants.
  We never sell or rent your personal data.

11. DATA RETENTION

• Authentication Account data – kept until you delete your account, and for a further 30 days due to automated backups.
• All active account data (profile information, chats, subscription data): removed immediately from being accessible within the app after you delete them (if that data was accessible, e.g. chat message), and irreversibly removed from our backups after a 90 days disaster recovery period.
• All image artefacts (chat images, profile images, album/flash images) – removed immediately from being accessible within the app after you delete them, and completely wiped out from backups after a 30 days disaster recovery period.
• Back-ups – as mentioned previously for each separate piece of system data, rolling encrypted back-ups retained for 30 days for Authentication, 90 days for Firestore information storage and 30 days for image artefact storage, then destroyed. Data you deleted in the live system will disappear permanently when the relevant back-up is overwritten.
• Crash and analytics logs – 90 days or until you withdraw consent.
• Financial and tax records – seven years (six years plus the current financial year) as required by HMRC.

12. INTERNATIONAL TRANSFERS

Primary storage is in London (europe-west2) Google Cloud region for Firestore database, Europe Multi-region for Firebase Storage and Firebase Authentication data is processed solely in the US. If processors operate outside the UK or EEA we rely on Standard Contractual Clauses or the UK International Data Transfer Agreement.

13. YOUR RIGHTS

You have the right to access, rectify, erase, restrict or object to processing, to data portability and to withdraw consent. Contact support@augmentumstudios.com. You may complain to the Information Commissioner’s Office.

14. SECURITY

Transport Layer Security, AES-256 encryption at rest, least-privilege access and audit logging.

15. CHILDREN’S PRIVACY

We do not allow use by persons under 18. If we learn that a minor has supplied data we will delete it promptly.

16. CHANGES

We will notify you in the app or by email at least 14 days before any material change takes effect.

17. CONTACT

support@augmentumstudios.com
Augmentum Studios Ltd
International House
101 King’s Cross Road
London
United Kingdom
WC1X 9LP