Page 1 of 1

Privacy Policy Zyndra

1. Key Terms

Application: Zyndra

Company (Data Controller): POPEN STUDIO : Entrepreneur individuel Registered in France SIREN: 949 332 993 SIRET (Head Office): 949 332 993 00029 VAT Number: FR33 949332993 Registered Address: Villeneuve-d’Ascq, France (“We”, “Us”, “Our”)

Personal Data: Any information that can identify you directly or indirectly, such as name, email address, account identifiers, location data, or device identifiers.

Usage Data: Technical and interaction data automatically collected when you use the Service (for example IP address, device model, operating system, session logs, and crash reports).

Service Provider: Any third-party company or individual processing data on our behalf as a Data Processor.

User / You: Any individual accessing or using the Application.

2. Information We Collect

Personal Data We may collect information you provide voluntarily, including:

• Email address

• Account credentials or profile information

• Content you create, upload or submit (including photos for AI analysis)

Usage Data When you use the Application, we may automatically collect technical data such as:

• IP address

• Device type and operating system

• App interactions and session duration

• Diagnostic and crash data

Mobile Device Data We may collect device-related information including:

• Device model

• OS version

• Unique device identifiers

Camera & Photos With your permission, the Application may access your camera or photo library to enable specific features, such as trying on hairstyles or analyzing your face shape and seasonal colors. Access is always optional and controlled through your device settings.

3. Face Data Policy

1) What face data does the app collect When you use our AI features (such as Hair Try-On, Seasonal Color, Face Shape Analysis, or Age Edit), the Application collects the photos you explicitly select or capture. These photos contain facial data.

2) How face data is used Your photos are used strictly to provide the generative AI features you requested. The data is processed temporarily to analyze facial features, positioning, and to generate the modified applied visual effects. No biometric templates or derived identification data are created or stored.

3) Sharing with third parties Because our AI models require significant processing power, the photos you submit are securely transmitted to our trusted third-party AI service provider (Google Cloud / Google Gemini API) for processing. Face data is never shared with any other third parties, and our providers are strictly prohibited from using your photos to train their own generalized AI models or for any purpose other than fulfilling your specific request.

4) Retention period Photos and Face Data are processed in real-time. We do not store your uploaded photos or face data on our servers. Our third-party AI provider processes the data instantly and deletes it immediately after the requested image is generated.

5) Transparency in this policy Information regarding facial data handling is described in this Face Data Policy section. Face data is never used for advertising, marketing, or profiling.

6) User consent Facial processing features are activated only after explicit permission is granted (for example camera or photo access prompts). Consent can be withdrawn at any time in your device settings, which may limit certain functionalities.

4. How We Use Your Data

We may use collected information to:

• Provide, operate and maintain the Service (including AI generation)

• Respond to support requests and user inquiries

• Communicate updates, new features or security notices

• Analyze usage patterns to improve performance and features

• Prevent fraud and enforce legal obligations

• Display relevant in-app content or promotional offers (face data is never used for advertising or profiling)

5. Sharing of Data

We may share data in the following circumstances:

• With trusted Service Providers (hosting infrastructure, AI processing APIs, analytics tools, payment processors)

• With affiliated entities under common ownership or operational control

• In connection with a merger, acquisition, restructuring, or asset sale

• When required by law, regulation, or legal process

• When necessary to protect safety, rights, or prevent fraud

• With your explicit consent for specific purposes

We do not sell biometric, face-related data, or photos.

5.1 Data Processing by Third Parties External providers process limited data strictly to support technical service delivery. This includes our AI processing provider (Google Cloud) which handles real-time image generation. Their processing practices are governed by strict data processing agreements ensuring your privacy.

5.2 Analytics Services To understand product usage and improve the Application, we may use analytics solutions such as: • Google Analytics • Firebase Analytics You can manage tracking preferences via your device advertising settings or relevant provider privacy tools.

6. Data Retention

• Personal Data: retained only as long as necessary to provide the Service or comply with legal obligations

• Usage Data: generally stored for short diagnostic or security purposes

• Face Data & Photos: never stored by us and deleted instantly by our AI providers after real-time processing

7. International Data Transfers

Your information may be processed on servers located outside your country. When data is transferred internationally, we apply appropriate safeguards such as:

• Standard Contractual Clauses approved by the European Commission

• Additional legal or technical protections required by applicable law

8. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access your personal data

• Request correction or deletion

• Object to or restrict processing

• Request data portability

• Withdraw consent at any time

Users located in certain regions (such as California or the EU) may also benefit from additional consumer privacy rights under applicable regulations.

9. Data Security

We implement reasonable technical and organizational safeguards including:

• Encryption where appropriate (including in-transit encryption for all API requests)

• Access control restrictions

• Security monitoring and periodic audits

• Secure storage and deletion procedures

However, no digital system can be guaranteed fully secure. We continuously improve our practices to reduce risk and will notify users and authorities if legally required following a data incident.

10. Children’s Privacy

The Application is not intended for children under the age of 13. If you are a minor, use of the Service requires consent from a parent or legal guardian.

11. Policy Updates

This Privacy Policy may be updated from time to time. Changes become effective once published within the Application or on our website. Significant updates may be communicated via in-app notice or email.

12. Contact

Email: frappappstudio@gmail.com