Privacy Policy

Effective date: 6 May 2026 · Last updated: 6 May 2026

This Privacy Policy explains how Unveiled ("Unveiled", "we", "us", or "our") collects, uses, and protects your personal information when you use the Unveiled mobile application (the "App") and related services (collectively, the "Service").

The data controller for the purposes of this Policy is Botsonic (Pty) Ltd (registration number K2022592441), a South African private company trading as Unveiled, with its registered office at 55 Borghorst Street, Monte Vista, 7460, Cape Town, South Africa and contact email privacy@unveiled.co.za.

Our Information Officer is RM Theunissen, contactable at privacy@unveiled.co.za.

1. Summary

• We collect the minimum data required to run an AI bridal preview service: account identifiers, the selfies you upload, and the generated images we return.
• We use Firebase (Google), OpenAI, and RevenueCat as sub-processors. We do not sell your data and we do not run third-party advertising.
• You can delete your account and associated data at any time from within the App or by emailing us.

2. Data we collect

2.1 Information you provide

• Account information. When you create an account we collect your email address, and (if you choose to provide it) your first and last name. If you sign in with Apple or Google, we receive the identifiers and basic profile information those providers share with us.
• Selfies. When you generate a bridal look, you upload a photograph of yourself. The selfie is sent to our AI image-generation provider in order to produce the preview.
• Generated images. Images produced by the Service are stored against your account so you can revisit them in the App.
• Subscription information. If you purchase a subscription, Apple or Google handles the payment and shares with us a transaction identifier and subscription status (e.g. active, expired). We do not receive your full payment card details.
• Communications. If you email us, we retain the message and your contact details to respond.

2.2 Information collected automatically

• Device and technical data. Device model, operating system version, app version, language, time zone, and crash diagnostics. This is used to debug issues and is not used to identify you personally.
• Usage data. Counts of how many generations you have used in the current period (to enforce free-tier and subscription limits).

2.3 Information we do not collect

• We do not run third-party advertising SDKs.
• We do not collect precise location data.
• We do not access your contacts, calendar, microphone, or media files other than the photos you explicitly choose to upload.

3. How we use your data

We use your information to:

• Create and authenticate your account.
• Generate the AI bridal previews you request.
• Store your generated images and subscription status so you can access them across sessions.
• Enforce the limits of free and paid tiers.
• Diagnose and fix bugs, and improve the Service.
• Respond to your support enquiries.
• Comply with our legal obligations.

We rely on the following lawful bases (where relevant under the GDPR or POPIA):

• Performance of a contract — to provide the Service you signed up for.
• Legitimate interests — to keep the Service secure, prevent abuse, and improve quality.
• Consent — for any processing where consent is required (you can withdraw consent at any time).
• Legal obligation — where we are required to retain information by law.

4. AI image generation

The selfies you upload are transmitted over a secure connection to OpenAI, our AI image-generation provider, for the sole purpose of producing the requested image. According to OpenAI's API terms in effect at the time of writing, content submitted via the API is not used to train OpenAI's models. OpenAI may retain content for a short period for abuse-monitoring and trust-and-safety purposes, after which it is deleted.

The generated image is returned to us, stored against your account in our infrastructure, and made available to you in the App.

We retain the original selfie for up to 30 days so you can re-generate variants without re-uploading. After 30 days the original selfie is deleted from our systems. The Generated Images we produce remain in your account until you delete them.

5. Sub-processors

We rely on the following third parties to operate the Service. Each receives only the data necessary for the function it performs.

We have data-processing agreements in place with each sub-processor where required.

6. International transfers

Some of our sub-processors are based outside South Africa and the European Economic Area, including in the United States. Where we transfer personal information across borders, we rely on the relevant safeguards required by POPIA and the GDPR (such as Standard Contractual Clauses, or transfers to jurisdictions deemed to provide adequate protection).

7. Retention

• Account data: retained for as long as your account is active.
• Generated images: retained for as long as your account is active, or until you delete them.
• Selfies: see Section 4.
• Subscription receipts: retained for as long as required by tax and consumer-protection law (typically up to five years in South Africa).
• Support emails: retained for up to three years after the last interaction.

When you delete your account, we delete or anonymise the associated data within 30 days, except where we are required to retain specific records by law.

8. Your rights

Depending on where you live, you may have the right to:

• Access the personal information we hold about you.
• Correct inaccurate or incomplete information.
• Delete your information (the "right to be forgotten").
• Object to or restrict certain processing.
• Withdraw consent at any time.
• Receive a portable copy of your information.
• Lodge a complaint with a supervisory authority — in South Africa, the Information Regulator (inforegulator.org.za); in the EU/EEA, your local data-protection authority.

To exercise any of these rights, email privacy@unveiled.co.za from the address associated with your account, or use the in-app Delete account option (Account → Danger zone).

You can also request account deletion without installing the App via our web form at https://www.unveiled.co.za/delete-account. We will action verified deletion requests within 30 days, except where we are required to retain specific records by law (such as tax or transaction records).

9. Children

The Service is not directed at children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it.

10. Security

We use industry-standard technical and organisational measures to protect your information, including encryption in transit (TLS), encrypted storage at rest, restricted access to production systems, and logging. No system is perfectly secure; if you believe your account has been compromised, contact us immediately.

11. Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will notify you in the App or by email. The "Last updated" date at the top reflects the most recent revision.

12. Contact

If you have any questions about this Policy or how we handle your information: