Privacy Policy

This Privacy Policy outlines how Unclothy ("we", "our", "us") collects, stores, uses, and protects your personal information. We take privacy seriously and are committed to ensuring the confidentiality, integrity, and security of your data in compliance with international data protection laws such as the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable frameworks.

By using our website (https://unclothy.com) and related services, you agree to the terms described in this Privacy Policy.

Effective Date: February 6, 2024
Last Updated: July 15, 2025

1. Age Restriction and Legal Use

Due to the nature of our platform and its NSFW capabilities, access to Unclothy is strictly limited to individuals who are 18 years of age or older. We do not knowingly collect or store information from anyone under the age of 18. If you are underage or become aware that an underage individual has used our service, please contact us immediately at [email protected] for prompt removal of data.

2. Types of Information We Collect

We collect two categories of information:

2.1 Personally Identifiable Information (PII)

• Email address (for login and communication)
• Authentication metadata (used in Google sign-in or magic link flows)
• IP address (for security, analytics, and fraud detection)
• Device and browser type
• Log data related to account use

We do not collect names, payment card numbers, government-issued identifiers, or contact details beyond what is essential for access and verification.

2.2 Automatically Collected Data

• Cookies and browser identifiers
• Timestamps of visits and activity
• Error logs and system diagnostics (via Sentry)
• Approximate location (via IP geolocation)
• Behavioral data (e.g., pages visited, buttons clicked)

3. Use of Information

We use the information we collect for the following purposes:

• Authentication – to verify and grant access via magic link or Google login
• Security and Abuse Monitoring – including detection of illegal content, suspicious behavior, or unauthorized access
• Platform Optimization – improving system stability, identifying bugs, and testing new features
• Communication – sending login links, updates, service messages
• Legal Compliance – to comply with legal obligations, such as detecting and reporting prohibited content

We do not use your data for:

• Behavioral advertising
• Profiling for marketing purposes
• Reselling to data brokers or advertisers

4. Content Storage and Media Handling

All generated content (images, files) is stored temporarily in Cloudflare R2 buckets and retained for a maximum of 24 hours. After this period, content is automatically deleted and cannot be retrieved.

Key points:

• We do not permanently store user-generated media.
• Generated files are never used for training AI models or shared externally.
• File access is controlled by secure URLs and session authorization.
• Content is not reviewed manually unless automatically flagged for abuse.

5. Abuse Detection & Legal Content Filtering

As required by law, we employ automated systems to detect content that violates legal and ethical standards, particularly:

• Child sexual abuse material (CSAM)
• Non-consensual imagery or exploitation
• Violent or extremist content

If a generation is flagged by our detection system:

• It is isolated from the public output stream
• Your account may be temporarily or permanently suspended
• We may report violations to competent authorities when required

These systems operate within our own infrastructure and do not rely on third-party moderation services.

6. Data Sharing and Processors

We limit third-party data sharing to only what is necessary for service delivery and security:

Service	Purpose
Google Analytics	Website traffic analysis
Microsoft Clarity	User behavior analytics
hCaptcha	Bot protection
Cloudflare	CDN, storage, caching
Nodemailer (SMTP)	Email delivery (magic links, support)

Each provider is bound by a Data Processing Agreement (DPA) where required under GDPR.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Maintain user sessions
• Monitor usage trends
• Improve platform performance

We do not use marketing, retargeting, or third-party advertising cookies. Users can control or block cookies using their browser settings.

8. Payment Information

All payments are processed by external vendors (e.g., Stripe, PayPal), and we never store:

• Credit card numbers
• Billing addresses
• Financial credentials

You should refer to the privacy policies of the payment processor used at checkout for more information on how your financial data is handled.

9. Data Retention

• Emails and login data: Retained until the account is deleted
• IP and usage logs: Retained for security and compliance, typically 6–12 months
• Generated content: Deleted automatically after 1 day
• Error reports: Retained up to 1 year for diagnostics

10. Your Privacy Rights

In accordance with global privacy laws, you have the right to:

• Access – request a summary of your stored data
• Correction – fix incorrect or outdated info
• Deletion – delete your account and associated data
• Objection – to certain types of processing
• Portability – receive a copy of your data in a readable format (upon request)

You can request account deletion directly from the Dashboard Settings page. Deletion is performed automatically without admin review.

We do not currently offer a self-service DSAR portal but you can contact us for requests.

11. International Transfers

As we serve users worldwide, your data may be transferred or stored in countries outside your own, including the European Economic Area (EEA) and the United States. All data transfers comply with GDPR adequacy requirements or Standard Contractual Clauses (SCCs).

12. Data Security Measures

We implement multiple layers of data protection:

• HTTPS for all data in transit
• Restricted access to internal services
• IP-based security rules
• Token-based authentication and session expiration
• Regular system patches and vulnerability monitoring

Despite these efforts, no online system can be guaranteed 100% secure. Users are responsible for keeping their devices and authentication tokens safe.

13. Business Transfers

If Unclothy undergoes a merger, acquisition, or asset sale, user data may be transferred to the acquiring entity under this same Privacy Policy or a functionally equivalent one. We will notify users of material changes in ownership.

14. Third-Party Links

Our platform may contain links to external sites. We are not responsible for their content or privacy practices. We encourage you to review the privacy policy of any third-party service you interact with.

15. Policy Changes

We reserve the right to update this Privacy Policy to reflect changes in:

• Legal requirements
• Business operations
• Platform features

All updates will be published on this page with a revised "Last Updated" date. Significant changes will be communicated via email or in-app notification.

16. Contact Us

If you have questions, complaints, or requests regarding your personal data or this policy, please reach out to us:

Privacy & Data Protection Contact

[email protected]

We aim to respond to all requests within 7 business days.

Summary Highlights

• We store minimal data and delete media within 24 hours
• Content is never sold or used for AI training
• Users have full control over account and deletion
• We comply with GDPR, CCPA, and global privacy norms
• Our platform is 18+ only and actively monitored for abuse

Thank you for using Unclothy — your trust is our priority.