1. Introduction

Rhinua ("we," "our," or "us") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application ("App").

By using the App, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Account Information

When you create an account using Apple or Google authentication:

• Email address (provided by Apple or Google)
• Authentication token (managed by Firebase)
• Account creation date

We do not store your login credentials. Authentication is handled entirely through Firebase Authentication services.

2.2 Facial Scan Data

When you use our facial scanning feature:

• What we collect: The App uses ARKit to capture your facial structure and take nasal measurements
• What we process: Calculated geometric measurements of your nose
• What we store: Only the final calculated measurements needed for manufacturing your device
• What we DO NOT store: We do not store facial images, photographs, or raw biometric facial data

The facial scanning occurs entirely on your device using Apple's ARKit technology. Only the calculated measurements are transmitted to our servers.

2.3 Order Information

When you place an order, we collect and store the following in Firebase:

• Order creation and update timestamps
• Product specifications (color, material)
• Measurement ID and name (reference to your scan)
• Order status
• Order version
• Payment Intent ID (from Stripe)
• Stripe Customer ID
• Total amount

What we send to our business email for order fulfillment:

• Your name, email, phone number
• Shipping address
• Product details (material, color, measurement name)
• Payment details (Payment Intent ID, Customer ID, amount)
• Measurement data file (measurements.scad) containing the geometric calculations for manufacturing

The email containing this information, including the measurement file, is automatically deleted after 30 days.

2.4 Payment Information

We do not collect or store your payment card details. All payment processing is handled securely by Stripe, a third-party payment processor. We only store:

• Payment Intent ID (order reference from Stripe)
• Stripe Customer ID (for order tracking)
• Total amount paid

Stripe collects and securely processes:

• Credit/debit card information
• Billing address
• Complete payment transaction details

Please refer to Stripe's Privacy Policy for information on how they handle your payment data.

2.5 Automatically Collected Information

We may automatically collect certain technical information:

• Device type and operating system
• App version
• Crash reports and error logs
• Usage statistics (through Firebase Analytics)

3. How We Use Your Information

3.1 Order Fulfillment

• Manufacturing your custom nasal dilator based on your measurements
• Processing and shipping your order
• Communicating with you about your order status

3.2 Service Operations

• Providing and maintaining the App
• Authenticating your account
• Improving App functionality and user experience
• Troubleshooting technical issues

3.3 Communication

• Sending order confirmations and updates
• Responding to your inquiries
• Providing customer support

We will never sell your information to third parties for marketing purposes.

4. How We Share Your Information

4.1 Third-Party Service Providers

We share information with trusted third parties who assist in operating our service:

Firebase (Google):

• Stores account authentication data
• Stores order information
• Provides app analytics
• Privacy Policy: https://firebase.google.com/support/privacy

Stripe:

• Processes payments securely
• We do not have access to your full payment details
• Privacy Policy: https://stripe.com/privacy

SendGrid/Railway:

• Delivers order information via email to our business
• Measurement data sent via email is automatically deleted after 30 days
• Privacy Policy: https://www.twilio.com/legal/privacy (SendGrid)

Third-Party 3D Printing Services:

• Receives only the geometric measurements necessary to manufacture your device
• Does not receive any identifying personal information beyond shipping address

4.2 Legal Requirements

We may disclose your information if required to:

• Comply with legal obligations, court orders, or government requests
• Enforce our Terms of Service
• Protect our rights, property, or safety
• Prevent fraud or illegal activities

4.3 Business Transfers

If Rhinua is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

5. Data Retention

• Order information in Firebase: Retained as long as necessary for business, legal, and warranty purposes
• Order email (with measurement file and customer details): Automatically deleted after 30 days
• Account information: Retained until you delete your account
• Facial scan data: Not retained on our servers; only calculated measurements are kept in the email (deleted after 30 days)

6. Biometric Data

6.1 Facial Scanning

Our App uses ARKit to scan your face for nasal measurements. Important details:

• Scanning occurs entirely on your device
• We do not store facial images or raw biometric identifiers
• Only calculated geometric measurements are transmitted and stored
• You have full control over when scanning occurs
• You can delete your account and associated data at any time

6.2 State-Specific Biometric Rights

Some jurisdictions have specific laws regarding biometric data:

Illinois (BIPA): While we do not store biometric identifiers as defined under BIPA, we want you to know that you have rights regarding any biometric data collection, including the right to know how your data is used and the right to consent.

California (CCPA/CPRA): California residents have specific rights detailed in Section 10 below.

Texas: Texas residents have rights under the Texas Capture or Use of Biometric Identifier Act.

7. Data Security

We implement reasonable security measures to protect your information:

• Secure data transmission using encryption (HTTPS/TLS)
• Firebase security rules to protect stored data
• Payment data handled exclusively by PCI-compliant Stripe
• Limited access to personal information within our organization
• Automatic deletion of sensitive measurement data after 30 days

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

8. Your Rights and Choices

8.1 Access and Correction

You have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate information
• Request a copy of your data

Contact us at rhinua.help@gmail.com to exercise these rights.

8.2 Account Deletion

You may delete your account at any time through the App settings. Upon deletion:

• Your account information will be removed
• Associated order history will be deleted
• Some information may be retained as required by law or for legitimate business purposes

8.3 Opt-Out of Communications

You can opt out of non-essential communications by:

• Adjusting your notification settings in the App
• Contacting us at rhinua.help@gmail.com

You cannot opt out of essential order-related communications.

9. Children's Privacy

Our App is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If we discover that we have collected information from a child under 18, we will delete it immediately.

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights:

10.1 Right to Know

You have the right to request information about:

• Categories of personal information we collect
• Purposes for collecting personal information
• Categories of third parties with whom we share information
• Specific pieces of personal information we hold about you

10.2 Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions.

10.3 Right to Opt-Out

We do not sell personal information. If this changes, we will update this policy and provide an opt-out mechanism.

10.4 Right to Non-Discrimination

We will not discriminate against you for exercising your privacy rights.

10.5 How to Exercise Your Rights

To exercise these rights, contact us at rhinua.help@gmail.com. We will verify your identity before processing your request.

11. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under GDPR:

11.1 Legal Basis for Processing

We process your data based on:

• Consent: For facial scanning and measurement collection
• Contract: To fulfill your order
• Legitimate interests: To operate and improve our service

11.2 Your Rights

You have the right to:

• Access your personal data
• Rectify inaccurate data
• Erase your data ("right to be forgotten")
• Restrict processing
• Data portability
• Object to processing
• Withdraw consent at any time

11.3 Data Transfers

Your information may be transferred to and processed in the United States. We ensure appropriate safeguards are in place for international transfers.

11.4 Supervisory Authority

You have the right to lodge a complaint with your local data protection authority.

12. Third-Party Links

Our App may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be effective immediately upon posting in the App. We will notify you of significant changes through:

• In-app notifications
• Email notifications
• Updated "Last Updated" date

Your continued use of the App after changes constitutes acceptance of the updated policy.

14. Do Not Track Signals

Our App does not currently respond to "Do Not Track" signals from browsers.

15. International Users

Our service is operated from the United States. If you are accessing the App from outside the United States, your information will be transferred to, stored, and processed in the United States. By using the App, you consent to this transfer.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Rhinua
Email: rhinua.help@gmail.com

For privacy-specific inquiries, please use the subject line "Privacy Inquiry."

17. Data Protection Officer

If required by law, we will appoint a Data Protection Officer. Contact information will be provided here when applicable.

18. Your Consent

By using our App, you consent to our Privacy Policy and agree to its terms.