Back

AI Nail

Privacy Policy

Last updated: 14 June 2026


This Privacy Policy explains what data AI Nail collects, why we collect it, how we use it, and the rights you have over it. The app is operated by Aylan Apps (“we”, “us”, “our”). By creating an account or using the app you accept this policy.

If anything here is unclear, email support@aylanapps.com.

1. What AI Nail is

AI Nail is an AI-powered nail-art design app. You describe a look (or upload a reference photo); our backend forwards the prompt and any reference images to Google Gemini to generate nail-art previews. You can also upload a photo of your hand to see a generated design visualised on your own nails (“try-on”). It is not a medical, dermatological, or salon-safety tool. See the Cosmetic Disclaimer for details.

2. Data we collect

2.1 Account data

  • Email address (mandatory for full accounts; anonymous accounts use a device-derived synthetic ID).
  • Hashed password (or sign-in token from Apple / Google when those options are enabled).
  • Username.

2.2 Design + try-on submissions

  • Text prompts you type when generating a design (style, vibe, colour palette, occasion).
  • Reference photos you upload (e.g. an inspiration nail image).
  • Hand / nail photos you upload for try-on.
  • The AI-generated images we hand back to you, stored against your account so you can revisit them.
  • Saved designs, collection metadata, and any tags you add.

2.3 Stylist chatbot

  • Messages you send to the in-app AI Stylist chatbot.
  • The chatbot's replies and any tool calls it triggered (e.g. “generate this design”, “try this on”).
  • Conversation history is scoped to your account and never shared with other users.

2.4 Device + abuse-prevention signals

  • A per-install random identifier (install_id).
  • A hashed device fingerprint (brand / model / OS, hashed locally before upload).
  • Platform-stable identifiers used only for fraud prevention:
    • iOS: DCDevice attestation token (Apple).
    • Android: AppSetId (Google Play Services).
  • IP address of register / login requests, retained for 30 days for abuse investigation.

2.5 Usage analytics

  • Screen views, button taps, generations, try-ons, saves, subscription events.
  • Crash reports (anonymised stack traces via Firebase Crashlytics).

2.6 Push tokens

Your FCM device token, registered when you allow notifications. We use it only to send the notifications you've enabled (e.g. “your try-on is ready”).

3. How we use the data

We use the data to:

  • Run the AI generation and try-on you requested (contract basis).
  • Drive the Stylist chatbot conversation (contract).
  • Track free-tier usage (3 generations / day, 1 try-on / day, 3 lifetime saves) and your Pro entitlement (contract).
  • Send the notifications you enabled (consent).
  • Detect duplicate-account / refund abuse (legitimate interest).
  • Fix crashes and performance issues (legitimate interest).
  • Improve the product via aggregated, de-identified usage trends (legitimate interest).

We never:

  • Sell your data.
  • Share your photos with advertisers.
  • Use your hand or reference photos to train external models.
  • Make your designs or try-ons public.

4. Third parties we share data with

We share the minimum necessary data with vetted infrastructure providers:

  • Google Cloud / Gemini API — prompts and images, for AI generation and try-on.
  • Firebase (Google) — crash + analytics, FCM push tokens, encrypted media storage.
  • Render — backend hosting.
  • RevenueCat — subscription receipts and entitlement state.
  • Apple / Google App Stores — purchase + restore receipts.

We do not transfer your data to other third parties for their own use.

5. Where data is stored and for how long

  • Servers are hosted in Oregon (USA) via Render and Google Cloud.
  • Generated images, reference photos and hand photos are encrypted at rest in Firebase Storage.
  • Database is encrypted at rest; passwords stored as salted hashes.
  • We retain your data while your account is active.
  • Anonymous accounts that are never converted are deleted after 180 days of inactivity.
  • If you delete your account, all personal data is removed within 30 days, except where law requires us to keep records.

6. Children

AI Nail is intended for users 13 and older. We do not knowingly collect data from children under 13. If you believe a child has created an account, email us — we will delete the account and associated data.

7. Your rights

You can, at any time:

  • Access: email support for an export.
  • Correct: Me tab → edit profile (or contact support).
  • Delete: Me tab → Delete account.
  • Restrict / object: contact support.
  • Withdraw consent for analytics: turn off analytics in your device settings.
  • Portability: contact support for a JSON export.

EU / UK users may also lodge a complaint with their local data protection authority.

8. Cookies and similar

The mobile app does not use cookies. The companion website (aylan-apps.com) uses only essential cookies.

9. Security

  • All API calls go over HTTPS / TLS 1.2+.
  • JWT access tokens are short-lived; refresh tokens stored in the device keychain.
  • Apple DCDevice and Google AppSetId gate registration against abuse.
  • Backend has IP-based and device-based rate limiting.

Report security issues to support@aylanapps.com — we acknowledge within 72 hours.

10. Changes to this policy

We update this policy when our practices change. Material changes trigger an in-app notice. Continued use after the change means you accept the updated policy.

11. Contact

Email: support@aylanapps.com

For deletion-only requests: Me tab → Delete account, or email with subject “Delete my account”.