EyeMix Privacy Policy

Last Updated: October 31, 2025

This Privacy Policy explains how YOUNG MEDIA LTD (Company No. 16294769) collects, uses, protects, and discloses personal data, including Special Category Biometric Data, when you use the EyeMix mobile application (the "Service").

1. Data Controller Details

Detail	Information
Data Controller:	YOUNG MEDIA LTD
Registered Address:	61 Bridge Street, Kington, England
Contact Email (Privacy):	products@youngmediauk.com
UK GDPR Lawful Basis:	Processing is necessary for the performance of a contract and explicit consent (for biometric data).

2. Special Category Biometric Data Processing

We collect and process personal data that falls under the UK GDPR definition of Special Category Biometric Data (Article 9).

Data Type	Purpose of Processing	Article 9 Condition	Retention Period
High-Resolution Iris Photos	To perform the unique EyeMix Fusion Service (generating the blended artistic image) for the user.	Explicit Consent (Freely given, informed, specific, and unambiguous consent obtained on the 'Legal Consent' screen).	7 Days (Original uploaded files are automatically and irreversibly deleted from our servers 7 days after the final image is generated).

Note on Accountability: We process this high-risk data only under the principle of data minimization. The final generated EyeMix composite image (the artwork) is retained only if necessary for order history, but the original source images are destroyed.

3. Other Personal Data Collected & Processors

We share your data with the following processors only when necessary to fulfill your order.

Category	Data Collected	Third-Party Processor	Purpose of Processing
Identity & Account	Name, Email Address, User ID.	Supabase (Database/Authentication)	Account management, authentication, service delivery.
Payment & Transaction	Card Details (tokenized), Billing Address, Purchase Amounts.	Stripe (Payment Processor)	Processing financial transactions for digital and physical goods.
Image Processing	Two uploaded Iris Images, Master Prompt Text.	Loveable AI Gateway / Gemini	Performing the high-risk, artistic image fusion service.
Fulfillment	Shipping Address, Final Image File URL, Product UID.	Gelato (Print-on-Demand Partner)	Printing, packaging, and shipping physical products to the user.
Usage Data	IP Address, Device Type, Activity Logs.	Supabase, Stripe, etc.	Security, fraud prevention, and service diagnostics.

4. International Data Transfers

Data may be transferred outside the UK/EEA (e.g., to the USA, where processors may operate servers). We ensure these transfers are lawful by relying on legally recognized mechanisms, such as Standard Contractual Clauses (SCCs), which our third-party processors incorporate into their Data Processing Agreements.

5. Your Rights Under UK GDPR

As a user, you have the right to access, rectify, port, restrict, and erase your personal data.

Right to Withdrawal of Consent: You have the right to withdraw your explicit consent to process your biometric data at any time.
Contact: To exercise any of these rights, please contact us at products@youngmediauk.com.
Supervisory Authority: You have the right to lodge a complaint with the UK's supervisory authority, the Information Commissioner's Office (ICO).

6. Data Security and Retention

All original uploaded images are stored in encrypted cloud storage. As stated in Section 2, original source iris images are automatically and permanently deleted 7 days after generation.

7. Accessing this Policy

This policy is publicly available on our website:

Policy URL:https://eyemix-store.github.io/eyemix-legal//privacy.html

This document is also linked directly on the Biometric Consent Screen within the EyeMix application to ensure compliance with the "informed consent" requirement.