Privacy Policy

1. Information We Collect

Account information: When you sign in with Google or Apple, we receive your email address and a unique identifier from that provider. We do not receive your social media passwords.

Uploaded media: Photos and images you upload are stored on our servers. We run first-party scan analysis and Photo Insight on upload to detect quality signals such as blur, glare, framing, visible damage, likely repair order, possible front date/time stamps, and archive metadata sources. Third-party AI processing is separate: if you request captions, stories, date estimation, or other optional archival text features, we may send a downscaled photo copy or saved photo-analysis context to Anthropic after disclosure and permission. If you choose restore, colorize, enhance, deblur, deglare, face enhance, background removal, or animate, we send the selected photo to Replicate only after the same disclosure and permission flow.

Face data: Our automatic analysis detects faces, approximate face positions, and per-account face embeddings or clusters so your own archive can suggest groups for you to name. We do not compare faces across customers or name people automatically. Person names and person-to-photo links are user-confirmed.

Waitlist and marketing preferences: If you join our waitlist or request product updates, we store your email address, locale, referral data, campaign metadata, and marketing-consent status so we can send launch and progress emails.

Usage data: We collect information about how you interact with the app — features used, restoration steps taken, session length, scan diagnostics, workflow outcomes, retries, exports, and feedback signals — to improve the service. This data is routed through our backend and may be processed by contracted analytics providers acting on our behalf.

Device information: App version, operating system, and device type are collected for troubleshooting and compatibility purposes.

Payment information: If you purchase a subscription through iPhone or Android, payment is processed by Apple through the App Store or by Google through Google Play. We receive confirmation of your entitlement status but do not store your payment card details. Web subscriptions are processed by Paddle (paddle.com), who acts as Merchant of Record. Paddle collects and processes your payment information directly; we do not receive or store your payment card details for web purchases.

Support communications: When you contact support, we retain your messages and email address to respond to and resolve your request.

Public Gallery submissions: If you choose to submit a before/after transformation for the public gallery, we store the submitted before/after asset references, caption, category, anonymous attribution setting, consent record, review status, reviewer notes, and withdrawal status. This is separate from private shares, Family Vaults, and public Reveal links.

2. How We Use Your Information

To provide and operate the restoration service — including processing your uploaded photos and delivering outputs.

To provide first-party Photo Insight, scan analysis, and editing guidance such as blur, glare, framing, damage checks, and repair recommendations when you import a photo.

To provide Archive Intelligence features such as per-account face groups, Similar Photos review, editable AI metadata drafts, metadata source labels, and front date-stamp candidates.

To provide captions, stories, date estimation, and other optional archival text features after you explicitly allow third-party AI processing in the app.

To run restore, colorize, enhance, deblur, deglare, face enhance, background removal, and animate when you choose those tools and allow third-party AI processing.

To manage your account, authenticate your identity, and maintain session security.

To manage subscription entitlements and validate in-app purchases.

To sync your Archive, albums, and Family Vaults across devices via your account.

To improve the app through aggregate and de-identified usage analysis, including analysis quality, routing quality, workflow reliability, and product performance.

To tune scan-analysis thresholds, recipe policies, and model-routing rules using non-content telemetry such as route outcomes, ratings, retries, exports, and benchmark results.

To respond to support requests and privacy inquiries.

To send waitlist, launch, and product-progress emails when you have opted in to receive them.

To review, moderate, publish, and remove Public Gallery submissions only after your separate active opt-in for that public purpose.

To comply with legal obligations including fraud prevention, security monitoring, and lawful government requests.

By default, this improvement work does not include using your uploaded photos or restoration outputs to train or fine-tune AI models.

We do not use your uploaded photos or restoration outputs for model training, fine-tuning, or long-lived benchmark corpora without your explicit, separate consent.

3. How We Share Your Information

We do not sell your personal data to third parties.

We do not share your photos or account data with advertisers.

Infrastructure providers: We use cloud hosting (Railway, United States), object storage (Cloudflare R2, global), and content delivery services to operate the platform. These providers process data on our behalf under data processing agreements and may not use your data for their own purposes.

AI processing providers: Anthropic (United States) processes downscaled photo copies or saved photo-analysis context for captions, stories, date estimation, and optional archival text features after you allow that analysis in the app. Replicate (United States) processes the photo you choose to restore, colorize, enhance, deblur, deglare, face enhance, background removal, or animate. Both providers act on our behalf under data processing agreements and may not use your content to train their general models.

Analytics and observability: We use PostHog (United States / European Union) for product analytics and Sentry (United States) for error tracking. These providers process de-identified usage events and error reports on our behalf. Where applicable law requires consent for non-essential analytics, we request that consent before enabling it.

Email service providers: We use contracted email and SMTP providers to send account emails, waitlist welcomes, and product updates on our behalf.

Payment processors: Mobile subscriptions are processed by Apple and Google through their respective commerce systems. Web subscriptions are processed by Paddle (paddle.com), who serves as Merchant of Record for web transactions. We receive entitlement confirmations but do not access your payment card details.

Authentication providers: Sign-in through Google or Apple is governed by those companies' privacy policies. We only receive the minimum data needed to create and authenticate your account.

Legal requirements: We may disclose information if required by law, court order, or to protect the rights and safety of users or the public.

Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before your data becomes subject to a different privacy policy.

Public Gallery: If you submit a transformation and it is approved, the before/after images, category, caption, anonymous attribution, and archive context labels may be visible to anyone at getnostalgia.ai/gallery. Your account, email, private archive, albums, Family Vaults, and private share links are not published as part of the Public Gallery entry.

4. Data Retention

Account and photo data is retained for as long as your account is active.

Waitlist records are retained until you unsubscribe, ask us to delete them, or we determine the list is no longer needed for launch communications.

If you request account deletion, we will process your request within 30 days. Backups may retain data for up to an additional 90 days before permanent deletion.

Analytics data is retained for up to 24 months and is automatically purged thereafter.

Operational logs used for fraud prevention and security are retained for up to 12 months.

Support communications are retained for up to 3 years for legal and dispute-resolution purposes.

Public Gallery submissions are retained while pending, approved, rejected, or withdrawn so we can honor consent, moderation, and withdrawal records. Withdrawing a submission removes it from the public gallery immediately; signed media URLs expire naturally. Account deletion removes or purges associated Public Gallery records as part of the deletion workflow.

5. Lawful Basis for Processing (GDPR)

If you are in the European Economic Area, United Kingdom, or Switzerland, we process your data under the following lawful bases:

Contract performance (GDPR Art. 6(1)(b)): To provide the Service you requested — including photo storage, AI analysis, restoration, and archive sync.

Consent (GDPR Art. 6(1)(a)): For analytics cookies and marketing emails, collected via our cookie banner and opt-in forms.

Consent (GDPR Art. 6(1)(a)): For Public Gallery publication, collected separately from AI processing consent and recorded with the consent text version and required affirmations.

Legitimate interest (GDPR Art. 6(1)(f)): For security monitoring, fraud prevention, service reliability, and aggregate usage analysis — balanced against your rights with minimal data use and de-identification where possible.

6. Family Vaults and Shared Data

Family Vaults allow you to share restored photos with invited family members in a private, invite-only space.

When you add a photo to a vault, all vault members with the appropriate role (owner, editor, or viewer) can see that photo and its metadata including AI-generated descriptions and tags.

The vault owner controls membership and can remove members at any time. Vault owners can see all photos shared to the vault and the list of members.

If you leave a vault or are removed, your access to the vault's photos is revoked. Photos you contributed remain in the vault unless the owner deletes them.

If the vault owner's subscription lapses, vault access is suspended for all members until the subscription is restored or the vault is deleted.

7. Your Privacy Rights

Access: You may request a copy of the personal data we hold about you.

Correction: You may request corrections to inaccurate data.

Deletion: You may request that we delete your account and associated data. Submit a request from account settings or through the Support page at getnostalgia.ai/support.

Marketing emails: If you joined our waitlist or opted in to updates, you can unsubscribe at any time using the link in those emails or through the Support page at getnostalgia.ai/support.

Data portability: You may request an export of your data in a machine-readable format. Exports include your account data, photos, metadata, tags, albums, and vault memberships.

Objection and restriction: In certain circumstances you may object to or request restriction of processing, including third-party AI analysis or generation based on your uploaded photos.

Public Gallery withdrawal: You can withdraw a Public Gallery submission from Privacy settings. Withdrawal removes the public entry; it does not delete the private archive copy unless you separately delete the asset or account.

California residents (CCPA): You have the right to know what personal information is collected and to opt out of its sale. We do not sell personal information.

Children under 13 (COPPA): Nostalgia is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided data, contact us and we will delete it promptly.

To exercise any of these rights, contact us through the Support page at getnostalgia.ai/support or, for account data, submit a request from account settings.

8. Security

We implement technical and organizational measures to protect your data, including encrypted data transmission (TLS) and access controls.

No method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to using industry-standard practices.

If you believe your account has been compromised, contact us immediately through the Support page at getnostalgia.ai/support.

9. International Transfers

Nostalgia is currently operated on a pre-incorporation basis while final company formation is in progress. Our service providers process data in multiple jurisdictions, including the United States and European Union.

For transfers from the European Economic Area, United Kingdom, or Switzerland to countries without an adequacy decision, we rely on vendor contractual safeguards such as Standard Contractual Clauses (SCCs) where required, or the provider's participation in an approved transfer framework where applicable.

You may request a copy of applicable transfer safeguards by emailing [email protected].

Organizations that need data-processing terms should contact [email protected]. We only publish operator-specific DPA terms once the final contracting entity is in place.

10. Cookies and Tracking Technologies

We use cookies and similar technologies on our web app. These fall into the following categories:

Necessary cookies: Required for authentication, security, and basic site functionality. These cannot be disabled.

Analytics cookies: Used by PostHog to collect de-identified usage data to improve the product. Where consent is required, these are only set after you provide it via our cookie banner or equivalent consent flow.

Functional cookies: Store your preferences (theme, locale). These can be disabled in cookie settings.

You can manage your cookie preferences at any time using the 'Manage Cookies' link in the site footer.

Our mobile apps handle analytics disclosures and consent according to the in-app flow and the requirements of the jurisdiction where the build is offered.

11. For Users in India

If you are located in India, the Digital Personal Data Protection Act, 2023 (DPDP Act) may apply to our processing of your personal data.

We process your data based on your consent, which you provide when creating an account and accepting these terms. You may withdraw consent at any time by deleting your account or contacting us.

Your data may be processed outside India, including in the United States and European Union, under contractual safeguards consistent with applicable law.

Grievance Officer: For complaints or concerns about your data, contact our Grievance Officer at [email protected]. We will acknowledge your complaint within 48 hours and aim to resolve it within 30 days.

12. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by posting a notice in the app or by email at least 30 days before changes take effect.

Your continued use of Nostalgia after the effective date constitutes acceptance of the updated policy.