Privacy Policy

1. Information We Collect

Account information: When you sign in with Google or Apple, we receive your email address and a unique identifier from that provider. We do not receive your social media passwords.

Uploaded media: Photos and images you upload for restoration are stored on our servers to run the restoration workflows you request. Originals and outputs are associated with your account.

Usage data: We collect information about how you interact with the app — features used, restoration steps taken, session length — to improve the service. This data is sent to our own backend and is not shared with third-party analytics vendors.

Device information: App version, operating system, and device type are collected for troubleshooting and compatibility purposes.

Payment information: If you purchase a subscription, payment is processed by Apple (App Store) or Google (Play Store). We receive confirmation of your entitlement status but do not store your payment card details.

Support communications: When you contact support, we retain your messages and email address to respond to and resolve your request.

2. How We Use Your Information

To provide and operate the restoration service — including processing your uploaded photos and delivering outputs.

To manage your account, authenticate your identity, and maintain session security.

To manage subscription entitlements and validate in-app purchases.

To improve the app through aggregate, anonymized usage analysis.

To respond to support requests and privacy inquiries.

To comply with legal obligations including fraud prevention, security monitoring, and lawful government requests.

We do not use your uploaded photos to train AI models without your explicit, separate consent.

3. How We Share Your Information

We do not sell your personal data to third parties.

We do not share your photos or account data with advertisers.

Infrastructure providers: We use cloud hosting and storage services to operate the platform. These providers process data on our behalf under data processing agreements and may not use your data for their own purposes.

Authentication providers: Sign-in through Google or Apple is governed by those companies' privacy policies. We only receive the minimum data needed to create and authenticate your account.

Legal requirements: We may disclose information if required by law, court order, or to protect the rights and safety of users or the public.

Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before your data becomes subject to a different privacy policy.

4. Data Retention

Account and project data is retained for as long as your account is active.

If you request account deletion, we will process your request within 45 days. Backups may retain data for up to an additional 90 days before permanent deletion.

Operational logs used for fraud prevention and security are retained for up to 12 months.

Support communications are retained for up to 3 years for legal and dispute-resolution purposes.

5. Your Privacy Rights

Access: You may request a copy of the personal data we hold about you.

Correction: You may request corrections to inaccurate data.

Deletion: You may request that we delete your account and associated data. Submit a request from account settings or by emailing [email protected].

Data portability: You may request an export of your data in a machine-readable format.

Objection and restriction: In certain circumstances you may object to or request restriction of processing.

California residents (CCPA): You have the right to know what personal information is collected and to opt out of its sale. We do not sell personal information.

Children under 13 (COPPA): Nostalgia is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided data, contact us and we will delete it promptly.

To exercise any of these rights, contact us at [email protected] or submit a request from account settings.

6. Security

We implement technical and organizational measures to protect your data, including encrypted data transmission (TLS) and access controls.

No method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to using industry-standard practices.

If you believe your account has been compromised, contact [email protected] immediately.

7. International Transfers

Nostalgia is operated from the United States. If you access the service from outside the US, your data may be transferred to and processed in the US.

We take steps to ensure data transfers comply with applicable law.

8. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by posting a notice in the app or by email at least 30 days before changes take effect.

Your continued use of Nostalgia after the effective date constitutes acceptance of the updated policy.