Privacy Policy

1. Data Controller

UKA Equities Ltd is the data controller responsible for the processing of your personal data in connection with the Service. If you have questions about how your data is processed, or wish to exercise your data rights, please contact us:

2. Information We Collect

We collect and process the following categories of personal information:

2.1 Information You Provide Directly

• Account information: When you register for an Account, we collect your full name, email address, and authentication credentials. If you sign in using a third-party provider (e.g., Google, Apple), we receive the profile information you authorise that provider to share.
• Payment information: When you subscribe to a paid plan, your payment details (credit/debit card number, billing address, card expiry) are collected and processed directly by our PCI DSS Level 1 certified payment processor. We do not store, access, or process your full card number or CVV. We receive only a truncated card identifier, card type, and billing postal code for record-keeping purposes.
• Communications: If you contact us via email, support form, or other channels, we collect the content of your communications and any personal information you include.

2.2 Information Generated Through Your Use of the Service

• Generated content: Patterns, designs, and images you create through the Service are stored in your Account to enable library, collection, and export features. Input parameters (style selections, colour palettes, prompts) are processed to generate your content but are not stored separately or used beyond the generation session.
• Usage data: We record Service usage information including Credit consumption, generation history, feature interactions, and session activity. This data helps us maintain your Account, provide customer support, and improve the Service.

2.3 Information Collected Automatically

• Device and browser information: Device type, operating system and version, browser type and version, screen resolution, and language preferences.
• Network information: IP address, internet service provider, and general geographic location (country or region level, derived from IP address).
• Access logs: Date and time of access, pages viewed, referring URLs, and interaction events. These logs are retained for security monitoring and are automatically purged after ninety (90) days.

3. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data under the following legal bases as defined by the General Data Protection Regulation (GDPR):

4. How We Use Your Information

We use the information we collect for the following purposes:

• Service delivery: To create and manage your Account, authenticate your identity, process your generation requests, store your Content, and provide all features of the Service;
• Payment processing: To process subscription payments, issue receipts, manage billing cycles, and handle refund requests;
• Transactional communications: To send Account confirmations, password resets, billing notifications, subscription changes, service updates, and security alerts. These communications are necessary for the operation of the Service and cannot be opted out of while your Account is active;
• Service improvement: To analyse usage patterns, identify performance bottlenecks, prioritise feature development, and improve the overall quality and reliability of the Service;
• Security and fraud prevention: To detect, investigate, and prevent fraudulent transactions, abuse, security incidents, and other harmful activities;
• Customer support: To respond to your enquiries, troubleshoot issues, and provide technical assistance;
• Legal compliance: To comply with applicable laws, regulations, legal processes, or enforceable government requests.

We do not sell, rent, or trade your personal information to third parties. We do not use your generated Content or input prompts to train or improve AI models without your explicit consent. We do not build advertising profiles, share data with ad networks, or engage in behavioural tracking across third-party websites.

5. How We Share Your Information

We share your personal information only in the following limited circumstances:

5.1 Service Providers (Data Processors)

We engage trusted third-party service providers who process data on our behalf to operate the Service. Each provider receives only the minimum data necessary to perform its function and is contractually bound to process data solely as instructed by us, maintain appropriate security measures, and not use your data for their own purposes.

5.2 Legal Requirements

We may disclose your information if required by law, subpoena, court order, or other legal process, or if we believe in good faith that disclosure is necessary to: (a) comply with a legal obligation; (b) protect and defend the rights or property of the Company; (c) prevent or investigate possible wrongdoing; (d) protect the personal safety of Users or the public; or (e) protect against legal liability.

5.3 Business Transfers

In the event of a merger, acquisition, reorganisation, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred to the acquiring entity. We will notify you via email and/or a prominent notice on the Service of any such change in ownership and of your choices regarding your personal information.

5.4 Aggregated and Anonymised Data

We may share aggregated, anonymised data that cannot reasonably be used to identify you for research, analysis, or business purposes. This data does not constitute personal information.

6. Cookies and Similar Technologies

The Service uses the following cookies and similar technologies:

The Service does not use advertising cookies, retargeting pixels, third-party analytics cookies, or cross-site tracking technologies. You may control cookies through your browser settings. Disabling authentication cookies will prevent you from signing in to the Service.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. Specific retention periods are as follows:

Upon Account deletion, we will remove or anonymise your personal data and user-generated Content within thirty (30) days, except where retention is required by law (e.g., financial records for tax compliance). Backups containing your data may persist for up to an additional thirty (30) days before being overwritten.

8. Data Security

We implement industry-standard technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher;
• Encryption at rest: Stored data is encrypted using AES-256 encryption provided by our hosting infrastructure;
• Access controls: Internal access to personal data is restricted to personnel who require it for their duties, protected by multi-factor authentication;
• API security: Server-side API endpoints are protected by authentication, rate limiting, request validation, and CORS policies;
• Payment security: Payment processing is handled entirely by a PCI DSS Level 1 certified payment processor. We never store, process, or transmit full card numbers on our infrastructure;
• Webhook security: All payment webhooks are verified using cryptographic signatures to prevent tampering;
• Incident monitoring: We maintain logging and alerting systems to detect and respond to potential security incidents.

Despite these measures, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security. In the event of a data breach that affects your personal information, we will notify affected Users and the relevant supervisory authority in accordance with applicable data protection laws, without undue delay and in any case within seventy-two (72) hours of becoming aware of the breach where feasible.

9. International Data Transfers

Your personal information may be processed and stored in countries other than your country of residence, including the United States, where our third-party service providers maintain infrastructure. These countries may have data protection laws that differ from those in your jurisdiction.

Where we transfer personal data outside of the EEA or UK, we ensure that appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission;
• Data processing agreements with sub-processors that include equivalent protections;
• Transfers to countries that have received an adequacy decision from the European Commission.

You may request information about the specific safeguards applied to transfers of your data by contacting us at support@patternweaver.ai.

10. Your Rights Under GDPR (EEA and UK Residents)

If you are located in the European Economic Area or the United Kingdom, you have the following rights under the General Data Protection Regulation:

• Right of access (Art. 15): You may request a copy of the personal data we hold about you, together with information about how we process it.
• Right to rectification (Art. 16): You may request correction of inaccurate or incomplete personal data.
• Right to erasure (Art. 17): You may request deletion of your personal data when it is no longer necessary for the purpose for which it was collected, or when you withdraw consent.
• Right to restriction of processing (Art. 18): You may request that we limit the processing of your personal data in certain circumstances.
• Right to data portability (Art. 20): You may request to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
• Right to object (Art. 21): You may object to the processing of your personal data based on legitimate interests.
• Right to withdraw consent (Art. 7(3)): Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at support@patternweaver.ai. We will respond to verified requests within thirty (30) days. If we require additional time, we will inform you of the reason and extension period (up to an additional sixty days).

You also have the right to lodge a complaint with a supervisory authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement. For UK residents, the supervisory authority is the Information Commissioner's Office (ICO) at ico.org.uk.

11. Your Rights Under CCPA (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with additional rights regarding your personal information:

• Right to know: You may request disclosure of the categories and specific pieces of personal information we have collected, the sources of collection, the business purposes, and the categories of third parties with whom it is shared.
• Right to delete: You may request deletion of your personal information, subject to certain exceptions.
• Right to correct: You may request correction of inaccurate personal information.
• Right to opt out of sale or sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioural advertising. Therefore, there is no need to opt out, but this right is available to you.
• Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise these rights, please email support@patternweaver.ai with the subject line "CCPA Request." We will verify your identity and respond within forty-five (45) days.

Do Not Sell or Share My Personal Information: We do not sell your personal information as defined by the CCPA/CPRA. We do not share your personal information for cross-context behavioural advertising purposes.

12. Children's Privacy

The Service is not directed to individuals under the age of sixteen (16), or the age of digital consent in the applicable jurisdiction, whichever is higher. We do not knowingly collect, use, or disclose personal information from children.

If we become aware that we have inadvertently collected personal information from a child under the applicable age threshold, we will take prompt steps to delete that information and terminate the associated Account. If you believe a child has provided us with personal information, please contact us immediately at support@patternweaver.ai.

13. Do Not Track Signals

Some web browsers transmit "Do Not Track" (DNT) signals to websites. As there is no universally accepted standard for how to respond to DNT signals, the Service does not currently respond to DNT signals. However, as described in Section 6, we do not use third-party tracking cookies or cross-site tracking technologies, so the practical effect is equivalent to honouring DNT.

14. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party site you visit. Inclusion of a link does not imply endorsement of the linked site by the Company.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

• We will update the "Last updated" date at the top of this page;
• For material changes, we will notify registered Users via email and/or a prominent notice within the Service at least fourteen (14) days before the changes take effect;
• We will make the prior version of this policy available upon request.

Your continued use of the Service after the updated Privacy Policy takes effect constitutes your acceptance of the changes. If you do not agree to the changes, you should discontinue use of the Service and request deletion of your Account.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, your personal data, or our data practices, please contact us:

We aim to respond to all privacy-related enquiries within five (5) business days. For formal data rights requests (GDPR Articles 15-22 or CCPA requests), we will respond within the legally required timeframes outlined above.