Patina AI — Privacy Policy

Effective Date: February 16, 2026

Triple Bar LLC ("Patina AI," "we," "our," or "us") provides a mobile application and web service that helps watch enthusiasts scan, identify, authenticate, price, and manage luxury timepiece collections. This Privacy Policy explains what personal information we collect, how we collect it, how we use it, and with whom we share it.

      Quick Summary:
      No advertising or tracking. We do not use IDFA, fingerprinting, or personalized advertising.
Your data, your control. Delete your account and all associated data anytime via Settings → Delete Account.
AI-powered analysis. Your watch photos are processed by AI providers to identify and authenticate watches. These providers do not train their models on your data.
We never sell your data. Period.

    

1. Information We Collect

We collect information in the following categories:

Category	Data Collected	How Collected	Purpose
Account Information	Apple-scoped user identifier, email address (or Apple relay email if you choose "Hide My Email")	Sign in with Apple authentication flow when you create an account	Create and manage your account, authenticate you, send service communications
Profile Information	Username (optional), user preferences	Provided by you in the app settings	Personalize your experience, display your profile
Watch Photos & Scans	Photos of watches you upload, AI analysis results (brand, model, reference number, condition assessment, authenticity indicators)	You upload photos via camera or photo library; our AI processes them	Identify watches, assess authenticity, provide pricing estimates, build your collection
Collection Data	Watch details you save (brand, model, reference, purchase price, notes, images)	Entered by you when saving watches to your collection	Maintain your watch collection, track value over time
Marketplace Data	Listing details, pricing, buyer/seller information for marketplace transactions	Created when you list watches for sale or complete transactions	Facilitate buying and selling of watches
Linked Accounts	eBay OAuth tokens, eBay username, eBay account type	Provided when you voluntarily link your eBay account	Sync listings, import sales data, manage marketplace presence
Usage Analytics	Session events, screen views, feature interactions, app version	Automatically collected via Mixpanel SDK with anonymized identifiers	Improve app functionality, understand feature adoption
Crash & Diagnostic Data	Stack traces, device model, iOS/Android version, crash timestamps	Automatically collected via Sentry SDK when errors occur	Identify and fix bugs, improve app stability
Server Logs	IP address, request timestamps, API endpoints accessed, response codes	Automatically logged when your device communicates with our servers	Security monitoring, troubleshooting, abuse prevention

Information We Do NOT Collect

Government-issued IDs or Social Security numbers
Precise geolocation data
Biometric data (fingerprints, face scans for identification)
Payment card numbers (payments processed by Apple/third parties)
Contacts or address book data
Health or fitness data

2. How We Use Your Information

Purpose	Description	Data Used
Provide Core Services	Authenticate you, process watch scans, store your collection, provide pricing estimates	Account info, watch photos, collection data
AI-Powered Watch Analysis	Send your watch photos to AI providers for identification, authenticity assessment, and pricing analysis	Watch photos only (no personal identifiers sent with images)
Marketplace Features	Enable buying/selling, sync with eBay, manage listings	Collection data, marketplace data, linked accounts
Improve the Service	Analyze usage patterns, fix bugs, develop new features	Usage analytics, crash data
Security & Fraud Prevention	Detect abuse, prevent unauthorized access, maintain platform integrity	Server logs, account info
Communications	Send service updates, respond to support requests	Email address

Important: We do NOT use your watch photos to train our own machine learning models. Photos are processed in real-time for the specific scan you initiate, then the AI analysis is complete.

3. Third Parties We Share Data With

We share your information only with the service providers listed below to operate Patina AI. We never sell your personal information. Each provider below maintains privacy and security practices that provide at least equivalent protection to what we describe in this policy.

Provider	Purpose	Data Shared	Location & Protections
Apple (Sign in with Apple)	User authentication	Authentication tokens	USA — Apple's privacy-first authentication; compliant with GDPR, CCPA
Render (Hosting)	Application hosting, API servers	All service data in transit	USA — SOC 2 Type II certified, GDPR-compliant DPA available
Cloudinary	Image storage and delivery (CDN)	Watch photos	USA/EU — SOC 2 Type II, ISO 27001, GDPR-compliant with DPA and SCCs
Cloudflare R2	Object storage for raw crawl data	Aggregated watch market data (no personal data)	USA — SOC 2 Type II, ISO 27001, GDPR-compliant
OpenAI	AI analysis: watch identification, description generation	Watch photos (without personal identifiers)	USA — SOC 2 Type II; API data retained max 30 days; zero data training policy for API users
Anthropic (Claude)	AI analysis: watch identification, authenticity assessment	Watch photos (without personal identifiers)	USA — SOC 2 Type II; does not train on API inputs; GDPR-compliant DPA
Google (Gemini)	AI analysis: watch identification, feature extraction	Watch photos (without personal identifiers)	USA — ISO 27001, SOC 2; API data not used for model training; GDPR-compliant
Replicate	Image embeddings for visual search	Watch photos (without personal identifiers)	USA — SOC 2 compliant; data processed transiently for inference only
Pinecone	Vector database for watch image search	Image embeddings (derived from photos, not the photos themselves)	USA — SOC 2 Type II, GDPR-compliant with DPA
Vercel AI Gateway	AI provider routing and load balancing	AI requests (routed through gateway)	USA — SOC 2 Type II, GDPR-compliant
Mixpanel	Product analytics	De-identified usage events, device type, app version	USA — SOC 2 Type II; IP truncation enabled; GDPR-compliant
Sentry	Error monitoring and crash reporting	Crash logs, device info, stack traces	USA — SOC 2 Type II, GDPR-compliant with DPA
eBay (Optional)	Marketplace integration for selling watches	Listing data, account tokens (only if you link your account)	USA — eBay's own privacy policy applies to marketplace activities

      Third-Party Data Protection Guarantee:

      All third-party service providers listed above are contractually bound to:
      Process data only for the purposes we specify
Maintain security measures at least as protective as our own
Not sell, share, or use your data for their own purposes
Delete data upon our instruction or contract termination
Comply with applicable data protection laws (GDPR, CCPA, etc.)

      We maintain Data Processing Agreements (DPAs) with providers handling personal data.
    

4. Data Retention

Data Type	Retention Period	Deletion Trigger
Account information	Until you delete your account	User request via Settings → Delete Account
Watch photos & collection	Until you delete your account	User request; deleted within 30 days
Server logs	90 days	Automatic rolling purge
Analytics data	13 months	Automatic purge by Mixpanel
Crash reports	90 days	Automatic purge by Sentry
AI analysis results	Until you delete associated watch/scan	Cascading deletion with parent record

5. Your Rights and Choices

Right	Description	How to Exercise
Access	Request a copy of your personal data	Email support@patinaai.com
Correction	Update inaccurate information	In-app settings or email support
Deletion	Delete your account and all associated data	Settings → Delete Account (in-app)
Data Portability	Export your data in a machine-readable format	Email support@patinaai.com
Opt-Out of Analytics	Disable usage analytics collection	Contact support (feature coming soon)

California Residents (CCPA/CPRA): You have the right to know what personal information we collect, request deletion, and opt-out of "sales" of personal information. We do not sell your personal information. To exercise rights, contact support@patinaai.com.

We respond to all data rights requests within 30 days.

6. Security

Encryption in transit: All data transmitted between your device and our servers uses TLS 1.2 or higher.
Encryption at rest: Database and image storage use AES-256 encryption.
Access controls: Production data access is limited to authorized engineers via MFA-protected VPN.
Security monitoring: Regular dependency scanning, vulnerability assessments, and incident response procedures.

7. Children's Privacy

Patina AI is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@patinaai.com and we will promptly delete such information.

8. International Data Transfers

Our primary servers are located in the United States. If you access Patina AI from outside the United States, your information will be transferred to, stored, and processed in the United States. We use Standard Contractual Clauses (SCCs) and other appropriate safeguards for international transfers.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

Posting the updated policy with a new "Effective Date"
Sending an in-app notification for significant changes
Emailing you if the changes materially affect your rights

10. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Triple Bar LLC
Attn: Privacy Officer
Email: support@patinaai.com
Data Protection Officer: Yucheng Lin

This Privacy Policy complies with Apple App Store Review Guidelines 5.1.1 and 5.1.2, the California Consumer Privacy Act (CCPA/CPRA), and applicable U.S. privacy laws.