Privacy Policy

[INPUT-3: Replace with reviewed privacy policy text. Include: email address collected at sign-in; photos uploaded during gear check (processed by Google Gemini, EU region); daily-rotating IP hash stored for rate-limiting (not linkable to identity after 24 hours); session metadata (race, event, timestamps, country/region derived from request headers).]

[INPUT-3: Replace with reviewed privacy policy text. Include: photos are sent to Google Gemini 2.0 Flash (hosted in EU region) for analysis; photos may also be processed by OpenAI GPT-4o mini as a fallback; AI outputs are stored against your session; photos are not used to train AI models; no personal data is shared with third parties beyond the AI providers listed here.]

[INPUT-3: Replace with reviewed privacy policy text. Include: all data stored in Supabase (EU-Central-1, Frankfurt, Germany); photos stored in Supabase Storage (EU region); database hosted on AWS eu-central-1; data does not leave the EU.]

[INPUT-3: Replace with reviewed privacy policy text. Include: gear check photos are automatically deleted after 30 days; session data and AI results are retained until you delete your account; IP hashes rotate daily and are not retained in identifiable form; email address retained while your account is active.]

[INPUT-3: Replace with reviewed privacy policy text. Include: right to access, rectify, and erase your data (GDPR Articles 15–17); you can delete your account and all associated data at any time via the History page (/history); right to data portability; right to lodge a complaint with your national data protection authority; contact details for exercising rights.]

[INPUT-3: Replace with reviewed privacy policy text. Include: data controller name and address; contact email for privacy queries; DPO contact if applicable.]