PRIVACY POLICY

Contact Information:

• Full name or business name
• Email address
• Billing address (street, city, state/province, postal code, country)
• Phone number (if provided)

Payment Information:

• Card type (Visa, Mastercard, American Express, etc.)
• Last four digits of payment card
• Billing address (may differ from shipping address)
• Payment processor reference number

Order and Specification Information:

• Order number and date
• Model specifications (age, ethnicity, body type, clothing, styling preferences)
• Accessories and customization details
• Color palettes and reference materials
• Number of angles/variations requested (for Consistent Faces)
• Delivery preferences (standard or rush)
• Special requests or customization notes

Client Content:

• Any reference images you provide
• Design descriptions and creative direction
• Brand guidelines or style inspiration you submit
• Accessory images or product specifications

Service Tier Information:

• Service selected (General AI Model Generation or Consistent Faces)
• Pricing tier and payment amount
• Revision preferences and customization level
• Rush delivery request (if applicable)

Communication Data:

• Your email communications with us
• Refinement requests and support inquiries
• Feedback, complaints, or quality concerns

Technical Data (automatically collected):

• IP address and device identifier
• Browser type and version
• Operating system
• Pages visited and features used
• Time and duration of visit
• Referring website

Important: Client Content (reference images, design details, brand specifications you provide) is sensitive and is handled with heightened security:

• Reference images are used solely to generate your custom models
• Design specifications are not retained longer than necessary to fulfill your order
• Client Content is never used to train AI models, improve our algorithms, or for any secondary purpose
• Accessory images and color palettes are deleted after order fulfillment and the 7-day revision window
• You retain full ownership of all Client Content

Order Fulfillment:

• Processing your order and payment
• Generating your custom AI models based on your specifications
• Delivering digital files to your email
• Tracking order status and providing updates
• Managing refinements and revisions during the 7-day window

Communication:

• Sending order confirmations and delivery notifications
• Providing updates on order status
• Responding to your inquiries and support requests
• Notifying you of refinement completion
• Communicating refund determinations

Service Improvement:

• Understanding how you use our Services
• Identifying and resolving technical issues
• Enhancing user experience and website performance
• Collecting feedback on service quality

Legal Compliance:

• Complying with applicable laws and regulations
• Responding to legal requests and court orders
• Maintaining records for tax and accounting purposes
• Documenting order history for dispute resolution

We explicitly DO NOT use your Personal Data for:

• Training or improving our AI models
• Building customer profiles for analytics or behavioral tracking
• Marketing or promotional purposes (unless you separately opt-in)
• Selling to third parties
• Creating a customer database or mailing list
• Profiling or creating consumer insights
• Secondary commercial purposes
• Any purpose outside order fulfillment and legal compliance

You have the right to request deletion of your Personal Data at any time, subject to:

• Legal retention requirements (we cannot delete records required by law)
• Ongoing disputes or active orders (we retain data during resolution)
• Fraud investigations or security concerns (we retain data as needed)

To request deletion:

1. Email maisonmodelx@gmail.com with your order number
2. State your reason for deletion request
3. Include "Data Deletion Request" in subject line
4. We will respond within 30 days

Important Note: Since we do not create user accounts or maintain profiles, deletion applies only to Personal Data associated with your specific order(s). We do not maintain a persistent customer database that requires account deletion.

All customer orders, data processing, and file delivery are managed through third-party service providers. We do not independently store, process, or manage customer data in our own systems.

We work with third-party providers to:

• Store and secure order information
• Process payments and payment authorization
• Generate AI models based on your specifications
• Store and organize deliverable files
• Manage email delivery of generated models
• Provide CRM and business management functions
• Maintain data backups and disaster recovery
• Handle customer support and order tracking

We do not disclose specific third-party company names to protect business operations and maintain service flexibility. All third-party providers are contractually bound to:

• Maintain data security and implement required protections
• Comply with Indian data protection laws (DPDP Act, 2023)
• Process data only for the purposes specified
• Not disclose data to unauthorized parties
• Delete data upon completion or at our instruction
• Cooperate with data subject rights requests
• Notify us of any security breaches or incidents

Data in Transit:

• All data transmitted between your device and our servers uses HTTPS with TLS 1.2+ encryption
• Secure transmission protocols protect order data, payment information, and Client Content
• Email communications use encrypted channels where available

Data at Rest:

• Personal Data stored on third-party platforms is encrypted using AES-256 or equivalent
• Access is restricted to authorized personnel only
• Multi-factor authentication is required for administrative access
• Regular security updates and patches are applied

Payment Security:

• We do not store full credit card numbers locally
• Payment processing is handled by PCI-DSS compliant third-party processors
• All payment information is encrypted and processed through secure gateways
• Tokenization is used to prevent unauthorized card reuse

Access Controls:

• Personal Data is accessible only to MMX staff with legitimate business needs
• Staff sign confidentiality agreements
• Access is logged and monitored
• Unnecessary data access is prevented through role-based permissions

System Security:

• Regular security audits and vulnerability assessments
• Intrusion detection and prevention systems
• Regular software updates and security patches
• Firewalls and network segmentation
• Security monitoring and incident response procedures

To protect your Personal Data, you agree to:

• Keep your email password confidential and unique
• Do not share your order information with unauthorized individuals
• Report any suspicious activity immediately
• Use secure internet connections (not public WiFi) for sensitive transactions
• Update your browser and security software regularly

How Payment Processing Works:

1. You enter payment information on our secure payment form (hosted by processor)
2. Payment information never passes through our servers
3. Processor authorizes the transaction and notifies us of success/failure
4. We receive only a transaction reference number and authorization status
5. Your payment method is securely stored (encrypted) by the processor, not by us

We do NOT store:

• Full credit card numbers
• CVV/CVC security codes
• Expiration dates
• Other sensitive card details

Payment processors securely store:

• Tokenized payment method information (encrypted, non-usable data)
• Transaction history
• Payment authorization records

You have the right to request and receive:

• A complete copy of your Personal Data we hold
• Details of how your data is being processed
• Purposes for which your data is used
• Duration of data retention
• Recipients of your data (third parties)
• Source of your data (if collected from others)

To exercise this right:

• Contact us at maisonmodelx@gmail.com with your order number
• Include "Data Access Request" in the subject line
• We will provide your information within 30 days
• Information will be provided in a portable, machine-readable format (CSV, PDF, etc.)

You have the right to request correction of inaccurate or incomplete Personal Data.

This includes:

• Correcting spelling errors in your name or address
• Updating email or contact information
• Correcting billing or payment details
• Clarifying ambiguous or incomplete information

To exercise this right:

• Contact us at maisonmodelx@gmail.com
• Clearly specify which information is inaccurate
• Provide corrected information
• Include "Data Correction Request" in subject line
• We will correct your data within 30 days
• We will notify you of the correction

You have the right to request deletion of your Personal Data, subject to:

• Legal retention requirements – We cannot delete records required by law (e.g., payment records required for 7 years by tax law)
• Ongoing disputes – We retain data during active refund claims or disputes
• Fraud investigations – We retain data during fraud investigations or security incidents
• Legitimate business interest – In limited circumstances where retention is necessary

Grounds for Deletion:

• Your data is no longer necessary for the original purpose
• You withdraw consent for processing
• You object to processing and there is no overriding reason to retain data
• Your data has been processed unlawfully
• Legal obligation requires deletion

To exercise this right:

• Contact us at maisonmodelx@gmail.com with your order number
• Clearly state your reason for deletion
• Include "Data Deletion Request" in subject line
• We will delete your data within 30 days unless legal reasons require retention
• We will notify you of the deletion or reasons for non-compliance

You have the right to request that we restrict processing of your Personal Data while we verify accuracy or investigate disputed claims.

This means:

• Your data will be stored securely but not actively processed
• We will not use your data for marketing, analytics, or secondary purposes
• We may continue processing for legal compliance or legitimate business reasons

To exercise this right:

• Contact us at maisonmodelx@gmail.com
• Include "Data Restriction Request" in subject line
• We will restrict processing within 30 days

For any processing based on your consent, you have the right to withdraw that consent at any time.

• Withdrawal will be effective immediately upon receipt
• Withdrawal does not affect the lawfulness of processing before withdrawal
• We will not continue processing based on withdrawn consent (but may continue for other legal reasons)

To exercise this right:

• Contact us at maisonmodelx@gmail.com
• Include "Consent Withdrawal Request" in subject line
• Specify which consent you are withdrawing
• We will acknowledge withdrawal within 30 days

You have the right to nominate a representative (an individual or organization) to exercise your data protection rights on your behalf.

This is particularly useful for individuals who are:

• Minors
• In custody or care arrangements
• Unable to assert rights independently

To nominate a representative:

• Contact us at maisonmodelx@gmail.com
• Provide written authorization from your representative
• Include "Representative Nomination" in subject line
• We will require proof of authorization and legal standing

You have the right to lodge a complaint with the Data Protection Board of India if you believe we have violated your data protection rights.

Contact Information for Complaints:

• Data Protection Board of India (DPBI) – formal complaints regarding DPDP Act violations
• District Consumer Commission – for consumer protection complaints
• Contact through: Your state's official channels or the DPBI portal

We will honor all reasonable requests that comply with applicable law. Requests that are:

• Frivolous, vexatious, or repetitive
• Manifestly unfounded or excessive
• Impossible to fulfill
• Potentially harmful to our business or others' privacy

...may be declined, and we will explain our reasoning.

By submitting Client Content, you grant us a limited, non-exclusive license to use your Client Content solely for:

• Generating your custom AI models and images
• Fulfilling your order
• Providing refinements and revisions within the 7-day window
• Quality assurance and technical optimization
• Improving our generation processes (only in aggregate, anonymized form)

This license terminates once your order is completed and delivered.

Upon full payment of your order, you receive exclusive commercial rights to use the Generated Content (AI-generated model images and reference packs we create for you).

Specifically, you receive:

• Worldwide, perpetual, royalty-free commercial license for all lawful uses
• Full ownership of Generated Content upon delivery and payment
• Right to modify, adapt, or create derivatives of Generated Content for your use
• Right to use across all platforms without geographic limitation
• Right to sublicense only for specific commercial partnerships (with separate agreements)

MMX retains NO ownership rights to Generated Content after delivery and full payment. We explicitly do NOT:

• Retain copies of Generated Content after delivery
• Use your Generated Content for marketing, portfolio display, or promotion (without your consent)
• Use your Generated Content to train or improve our AI models
• Use your Generated Content for secondary commercial purposes
• Share your Generated Content with third parties

If you wish to allow MMX to showcase your Generated Content in our portfolio, marketing materials, case studies, testimonials, or social media:

• You may grant this permission separately in writing
• Permission is entirely optional and not required for service
• You may revoke permission at any time
• We will remove your content from public display within 30 days of revocation
• Contact us at maisonmodelx@gmail.com to authorize or revoke portfolio use

The Services are hosted and operated in India. All data processing, storage, and management occur on:

• Servers located in India, OR
• Third-party service providers based in India, OR
• Secure cloud infrastructure with data residency in India

By using our Services, you consent to:

• Transfer of your Personal Data to India
• Processing of your data according to Indian law
• Storage of your data on Indian or India-based infrastructure
• Potential differences in data protection standards between India and your home country

Users from other countries (EU, US, Canada, etc.) acknowledge that:

• Indian data protection laws may differ from your home country's laws
• You may have fewer statutory protections than in your home jurisdiction
• Your data will be transferred out of your country of residence
• You are voluntarily submitting to Indian jurisdiction and Indian law
• You waive any claim that data transfer violates your home country's laws

If we become aware that we have collected Personal Data from a child under 13 without verifiable parental consent:

1. We will delete such data immediately
2. We will notify parents/guardians of the data collection
3. We will delete the child's account (if created)
4. We will not process the child's data further

To report: If you believe we have collected data from a child under 13 without proper consent:

• Contact us immediately at maisonmodelx@gmail.com
• Include "Child Data Protection Concern" in subject line
• Provide the child's details and circumstances
• We will investigate and respond within 24 hours

We are not responsible for:

• Privacy practices of third-party websites
• Data collection or processing by third parties
• Third-party terms of service or privacy policies
• Accuracy, completeness, or legality of third-party content
• Harm caused by third-party services or content

By accessing third-party links, you:

• Assume all risks associated with third-party services
• Waive claims against MMX for third-party conduct
• Agree to third-party terms and privacy practices
• Accept responsibility for your own data protection

Essential Cookies (Required):

• Session cookies for order processing
• Security cookies for protection against fraud
• Necessary for core functionality

Analytics Cookies (Optional):

• Google Analytics or similar tools
• Understand traffic patterns and user behavior
• Improve website experience

We do NOT use:

• Third-party tracking pixels
• Spyware or malware
• Hidden data collection mechanisms
• Unauthorized tracking software

We communicate with you exclusively via email at the email address you provide during ordering.

We only send emails related to:

• Order confirmation and status updates
• Delivery notifications and file links
• Refinement request acknowledgments
• Refund determinations
• Customer support and responses to your inquiries
• Service-related announcements (if critical)

Since we only send order-specific communications:

• There are no email preferences to modify
• All communications are necessary for order fulfillment
• You cannot opt out of order-related emails
• Communications cannot be deferred or delayed

For data protection complaints specifically:

1. Contact us at maisonmodelx@gmail.com
2. Include "Data Protection Complaint" in subject line
3. Describe the issue in detail
4. Include relevant dates and order numbers
5. We will respond within 30 days

You retain the right to:

• Lodge a complaint with the Data Protection Board of India (DPBI)
• File a complaint with the District Consumer Commission
• Pursue legal action through Indian courts
• Contact other relevant regulatory bodies

We comply with the DPDP Act, 2023 by:

• Collecting only necessary and relevant Personal Data
• Processing data based on lawful grounds (consent, contract, legal obligation, legitimate interest)
• Maintaining data accuracy and completeness
• Implementing security measures to protect Personal Data
• Honoring data subject rights (access, correction, deletion, withdrawal of consent)
• Notifying data breaches within 72 hours
• Maintaining records of data processing
• Providing clear transparency about data practices

We comply with the Information Technology Act, 2000 by:

• Implementing adequate security measures (Rule 8)
• Maintaining reasonable data security standards
• Following secure practices for password and access management
• Implementing encryption and authentication controls
• Conducting regular security audits
• Maintaining incident response procedures

We comply with the Consumer Protection Act, 2019 by:

• Providing clear, accurate information about our Services
• Processing complaints and disputes fairly
• Offering reasonable refund options
• Protecting consumer data and privacy
• Maintaining transparency in pricing and terms
• Honoring consumer protection rights

For significant changes (material alterations to data practices, new uses of data, or reduced privacy protections):

• We will provide notice via email when feasible
• We will post notice prominently on our Website
• We will provide a 15-day notice period before changes take effect

Significant changes include:

• Changes to types of data collected
• Changes to data retention periods
• New purposes for processing data
• Changes to data sharing practices
• Changes to your data protection rights

Version History:

• v1.0 (November 20, 2025): Initial publication
• v2.0 (November 25, 2025): Consolidated with Consistent Faces Service; enhanced compliance and clarity

We are committed to transparency about data practices:

• We clearly explain what data we collect
• We explain why we collect data
• We explain how we use and protect data
• We explain how long we retain data
• We explain your rights regarding your data

We collect only the data necessary to:

• Process your order
• Deliver our Services
• Fulfill legal obligations
• Protect business interests

We do NOT engage in unnecessary or excessive data collection.

Your Personal Data is used only for purposes:

• Disclosed in this Privacy Policy
• Authorized by you explicitly
• Required by law
• Reasonably related to our Services

We ensure Personal Data is:

• Accurate and kept current
• Protected against unauthorized access
• Kept strictly confidential
• Handled only by authorized individuals
• Deleted securely when no longer needed

By using Maison Model X's Services, you acknowledge that:

• You have read, understood, and agree to this Privacy Policy
• You understand how your Personal Data is collected, used, and protected
• You consent to the processing of your Personal Data as described
• You understand your data protection rights
• You understand data transfer to India
• You have the right to withdraw consent or file complaints

If you do not agree with any provision of this Privacy Policy, you must discontinue use of the Services immediately.

Continued use constitutes acceptance.