Back to home

Data Protection

Last updated: April 16, 2026

1. Our approach

NARCYA is designed to reduce personal-data exposure where reasonably possible, including minimizing stored shopper data and restricting access to dashboards and account information.

The shopper experience is exploratory and lightweight. Dashboard metrics are intended as indicative trends, not precise measurements about any individual.

2. Data minimization

We aim to process only the data needed to deliver the shopper experience, operate store-owner tools, maintain security, prevent abuse, and support the service.

In the standard shopper flow, NARCYA does not store the shopper photo on its own servers.

3. AI processing

Shopper photos may be sent to OpenAI solely for immediate style analysis. Based on OpenAI's current API policy for this use, OpenAI does not store the photo to train its models.

The resulting analysis data may still be retained in structured form where needed for session results, reporting, and product operations.

4. Aggregated analytics

Estimated age-range and gender signals are treated as inferred analytics only. They are intended for aggregate reporting and should not be interpreted as exact individual facts.

5. Access control

Access to account and dashboard data is restricted through authentication, role-based access controls, and provider-level permissions intended to limit access to authorized users only.

6. Providers and infrastructure

We rely on specialized providers for hosting, storage, authentication, and AI processing. Those providers form part of our data-protection and security posture.

7. Retention and deletion

Personal data should be reviewed against a retention schedule and deleted or anonymized when no longer required.

In the current standard flow, shopper photos are not retained on NARCYA servers. Session and reporting data may be retained for limited periods to support legitimate operational and reporting needs.

8. Security measures

Security measures may include encrypted transport, credential protection, provider safeguards, access restrictions, logging, and incident-response procedures appropriate to the risks of the service.

9. Requests and incidents

Privacy requests, security concerns, and data-protection questions can be sent to narcya.contact@gmail.com.