Korpa Stylist Android App Privacy Policy

1. Who we are and how to contact us

This Privacy Policy explains how KORPA VAM Operations Limited (also referred to as KORPA VAM Operations Ltd) (CRO 797844) ("Korpa", "we", "us" or "our") processes personal data in connection with the Korpa Stylist Android application (the "App"). KORPA VAM Operations Ltd is the entity named in the Google Play developer account for the App. KORPA VAM Operations Limited is the Irish operating company of the Korpa group and is wholly owned by KORPA VAM Global Ltd.

Legal entity: KORPA VAM Operations Limited
Google Play developer name: KORPA VAM Operations Ltd
Company registration: CRO number: 797844
Registered office: 1 Grant's Row, Lower Mount Street, Dublin 2, D02 HX96, Ireland
Privacy contact: privacy@korpa.io
Data deletion requests: https://www.korpa.io/data-deletion

Privacy-related questions and data protection requests should be sent to the privacy contact listed above. If a Data Protection Officer or representative becomes legally required or is formally appointed, this Privacy Policy will be updated accordingly.

2. Scope of this Privacy Policy

This Privacy Policy applies only to the Korpa Stylist Android application submitted to Google Play and to the related Korpa workspaces and backend systems used to provide, secure and support the App.

This Google Play release is an invitation-only application for professional stylists and authorised Korpa workspace users. Its purpose is to allow authorised users to create, view, update and manage wardrobe items and related content within a Korpa workspace.

This Privacy Policy does not cover any separate Korpa client application, PA application, household-staff workflow, resale product, valuation product, calendar-sync product, custody/resale service or broader client-facing service unless those features are later included in this App and this Privacy Policy is updated.

This Privacy Policy does not replace any separate agreement, data processing agreement, workspace terms, client agreement, contractor agreement or employee privacy notice that may apply in a specific business relationship.

3. Our role as controller and processor

Korpa may process personal data in different roles depending on the context.

Controller activities: Korpa acts as data controller when it determines the purposes and means of processing, including for account administration, authentication, App operations, security, support, legal compliance and business administration.
Processor activities: Korpa may act as data processor where wardrobe content, client records or workspace content are uploaded or managed by authorised users on behalf of a workspace owner, business customer or client. In those cases, Korpa processes such data according to the instructions of the relevant controller and the applicable agreement.

If you are a client whose wardrobe content is managed in a workspace by a stylist or another authorised user, the relevant workspace owner, business customer or client organisation may be the controller for some of your data. If you contact us about such data, we may refer your request to the relevant controller or assist them in responding, as required by applicable law.

4. Personal data we process

We aim to collect and process personal data only where necessary for the purposes described in this Privacy Policy.

4.1 Google Sign-In and account data

Email address.
Google account identifier.
Basic Google profile information, such as display name.
Korpa user account identifier.
Authentication and session information.

Google Sign-In is used only to authenticate invited App users and to link them to their Korpa workspace account. We do not receive or store your Google password.

In this release, the App does not request access to Gmail, Google Drive, Google Calendar, Google Photos or other Google user content.

4.2 Workspace and access-control data

Namespace, workspace and client associations linked to your account.
Assigned roles and permissions within Korpa.
Workspace membership, invitations and access-control settings.
Audit events relating to workspace access and authorised user actions.

4.3 Wardrobe content and client-related data

The core function of the App is to help authorised users create, view, update and manage wardrobe items and related content. Depending on how a workspace is used, this may include:

Photos of wardrobe items captured or selected within the App.
Image metadata associated with those photos.
Item tags, item fields, descriptive metadata, status and operational state.
Associations between items, clients, stylists and workspaces.
Client names, client identifiers, size or fit information, style preferences, notes and other information entered by authorised users, where used in the workspace.

Users should avoid uploading photos or notes containing faces, people, documents, addresses, payment details, special-category data or other unnecessary personal data unless this is required for the service, lawful and authorised within the relevant workspace.

4.4 Camera access and image processing

The App may request access to your device camera solely to allow you to photograph wardrobe items within the App. Photos are captured only when you initiate the action. Camera access is not used for any other purpose.

If you choose to select an existing image using an Android photo or media picker, the App processes only the image you select for the relevant wardrobe item. The App does not access your entire photo library or device-wide file storage in this release.

Photos you capture or select are uploaded to Korpa servers and/or cloud storage and attached to the relevant wardrobe item record. Uploaded images may be processed to store and display the image, generate thumbnails or previews, optimise image delivery, maintain item records, support tagging, detect technical errors, or provide other wardrobe-management functionality made available in the App.

4.5 App usage, diagnostics and technical data

Authentication and session events, such as sign-in and sign-out timestamps.
Application, backend and security logs generated by Korpa systems.
Diagnostic information generated by Korpa systems where necessary to operate, secure and support the App.
IP address, device or app technical data and similar security information, where necessary to operate and secure the App.

This release does not use third-party analytics SDKs, advertising SDKs, crash-reporting SDKs, push-notification SDKs, calendar SDKs or similar third-party data-collection SDKs.

4.6 What this release does not access or collect

In this Google Play release, the App does not access or collect device location, contacts, phone book data, SMS, call logs, microphone data, health data, payment card data, advertising identifiers, Google Calendar data, Gmail data, Google Drive data, Google Photos data or device-wide file storage.

The App does not use personal data for third-party advertising, ad targeting, sale of data, data-brokerage or cross-app tracking.

5. Sources of personal data

You

Login details, support requests, photos or item information you upload or enter.

Google Sign-In

Email address, Google account identifier and basic profile information used for authentication.

Workspace owners or administrators

Workspace invitations, user roles, permissions, client associations and access settings.

Other authorised workspace users

Wardrobe content, notes, client associations or item data entered within the same workspace.

Korpa systems

Technical logs, session events, audit logs, diagnostic information and security signals generated when the App is used.

6. Why we process personal data and our legal bases

Where Korpa acts as controller, we rely on the legal bases set out below. Where Korpa acts as processor, the legal basis is generally determined by the relevant controller.

Authentication and account management

Data subjects: App users
Personal data: Email address, Google account ID, basic profile information, user ID, session data
Legal basis: Performance of contract; legitimate interests in securing accounts and controlling access.

Workspace access control

Data subjects: Stylists, workspace users and workspace administrators
Personal data: Workspace IDs, roles, permissions, namespace and client associations
Legal basis: Performance of contract; legitimate interests in enforcing access controls.

Wardrobe management

Data subjects: Stylists, authorised users and clients represented in workspace content
Personal data: Wardrobe images, item records, metadata, tags, status and client/item associations
Legal basis: Performance of contract; legitimate interests in operating the service; processor activity where processed on behalf of a workspace controller.

Image storage and processing

Data subjects: Stylists, authorised users and clients represented in images or item records
Personal data: Photos, image metadata, thumbnails and derived technical data
Legal basis: Performance of contract; legitimate interests in operating the service; processor activity where applicable.

Security, fraud prevention and audit

Data subjects: App users and relevant workspace users
Personal data: Login events, IP address, logs, security alerts and audit events
Legal basis: Legitimate interests in protecting the App, users, workspaces and Korpa systems.

Diagnostics and support

Data subjects: App users, workspace administrators and support contacts
Personal data: Support messages, contact details and diagnostic logs
Legal basis: Performance of contract; legitimate interests in resolving issues and maintaining reliability.

Legal compliance and disputes

Data subjects: Relevant users, clients and business contacts
Personal data: Account records, logs, correspondence and other data required for legal purposes
Legal basis: Legal obligation; legitimate interests in establishing, exercising or defending legal claims.

Where we rely on legitimate interests, these interests include providing and improving a secure business application, preventing misuse, maintaining auditability, supporting users, enforcing access controls, protecting workspaces and defending legal claims. You may object to processing based on legitimate interests as described in section 13.

7. Obligation to provide data

Certain personal data is required to use the App, including login information, account identifiers, workspace permissions and data needed to create or manage wardrobe items. If required data is not provided, we may be unable to provide access to the App or certain features. Optional data should only be uploaded where it is necessary and authorised for the relevant workspace purpose.

8. Sharing and service providers

8.1 Within your Korpa workspace

Wardrobe content and client-related data created within a workspace may be accessible to other authorised users in the same workspace, in accordance with the roles and permissions assigned to each user.

8.2 Within the Korpa group

Personal data may be processed by KORPA VAM Operations Limited and, where necessary, by KORPA VAM Global Ltd or other Korpa group personnel for corporate administration, governance, legal, security, product, support and operational purposes, subject to appropriate access controls and confidentiality obligations.

8.3 Service providers

We engage third-party service providers who process personal data on our behalf to support the operation of the App. These may include providers of:

Cloud hosting and infrastructure.
Cloud storage for wardrobe images and content.
Authentication services, including Google Sign-In.
Security monitoring, logging and diagnostics.
Technical support and operational tools.

Service providers may process personal data only as necessary to provide services to us and must do so under appropriate contractual and data protection obligations.

8.4 No sale or third-party advertising use

Korpa does not sell personal data. Wardrobe photos and personal data processed through the App are not used for third-party advertising purposes and are not shared with ad networks, data brokers or third-party advertising SDK providers.

8.5 Other disclosures

We may disclose personal data where required by law, court order or regulatory authority, or where necessary to protect the rights, property or safety of Korpa, its users, clients, workspaces or others.

9. International transfers

Korpa is incorporated in Ireland and operates within the European Union. Personal data processed through the App may also be processed in other countries where Korpa or its service providers maintain infrastructure or operations.

Where personal data is transferred outside the European Economic Area, we rely on appropriate safeguards under applicable data protection law, such as European Commission adequacy decisions, Standard Contractual Clauses or other lawful transfer mechanisms. Further information about relevant safeguards may be requested using the contact details in this Privacy Policy.

10. How long we keep personal data

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer period is required or permitted by law. Where Korpa acts as processor, retention may also depend on the instructions of the relevant controller and the applicable agreement.

Account and authentication data

For the duration of the user account and for a reasonable period afterwards where needed for security, audit, legal or operational purposes.

Workspace roles and permissions

For as long as needed to provide access to the relevant workspace and maintain appropriate audit records.

Wardrobe images and item records

Until deleted by an authorised user, the relevant account or workspace is deleted, or the applicable agreement requires deletion, subject to backup lifecycle and legal retention exceptions.

Backups

Deleted or overwritten according to Korpa's standard backup lifecycle. Backups are not used as a separate archive.

Security, access and audit logs

Retained for as long as reasonably necessary for security, fraud prevention, audit and legal purposes. Longer retention may apply where an incident, dispute or legal obligation requires it.

Diagnostics and support

Retained for as long as needed to identify, troubleshoot and improve technical reliability, then deleted or anonymised where appropriate.

Support correspondence

Retained for as long as needed to handle the request and maintain business records, then deleted or anonymised unless needed for legal reasons.

Legal, accounting, tax, corporate and dispute records

Certain records may be retained for up to six years or for another period required or permitted under applicable Irish law, including where necessary to establish, exercise or defend legal claims.

When data is deleted from active systems, residual copies may remain in backups for a limited period until overwritten or deleted in accordance with the backup lifecycle. We may retain minimal records where necessary to record and respect deletion, objection or opt-out requests.

11. Account and data deletion

You may request deletion of your Korpa Stylist account and associated personal data by using the in-App deletion request path, by visiting https://www.korpa.io/data-deletion , or by contacting privacy@korpa.io.

After receiving a verified deletion request, we will delete or anonymise personal data where required by applicable law, except where limited retention is necessary for security, fraud prevention, audit records, legal compliance, dispute resolution, enforcement of agreements, or to comply with the instructions of a relevant workspace controller.

If your Korpa account uses Google Sign-In, deleting your Korpa Stylist account does not delete your Google account. You must manage your Google account separately through Google.

If your data is processed by Korpa as processor on behalf of a workspace owner, business customer or client organisation, we may need to refer your request to that controller or act on its instructions.

12. Security

We implement technical and organisational measures designed to protect personal data against unauthorised access, disclosure, alteration and destruction. These measures include:

Encrypted transmission using TLS/HTTPS between the App and Korpa systems.
Access controls restricting access to authorised personnel and systems.
Authentication controls for workspace and account access.
Role-based workspace permissions.
Monitoring for security events and anomalies.
Operational procedures for access management and incident response.

No security measure is absolute. You should use a strong, unique Google account password and promptly report suspected security incidents to privacy@korpa.io.

13. Your data protection rights

Where Korpa acts as controller, you may have the following rights under applicable data protection law:

Right of access to your personal data.
Right to rectification of inaccurate or incomplete personal data.
Right to erasure of personal data in certain circumstances.
Right to restriction of processing.
Right to object to processing based on legitimate interests.
Right to data portability where applicable.
Right to withdraw consent where processing is based on consent, without affecting processing already carried out before withdrawal.
Right not to be subject to solely automated decision-making with legal or similarly significant effects, where applicable.
Right to lodge a complaint with a supervisory authority.

These rights are not absolute and may be subject to conditions and exemptions under applicable law. To exercise your rights, contact privacy@korpa.io. We may need to verify your identity before responding. We will respond without undue delay and in any event within one month, extendable by two further months for complex requests.

Where Korpa acts as processor, you may need to exercise your rights through the relevant controller, such as the workspace owner, business customer or client organisation. If you contact us directly, we may forward or refer your request to the relevant controller where appropriate.

14. Automated decision-making

The App does not use personal data to make solely automated decisions that produce legal or similarly significant effects on individuals.

15. How to complain

If you have concerns about how we process your personal data, please contact us first at privacy@korpa.io so we can try to resolve the matter.

You also have the right to lodge a complaint with a data protection supervisory authority. As KORPA VAM Operations Limited is incorporated in Ireland, you may contact the Irish Data Protection Commission:

Authority: Data Protection Commission
Address: 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
Email: info@dataprotection.ie
Website: www.dataprotection.ie

16. Children

The App is intended for professional stylists and authorised business users. It is not intended for use by children under 18 and is accessible only by invitation.

Users should not upload personal data relating to children unless this is necessary, lawful and authorised by the relevant workspace owner, business customer, client organisation or responsible adult. If you believe that a child has provided personal data directly through the App, contact privacy@korpa.io so we can take appropriate action.

17. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date or last updated date. If we make material changes, we will provide appropriate notice. Where required by law, we will seek consent or provide additional information before the change takes effect.

18. Contact

For questions, concerns or requests relating to this Privacy Policy or the handling of personal data, contact:

Entity: KORPA VAM Operations Limited
CRO number: 797844
Registered office: 1 Grant's Row, Lower Mount Street, Dublin 2, D02 HX96, Ireland
Privacy email: privacy@korpa.io
Data deletion web resource: https://www.korpa.io/data-deletion