PRIVACY POLICY

Effective Date: June 4, 2026

This Privacy Policy ("Policy") governs the collection, use, disclosure, and retention of personal information by Cloey ("Cloey," "we," "us," or "our") in connection with your use of the Cloey mobile application and any related services (collectively, the "Services"). By accessing or using the Services, you acknowledge that you have read, understood, and agree to be bound by this Policy. If you do not agree with this Policy, you must discontinue use of the Services immediately.


1. INFORMATION WE COLLECT

1.1 Information You Provide Directly

We collect information that you voluntarily provide when you create an account, configure your profile, or otherwise interact with the Services, including but not limited to:

1.2 Information Collected Automatically

When you access or use the Services, we automatically collect certain technical and usage information, including:

1.3 Information Received from Third Parties


2. USE OF INFORMATION

We use the information collected for the following purposes:


3. DISCLOSURE OF INFORMATION

We do not sell, rent, or trade your personal information to third parties. We may disclose your information in the following limited circumstances:


4. SHARING WITH OTHER USERS AND PROFILE VISIBILITY

The social features of the Services allow you to make certain information visible to other users. This section explains what is visible and to whom. Sharing described in this section is sharing between users of the Services at your direction; it is not a sale or disclosure of your personal information to third parties.

4.1 Public Profiles

Each user has a public-facing profile page, keyed by username (or, as a fallback, by user ID). Your profile may display your display name, avatar, join date, item/outfit/streak counts, friend count, your curated "selects," and a grid of your recent posts. Your profile is viewable by any logged-in Cloey user who has your profile link or QR code; it is not limited to your friends.

4.2 Visibility Model

Information within the Services falls into the following visibility tiers:

Blocked users cannot view your content or send you friend requests.

4.3 Invite Links and QR Codes

You can generate a personal invite link and QR code that encode a URL of the form https://cloey.app/i/<username-or-userId>. You may share this link or QR code as an image or as a copied URL. Scanning your QR code or opening your invite link grants the viewer read access to your public profile (as described in Section 4.1) and the ability to send you a friend request. Other users can likewise scan a QR code using the in-app camera to view a profile and send a friend request.

Links of the form https://cloey.app/i/* are configured as universal/app links: tapping such a link on a device with Cloey installed opens the app directly to the corresponding profile. On a device without the app installed, the same URL may display a web page on cloey.app inviting the visitor to install Cloey.

4.4 Intra-User Sharing Is Not Third-Party Sharing

For clarity, making your profile, selects, and posts visible to other Cloey users under this Section 4 is sharing between users of the Services, at your direction and control. It is distinct from, and not included in, the third-party disclosures described in Section 3, and we do not sell this information.

4.5 Reporting and Moderation

The Services provide tools to report objectionable content or abusive users on user-generated content surfaces (such as posts and profiles) and to block other users. We review reports we receive and aim to act on violating content—including removing the content and, where appropriate, suspending or banning the responsible user—within 24 hours. For more on prohibited conduct and enforcement, see our Terms of Service.


5. DEVICE PERMISSIONS

The Services request access to certain device capabilities. You can grant or revoke these permissions at any time through your device operating system settings.


6. DATA STORAGE AND SECURITY

Your personal information and User Content are stored on secure cloud infrastructure maintained by reputable third-party hosting providers. We implement industry-standard technical and organizational measures to safeguard your information, including but not limited to:

Photographs you upload are stored in access-controlled cloud storage. Access is restricted to you and to our authorized systems for the purpose of processing. Signed access URLs are time-limited and regularly rotated to minimize exposure.

Notwithstanding the foregoing, no method of electronic transmission or storage is entirely secure, and we cannot guarantee the absolute security of your information. You acknowledge and accept the inherent risks associated with providing information electronically.


7. DATA RETENTION

We retain your personal information for as long as your account remains active or as reasonably necessary to provide the Services to you. Upon account deletion, we will delete or anonymize your personal information, including photographs, posts, profile selects, your friend graph (friends and friend requests), your blocked-users list, and other social data, within seven (7) business days, except to the extent that retention is required or permitted by applicable law for purposes including compliance with legal obligations, resolution of disputes, or enforcement of our agreements.

Content you have shared with or posted to other users (such as outfit posts, comments, or messages) may persist in other users' accounts or feeds even after you delete your account or the original content, to the extent that other users have already received or viewed such content.

Aggregated or anonymized data that does not identify any individual may be retained indefinitely for analytics, research, and service improvement purposes.


8. YOUR RIGHTS AND CHOICES

8.1 General Rights

Subject to applicable law, you may have the right to:

8.2 In-App Controls

8.3 European Economic Area and United Kingdom (GDPR)

Where we process personal data of individuals located in the EEA or UK, we do so on the following legal bases:

You have the right to lodge a complaint with your competent supervisory authority. A list of EU/EEA supervisory authorities is available at https://edpb.europa.eu.

8.4 California (CCPA/CPRA)

If you are a California resident, you have the right to:

To exercise your rights, please contact us at support@cloey.app. We will verify your identity before processing your request.

8.5 Brazil (LGPD)

If you are located in Brazil, you have the right to access, correct, anonymize, block, or delete your personal data. You may also request information about the public and private entities with which we share your data, and you may revoke consent at any time.


9. INTERNATIONAL DATA TRANSFERS

Your information may be transferred to, stored in, and processed in jurisdictions other than your country of residence. Where such transfers occur, we ensure that appropriate safeguards are in place in accordance with applicable data protection law, including the use of Standard Contractual Clauses approved by the European Commission or equivalent transfer mechanisms.


10. CHILDREN'S PRIVACY

The Services are not directed to, and we do not knowingly collect personal information from, children under the age of thirteen (13). If we become aware that we have inadvertently collected personal information from a child under 13, we will take reasonable steps to delete such information promptly. If you believe that a child under 13 has provided personal information to us, please contact us at support@cloey.app.


11. THIRD-PARTY LINKS AND SERVICES

The Services may contain links to third-party websites, applications, or services that are not operated or controlled by Cloey. This Policy does not apply to the practices of such third parties. We encourage you to review the privacy policies of any third-party services you access.


12. CHANGES TO THIS POLICY

We reserve the right to modify this Policy at any time. If we make material changes, we will provide notice through the Services or by other appropriate means prior to the effective date of such changes. The "Effective Date" at the top of this Policy indicates when it was last revised. Your continued use of the Services following the posting of any revised Policy constitutes your acceptance of the terms of the modified Policy.


13. CONTACT US

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Cloey Email: support@cloey.app

For data protection inquiries from the EEA or UK, you may also contact us at the email address above and reference "GDPR Request" in your subject line.