Privacy
Policy

Welcome to ICONISH ("Company," "we," "us," or "our"). ICONISH is an AI content infrastructure company that creates AI-generated models and digital twins for ecommerce product photography. We are committed to protecting your privacy and handling your personal information with transparency and care. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (www.iconish.ai), use our services, or otherwise interact with us. By using our services, you agree to the collection and use of information in accordance with this policy.

We collect personal information you voluntarily provide: identity information (name, email, phone, business name, job title, mailing address), account credentials, payment and billing details, communications, and business information such as brand guidelines and creative briefs. Given the nature of our services, ICONISH may collect and process biometric data, facial geometry, and physical likeness information in connection with our ICONS, TWINS, and CUSTOM product divisions — including facial images and measurements, body measurements, and voice recordings where applicable. We collect biometric and likeness data only with explicit, informed, written consent, in compliance with applicable biometric data privacy laws including BIPA, the Texas Capture or Use of Biometric Identifier Act, and similar regulations. When you access our platform we may also automatically collect device and usage information, cookies and tracking data, and server log data.

We use the information we collect to: deliver, maintain, and improve our AI-generated model and digital twin services; create and manage your account and process transactions; develop and refine our AI content generation technology (always in compliance with applicable consent requirements); respond to inquiries and deliver communications; analyze usage patterns and conduct R&D; comply with applicable laws and government requests; and detect, prevent, and address fraud and unauthorized access.

We process your personal information based on: Consent (particularly for biometric data and marketing communications); Contractual Necessity (to fulfill our service obligations); Legitimate Interests (service improvement, fraud prevention, analytics, provided these do not override your rights); and Legal Obligation (compliance with applicable laws and regulations).

We do not sell your personal information. We may share information with: trusted service providers under contractual data protection obligations; business clients (limited to agreed deliverables); AI technology partners subject to strict data processing agreements; and legal or governmental authorities as required by law. In connection with a merger or acquisition, we will provide advance notice before your information is subject to a different privacy policy.

Account data: retained for the duration of your account and up to 3 years after closure. Biometric and likeness data: retained only for the duration specified in the applicable consent agreement, securely deleted upon expiration or withdrawal of consent. Transaction records: retained up to 7 years for financial and tax compliance. Usage and analytics data: retained in anonymized or aggregated form and may be kept indefinitely.

We implement encryption in transit (TLS/SSL) and at rest, access controls limiting data access to authorized personnel, regular security assessments and vulnerability testing, incident response procedures, and employee training on data protection. No method of internet transmission is 100% secure; we cannot guarantee absolute security.

Depending on your jurisdiction, you may have the right to: access, correct, or delete your personal information; port your data in a machine-readable format; opt out of marketing communications; withdraw consent (biometric data will be securely deleted within 30 days of withdrawal); and be free from discrimination for exercising these rights. To exercise any right, contact privacy@iconish.ai. We will respond within 30 days.

California residents (CCPA/CPRA): rights to know, delete, opt out of sale/sharing, and limit use of sensitive personal information. We do not sell personal information as defined under CCPA/CPRA. Illinois residents (BIPA): we will not collect biometric identifiers without written notice and written consent. We maintain a publicly available policy for retention and destruction of biometric data. We also comply with applicable laws in Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and other states with comprehensive data privacy legislation.

Your information may be transferred to and processed in countries other than your country of residence. Where we transfer personal information internationally, we implement appropriate safeguards including Standard Contractual Clauses.

Our services are not directed to individuals under 18. We do not knowingly collect personal information from children. If we become aware of inadvertent collection from a child, we will promptly delete that information. Contact us immediately if you believe a child has provided us their information.

Our website may contain links to third-party services. This Privacy Policy does not apply to those services. We encourage you to review the privacy policies of any third-party services you access.

We may update this Privacy Policy to reflect changes in practices, technologies, or legal requirements. Material changes will be posted with a revised effective date. For significant changes, we may also notify you by email or through our platform.

ICONISH Inc. Email: privacy@iconish.ai Website: www.iconish.ai